vulnerability management with openvas
play

Vulnerability management with OpenVAS Henri Doreau - PowerPoint PPT Presentation

Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM - Strasbourg 2011 OpenVAS Vulnerability management Project news Conclusion Outline OpenVAS 1 Introduction Architecture Vulnerability management 2


  1. Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM - Strasbourg 2011

  2. OpenVAS Vulnerability management Project news Conclusion Outline OpenVAS 1 Introduction Architecture Vulnerability management 2 Aims and challenges OpenVAS workflow Project news 3 OpenVAS 4 Upcoming OpenVAS 5 2/26

  3. OpenVAS Vulnerability management Project news Conclusion Outline OpenVAS 1 Introduction Architecture Vulnerability management 2 Aims and challenges OpenVAS workflow Project news 3 OpenVAS 4 Upcoming OpenVAS 5 3/26

  4. OpenVAS Vulnerability management Project news Conclusion OpenVAS 4 The world most advanced Open Source vulnerability scanner! ⇒ 100% Free and Open Source Software (GPLv2) http://www.openvas.org 4/26

  5. OpenVAS Vulnerability management Project news Conclusion Vulnerability management Day to day process to measure the IT threats of an infrastructure identify classify fix/mitigate 5/26

  6. OpenVAS Vulnerability management Project news Conclusion OpenVAS architecture 3-tiers scalable architecture 6/26

  7. OpenVAS Vulnerability management Project news Conclusion openvassd: scanning for vulnerabilities Perform both authenticated and unauthenticated tests Local Security Checks (LSC) information gathering missing updates/patches configuration correctness ⇒ over SSH ⇒ over SMB/WMI 7/26

  8. OpenVAS Vulnerability management Project news Conclusion openvassd: scanning for vulnerabilities Perform both authenticated and unauthenticated tests Local Security Checks (LSC) information gathering Unauthenticated checks network scanning missing updates/patches configuration correctness credentials bruteforce web applications audit ⇒ over SSH ⇒ over SMB/WMI 7/26

  9. OpenVAS Vulnerability management Project news Conclusion openvasmd: the network server Handle scan information Scheduled tasks Scanning results Authentication ⇒ Ensure scalability 8/26

  10. OpenVAS Vulnerability management Project news Conclusion OpenVAS clients Three clients available Portable (Qt) desktop client Web interface CLI for batch processing 9/26

  11. OpenVAS Vulnerability management Project news Conclusion OpenVAS clients Three clients available Portable (Qt) desktop client Web interface CLI for batch processing python and ruby libraries (unofficial) 9/26

  12. OpenVAS Vulnerability management Project news Conclusion OpenVAS Ecosystem Leverage specialized tools expertise nmap (general network scanning) ncrack (network authentication bruteforce tool) w3af, arachni, wapiti (web application audit) 10/26

  13. OpenVAS Vulnerability management Project news Conclusion OpenVAS Ecosystem Uses and relies upon standards Common Vulnerability Enumeration Common Vulnerability Scoring System Common Platform Enumeration Open Vulnerability and Assessment Language IT-Grundschutz 11/26

  14. OpenVAS Vulnerability management Project news Conclusion What is OpenVAS not? OpenVAS is not an automated pentester OpenVAS is not an attack tool OpenVAS won’t fix vulnerable systems 12/26

  15. OpenVAS Vulnerability management Project news Conclusion Outline OpenVAS 1 Introduction Architecture Vulnerability management 2 Aims and challenges OpenVAS workflow Project news 3 OpenVAS 4 Upcoming OpenVAS 5 13/26

  16. OpenVAS Vulnerability management Project news Conclusion Aims Keep threats under control Monitor patchlevel Detect insecure configurations Check for compliance with your security policy ⇒ Harden both the exposed perimeter and the core of the network. 14/26

  17. OpenVAS Vulnerability management Project news Conclusion Scan tasks Task oriented workflow Targets Scan configuration Schedule Escalators 15/26

  18. OpenVAS Vulnerability management Project news Conclusion OpenVAS reports Technical details and recommandations 16/26

  19. OpenVAS Vulnerability management Project news Conclusion Questions OpenVAS aims to answer What can OpenVAS actually do? 17/26

  20. OpenVAS Vulnerability management Project news Conclusion Questions OpenVAS aims to answer Vulnerabilities Which ones? Where? How to fix/mitigate? 18/26

  21. OpenVAS Vulnerability management Project news Conclusion Questions OpenVAS aims to answer Security policy Pass or fail? Does it need improvements? 19/26

  22. OpenVAS Vulnerability management Project news Conclusion Questions OpenVAS aims to answer Security status Is it getting better or worse? How big is the risk? What to do first? 20/26

  23. OpenVAS Vulnerability management Project news Conclusion Outline OpenVAS 1 Introduction Architecture Vulnerability management 2 Aims and challenges OpenVAS workflow Project news 3 OpenVAS 4 Upcoming OpenVAS 5 21/26

  24. OpenVAS Vulnerability management Project news Conclusion OpenVAS 4 ”biggest step forward ever in the History” Massive code cleaning effort Report format plugins framework Scalable master-slave mode Performance increase (scan & analysis) Improved credentials management . . . 22/26

  25. OpenVAS Vulnerability management Project news Conclusion OpenVAS 4 ”biggest step forward ever in the History of OpenVAS” Massive code cleaning effort Report format plugins framework Scalable master-slave mode Performance increase (scan & analysis) Improved credentials management . . . 22/26

  26. OpenVAS Vulnerability management Project news Conclusion OpenVAS 5 What’s expected for OpenVAS 5? High performance network scanning SSH stack refactoring Asset management Convenient trashcan Delta reports (diff scan results) 23/26

  27. OpenVAS Vulnerability management Project news Conclusion DevCon #3 bi-annual OpenVAS developers meeting Discussed core technology Identified priorities Established mid/long term projects Had great fun! 24/26

  28. OpenVAS Vulnerability management Project news Conclusion Demo 25/26

  29. OpenVAS Vulnerability management Project news Conclusion Questions? http://www.openvas.org openvas-discuss@wald.intevation.org 26/26

Recommend


More recommend