The following steps will guide you to create scan policies using the Nessus:

1. To configure a new scan policy in Nessus, you will first need to access the Nessus web interface at https://localhost:8834 or https://127.0.0.1:8834. Alternatively, if you are not accessing the web interface from the same system that is running Nessus, you should specify the appropriate IP address or hostname.
2. Once the web interface has loaded, you will need to log in with the account that was configured during the installation process or with another account built after install. After logging in, the Policies tab at the top of the page should be selected. If no other policies have been configured, you will see an empty list and a single button that says New Policy. Click on that button to start building your first scan policy.

3. Upon clicking on New Policy, the Policy Wizards screen will pop up with a number of preconfigured scan templates that can be used to speed up the process of creating a scan policy. As you can see in the following screenshot, each of the templates includes a name and then a brief description of its intended function:

4. In most circumstances, at least one of these preconfigured scan profiles will resemble what you are trying to accomplish. Probably the most commonly used of all of these is Basic Network Scan. Keep in mind that after selecting any one of these options, you can still modify every detail of the existing configurations. They are just there to get you started faster. Alternatively, if you do not want to use an existing template, you can scroll down and select the Advanced Scan option, which will allow you to start from scratch.
5. If you select any one of the preconfigured templates, you will go through a quick three-step process to complete your scan profile. The process is summarized in the following steps:
   1. Step 1 allows you to configure the basic details to include the profile Name, Description, and Visibility (public or private). Public profiles will be visible to all Nessus users, while private ones will only be visible to the users that created them.
   2. Step 2 will simply ask whether the scan is internal or external. External scans will be those performed against publicly accessible hosts, usually sitting in the DMZ of an enterprise network. External scans do not require you to be on the same network but can be performed across the Internet. Alternatively, internal scans are performed from within a network and require direct access to the LAN of the scan targets.
   3. Step 3, the final step, requests for authentication credentials for scanned devices, using either SSH or Windows authentication. Once completed, the new profile can be seen in the previously empty list shown when the Profiles tab is accessed. This is shown in the following screenshot:

6. This approach makes it quick and easy to create new scan profiles, but doesn't give you a whole lot of control over the vulnerabilities tested and the types of scans performed. To modify more detailed configurations, click on the newly created policy name and then click on the Advanced Mode link. The options in this configuration mode are very comprehensive and specific. There are four different menus that can be accessed on the left-hand side of the screen. These include the following: