Tenable - Host Discovery Option
Tenable scan policies consist of plugin settings and advanced commands used during the scan process. Scan policies can be created by users within the Tenable application. Within Tenable’s scanning products. E.g. Nessus, SecurityCenter and Tenable.io there is a range of default policies which can be used.
A host discovery scan consists several different options which can be modified. The aim of a host discovery scan is to ping the remote host; this determines if the host is alive or dead.
If the ping option is enabled within the policy, it then allows the user to modify the policy further.
An option is available to test the local Nessus host as well, this option allows you to include or exclude the local Nessus host from the scan.
It has an option to use fast network discovery, when pings are received it performs extra checks to make sure that the device is not a proxy or load balancer. Checking for this will mean that the scan will take longer. If the option is enabled the scan will not perform these checks.
Ping method which are available within a scan
ARP – Ping a host using its hardware address via Address Resolution Protocol. Only works on a local network.
TCP – Ping the host using TCP.
Destination ports - Destination ports can be configured to use specific ports for TCP ping. This specifies the list of ports that will be checked via TCP ping. If you are not sure of the ports, leave this setting on built-in.
ICMP - Ping a host using the Internet Control Message Protocol (ICMP). The maximum number of retries can be configured, the default attempt is 2.
UDP - Ping a host using the User Datagram Protocol (UDP). UDP is a “stateless” protocol, meaning that communication is not performed with handshake dialogues. This mean that it is not always a reliable detection method.
Scan Network Printers - Instructs the Nessus scanner not to scan network printers if unselected. Since many printers are prone to denial of service
Scan Novell Netware Hosts - Instructs the Nessus scanner not to scan Novel Netware hosts if unselected. Since many Novell Netware hosts are prone to denial of service conditions.
List of MAC addresses - Wake on Lan (WOL) packets will be sent to the hosts listed, one on each line, in an attempt to wake the specified host(s) during a scan.
Boot time wait (in minutes) - The number of minutes Nessus will wait to attempt a scan of hosts sent a WOL packet.
Network Type - Allows you to specify if you are using publicly routable IPs, private non-Internet routable IPs or a mix of these. Click Mixed if you are using RFC 1918 addresses and have multiple routers within your network.