When performing network scans, how do you cope with systems of the network going down and being unable to respond?
There is a lot of implications that we face in client networks - some of which have already been pointed out here - but usually our clients are getting locked out from ESXi, vSphere and similar tools due to account lockout. Commonly smaller network devices and servers such as IP phones, are probably simply overloaded by the scanners’ task and refuse to respond/are only available again after a restart.
We want to make the security scans as convenient as possible for administrators of client networks, so we are looking for ways to reduce negative implications of security scans.
Do you have any experience you can share how to avoid running into account lockouts, downtimes, unresponsiveness etc?
We are experimenting with using 4 NVTs per host and 1-3 hosts at most.
Also we are splitting the networks into smaller segments and distribute evenly over a set time frame.
I hope to get some insight here!