Vulnerability Scanning Strategy and Best Practices
Good planning is essential for the setup of a stable and efficient JSA Vulnerability Manager scanning system in your network.
You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your Juniper Customer Support.
Analyze your network structure, and determine the best scanning configuration for your network, from both a hardware and a scanning performance perspective.
Consider the following information, which includes best practices for setting up your JSA Vulnerability Manager scanning deployment:
Scan policy types
Choose the scan policy type that meets your scanning requirements and consider the time and resources that are required to complete the scan.
Scan duration and ports to scan
Decide whether you need to scan all TCP and UDP ports. UDP ports take longer to scan than TCP ports.
Tune your asset discovery.
Tune your asset discovery to manage your asset discovery times and effectiveness.
Tune your asset discovery performance.
Adjust and optimize the speed and accuracy at which assets are discovered in your network.
Scanner placement in your network
Place scanners close to the assets that you are scanning, and be aware of the impact of network latency on your scan times.
Web application scanning
This scan can take a long time and be resource-intensive. If you don't need to run this scan as part of a full scan, you can exclude this scan.
You might save time by implementing dynamic scanning.
Network bandwidth setting
Adjust the network bandwidth setting according to your network bandwidth and the number of assets that you can scan concurrently.
Network interface cards on scanners
Use network interface cards to segment your network scanning.
Vulnerability management for asset owners
Assign owners to your assets.
Notification of asset owners on the timing of scans.
Ensure that asset owners are aware of scan times.
Triggering scans of new assets
Trigger scans of new assets when they are added to the asset database.
Configure environmental risk for an asset
Use the CVSS Environmental Score to manipulate and prioritize the risk score on selected assets.
External scanning FAQs
What you need to know about setting up an external scan.