Exploring the OpenVAS vulnerability scanner
OpenVAS provides many configuration options (Figure 1), but most of the options have conservative defaults that preserve performance and support functionality. A few of the most important options follow.
- Port Range – This option sets the range of ports for scanning by the OpenVAS server. The default is to scan only ports defined in the openvas-services file, which covers all of the commonly used ports, except for some in the upper end of the port range. To get complete coverage of all ports, specify 1-65535. Scanning a smaller number of ports, including just the default range, will speed up the scan, but you might miss detecting malware such as backdoor daemons on a high number ports.
- Hosts to test concurrently – This option sets the number of hosts that can be scanned in parallel, which has the effect of limiting the load on the OpenVAS server.
- Checks to perform concurrently – This option sets the number of concurrent tests that can run on a single target at one time.
- Safe Checks – This option instructs OpenVAS to rely on banners rather than perform a potentially invasive check of the target service. Turning safe checks off could result in services becoming unavailable to the server or users (Figure 2). A good idea would be to perform a regular check with safe checks set to on, then turn off safe checks for additional scans. For example, if OpenVAS scans are scheduled every Tuesday, the first Tuesday should be run with safe checks off, with systems administrators on hand to respond to any potential disruptions.
- Port scanner – A choice of different port scanning options is available. The options range from simple TCP connection attempts (the OpenVAS TCP Scanner) to more sophisticated approaches, such as a SYN scan or an IKE scan. SYN scans can detect ports without completing the normal TCP handshake procedure. IKE scans are designed to locate IPSec, VPNs, and similar connection points.
OpenVAS offers many other configuration options. The OpenVAS website has more information on tailoring the settings to your own environment.
Local Access Credentials
Running a scan in the default configuration leads to a purely remote scan. Although you can get a lot of good information this way, the default settings essentially make OpenVAS into a glorified port scanner. By taking advantage of the local check capabilities, you can get much more accurate results. Local checks allow OpenVAS to determine the state of applications that normally might be inaccessible over the network (such as Wireshark) but that nevertheless might have vulnerabilities. Local checks also help locate vulnerable applications that you might not even know are running on your system.
Version 2.0.2 and higher of OpenVAS Client has a convenient Credentials Manager tool for entering local access credentials to scan target systems (Figure 3). SSH keys are created in RSA PKCS#8 format for compatibility across different implementations of SSH.
Once created, the keys can be installed easily on target systems via the RPM or DEB packages created by the wizard. The locations of the packages are defined during the creation procedure. A Windows installer that is also created prepares Windows targets for scanning with an SMB-based local user.
Getting to Work
Once your system is configured, it is time to run a scan by starting the OpenVAS Client. A dialog box asks for the user login (Figure 4). If this is the first login, you might be asked to save the SSL certificate. At this point, the client will also check for new plugins and plugin dependencies from the server.
Next, create a new task called Test Scans. A task is equivalent to a logical group. This grouping is completely abstract – the task could refer to a customer network, in the case of a consultant, or a grouping of nodes within a local or remote network, in the case of in an in-house systems administrator.
The next step is to create a new scope called Internal Testing. Scopes are defined within the context of a task. A scope is equivalent to a profile. For instance, a scope might include all Linux nodes or all AIX nodes. The scope can also equate to services rather than nodes, such as all machines running SSH daemons or SMB services. (Scope and tasks are entirely abstract. Currently, OpenVAS does not provide a means to automatically create a task and scope from previous scans or templates.)
With all of the pieces in place, it is time to run the first scan. First, set any desired options, such as preferred port scanners and target access credentials, then execute the scan by clicking on the Execute button. The scan begins at this point. The client will pop up an informational window with the current status of the port scan and checks (Figure 5).
Once the scan is complete, a report highlights the number of high-, moderate-, and low-priority issues (Figure 6). The client also can export a report in various formats, including HTML, XML, and PDF.
Good StuffWell done on the article, there are not too many comprehensive reviews / guides of openvas available. It is a good tool that keeps getting better.
The new nmap scripting engine integration capabilities are very interesting too. As nmap jumps in leaps and bounds towards a fast, light weight scanner that can do a lot more than just check open ports.
<a href="http://www.hackertarget.com...can/">HackerTarget.com OpenVas Online</a>
Richard Stallman calls for the W3C to remain independent of vendor interests.
The new release supports nine architectures, 73 human languages, and zero non-Free components.
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.
ack is a grep-like, command-line tool that has been optimized for programmers to search large trees of source code.
New features in SUSE Studio 1.3 include enhanced cloud integration, VM platform support, and lifecycle management.
The Linux Foundation recently announced that the Xen Project is becoming a Linux Foundation Collaborative Project.
Open source version of LiveCode is now available for developing apps, games, and utilities for all major platforms.
OpenDaylight is an open source software-defined networking project committed to furthering adoption of SDN and accelerating innovation in a vendor-neutral and open environment.
The new Gnome release includes privacy and sharing settings, allowing more user control over access to personal information.
Mozilla is collaborating with Samsung on a new web browser engine called Servo.