Mitigating Issues
disable the Ping the remote host
In sensitive networks, we can use rate-limiting to minimize impact. For example, we can adjust Performance Options and modify Max Concurrent Checks Per Host if the target host is often under heavy load, such as a widely used web application. This will limit the number of plugins used concurrently against the host.
can avoid scanning legacy systems and choose the option not to scan printers
nessusd.rules file to configure Nessus scans. More information about it you can find here.
never perform Denial of Service checks. We can ensure that these types of plugins are not used by always enabling the “safe checks” option
Network Impact
It is also essential to keep in mind the potential impact of vulnerability scanning on a network, especially on low bandwidth or congested links. This can be measured using vnstat:
sudo apt install vnstatsudo vnstat -l -i eth0