openvas vulnerability assessment
DESCRIPTION
OpenVAS Vulnerability Assessment. Group 5 Igibek Koishybayev ; Yingchao Zhu ChenQian ; XingyuWu ; XuZhuo Zhang. OpenVAS. The Open Vulnerability Assessment System ( OpenVAS ) - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/1.jpg)
OpenVAS Vulnerability Assessment
Group 5Igibek Koishybayev; Yingchao Zhu
ChenQian; XingyuWu; XuZhuo Zhang
![Page 2: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/2.jpg)
OpenVAS
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
Founded 1999, Osnabrück, Germany
![Page 3: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/3.jpg)
Why Vulnerability Assessment?
Unnecessary open sharesUnused user accountsUnnecessary open portsRogue devices connected to your systemsDangerous script configurationsServers allowing use of dangerous protocolsIncorrect permissions on important system filesRunning of unnecessary, potentially dangerous
services
![Page 4: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/4.jpg)
ArchitectureCore: Network Vulnerability Tests (NVTs), the security
scanner accompanied with a daily updated feed
![Page 5: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/5.jpg)
OpenVAS Elements:
OpenVAS Software (Server, Client, VulerabilityTests): GNU General Public
OpenVAS Management tools
NVT(Network Vulnerability Tests) Feed service: daily updated tests, unrestricted access
![Page 6: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/6.jpg)
Feature overviewOpenVAS Scanner Many target hosts are scanned
concurrently OpenVAS Transfer Protocol (OTP) SSL support for OTP (always) WMI support (optional)
OpenVAS Manager OpenVAS Management Protocol (OMP) SQL Database (sqlite) for configurations
and scan results SSL support for OMP (always) Many concurrent scans tasks (many
OpenVAS Scanners) Notes management for scan results False Positive management for scan results Scheduled scans Master-Slave Mode to control many
instances from a central one Reports Format Plugin Framework with
various plugins for: XML, HTML, LateX, etc.
Greenbone Security Assistant (GSA) Client for OMP and OAP HTTP and HTTPS Web server on its own (microhttpd), thus no
extra web server required Integrated online-help system Multi-language support
OpenVAS CLI Client for OMP Runs on Windows, Linux, etc. Plugin for Nagios
![Page 7: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/7.jpg)
Sample Test Report
![Page 8: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/8.jpg)
Lab Generation
1. Setting up and Pre-work
Get familiar with the OpenVAS software/Backtrack/CentOS System.
Learn some successful examples using OpenVAS in the past.
Learn some leak patterns.Set up the environment for the test
![Page 9: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/9.jpg)
2. Find targets
Software-Based•Create our own mailbox application•Use the real mailbox application with open source
--Protocol: SMTP(send)/IMAP(receive)/POP3(receive)
Lab Generation
![Page 10: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/10.jpg)
2. Find targets
Web-Based•Open Source Web Browser (EX: The Chromium Projects)•Server with some vulnerabilities (EX: old version CGI)
Lab Generation
![Page 11: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/11.jpg)
3. Penetration Test/Problem solve
•Using OpenVAS to do the test, find some vulnerabilities of the software/web browser/server•Attack the software/web browser/server•Try to fix the vulnerability
Lab Generation
![Page 12: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/12.jpg)
Lab Generation4. Re-test
•Retest using OpenVAS after leaks fixing
•Attack again to check if the vulnerabilities are solved
![Page 13: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/13.jpg)
5. Report
•Give a detailed idea of these assessment
•Give a tutorial of how to use the OpenVAS for the assessment
Lab Generation
![Page 14: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/14.jpg)
Extra Points (if time permitted)
•Develop the mobile platform application to do the whole process above
![Page 15: OpenVAS Vulnerability Assessment](https://reader033.vdocument.in/reader033/viewer/2022061312/568131bb550346895d982316/html5/thumbnails/15.jpg)
Thank you&
Happy Hacking!