Download
openvas vulnerability assessment n.
Skip this Video
Loading SlideShow in 5 Seconds..
OpenVAS Vulnerability Assessment PowerPoint Presentation
Download Presentation
OpenVAS Vulnerability Assessment

OpenVAS Vulnerability Assessment

2514 Views Download Presentation
Download Presentation

OpenVAS Vulnerability Assessment

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. OpenVASVulnerability Assessment Group 5 IgibekKoishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang

  2. OpenVAS • The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. • Founded 1999, Osnabrück, Germany

  3. Why Vulnerability Assessment? • Unnecessary open shares • Unused user accounts • Unnecessary open ports • Rogue devices connected to your systems • Dangerous script configurations • Servers allowing use of dangerous protocols • Incorrect permissions on important system files • Running of unnecessary, potentially dangerous services

  4. Architecture • Core: Network Vulnerability Tests (NVTs), the security scanner accompanied with a daily updated feed

  5. OpenVAS Elements: • OpenVAS Software (Server, Client, VulerabilityTests): GNU General Public • OpenVAS Management tools • NVT(Network Vulnerability Tests) Feed service: daily updated tests, unrestricted access

  6. Feature overview • Greenbone Security Assistant (GSA) • Client for OMP and OAP • HTTP and HTTPS • Web server on its own (microhttpd), thus no extra web server required • Integrated online-help system • Multi-language support • OpenVAS CLI • Client for OMP • Runs on Windows, Linux, etc. • Plugin for Nagios OpenVAS Scanner • Many target hosts are scanned concurrently • OpenVAS Transfer Protocol (OTP) • SSL support for OTP (always) • WMI support (optional) OpenVAS Manager • OpenVAS Management Protocol (OMP) • SQL Database (sqlite) for configurations and scan results • SSL support for OMP (always) • Many concurrent scans tasks (many OpenVAS Scanners) • Notes management for scan results • False Positive management for scan results • Scheduled scans • Master-Slave Mode to control many instances from a central one • Reports Format Plugin Framework with various plugins for: XML, HTML, LateX, etc.

  7. Sample Test Report

  8. Lab Generation 1. Setting up and Pre-work • Get familiar with the OpenVAS software/Backtrack/CentOS System. • Learn some successful examples using OpenVAS in the past. • Learn some leak patterns. • Set up the environment for the test

  9. Lab Generation 2. Find targets Software-Based • Create our own mailbox application • Use the real mailbox application with open source --Protocol: SMTP(send)/IMAP(receive)/POP3(receive)

  10. Lab Generation 2. Find targets Web-Based • Open Source Web Browser (EX: The Chromium Projects) • Server with some vulnerabilities (EX: old version CGI)

  11. Lab Generation 3. Penetration Test/Problem solve • Using OpenVAS to do the test, find some vulnerabilities of the software/web browser/server • Attack the software/web browser/server • Try to fix the vulnerability

  12. Lab Generation 4. Re-test • Retest using OpenVAS after leaks fixing • Attack again to check if the vulnerabilities are solved

  13. Lab Generation 5. Report • Give a detailed idea of these assessment • Give a tutorial of how to use the OpenVAS for the assessment

  14. Extra Points (if time permitted) • Develop the mobile platform application to do the whole process above

  15. Thank you & Happy Hacking!