When defining targets for iQSonar to scan we need to tell the scan engine what to scan. We may also need to tell the scan engine what devices should NOT be scanned.

In general, it is more efficient to only list the targets which should be scanned, so that devices we don't want to scan are implicitly defined by omission.

However, if there are certain targets which we want to scan some times but not at other times, we can define them in a location and include that location definition in some projects (which would then skip those targets) and exclude that location from other projects (which would then scan the targets in question)

Why to exclude targets

In general iQSonar can be used to scan your entire datacenter or estate. We define the list of targets which we want to scan by giving iQSonar a list of IP Addresses and/or hostnames to scan.

Typically users may want to exclude certain categories of target from the scan. Some reasons to exclude targets are listed in Chapter 6 of the scan engine deployment guide in your documentation. 

• Bandwidth constraints
  Since a scan can generate a large volume of network traffic, you may wish to exclude targets to which you have only slow or metered connections. If many such targets exist, best practice would be to put a second scan engine in the remote location so that the remote scan engine communicates results to a central database rather than sending all queries and responses over the slow link.
• Shared Infrastructure with other companies
  Don't scan hardware which you don't own or have permission to scan! Since part of the scan of a target includes a limited port scan, and a scan may use more than one set of credentials, intrusion detection software on a shared device could identify the scan as an attempt to hack the target.
• Handling lock-down periods for given devices
  The worked example below shows how to use locations and projects to avoid scanning critical servers during sensitive times.
• Desktop/Laptops or end-user devices
  If certain IP Address ranges are used for end-user devices (handed out by DHCP servers) then in general you will not want to waste time scanning them. List only the known servers in those ip address ranges.
  Using the examples below - if the "Corp" network puts all the servers in the 192.168.1.0/24 network, and the DHCP server gives out addresses to desktops/laptops/phones etc in the 192.168.2.0/24 network, then there is no point scanning the second IP Address range.

Explicitly Exclude servers from specific projects

For example - if we scan our estate once a week, but want to skip the finance team servers from the scan that runs in the week in which the payroll is run, we might define an estate like this

If we define two projects "Project A" which includes both locations, and "Project B" which only includes the first location, then in weeks 1..3 we scan Project B it will include the two finance servers. In week 4 we scan Project A and the finance servers will be skipped.

Implicitly Exclude targets

When  we know we never want to scan certain targets, then it is better to define the target list so that it has "holes" so that the targets can never be "in scope" for the scan

Taking the same network as above, let's say we never ever want to scan the two finance servers (192.168.1.100 and 192.168.1.101) and we also want to exclude the printers (192.168.1.10 and 192.168.1.11) from the scan

We can then define the remaining IP addresses as follows: