Vulnerability Management with OpenVAS
According to ISO 27001 vulnerability management is the process of identifying and mitigating vulnerabilities within the organization’s information systems in order to preserve the confidentiality, integrity, and availability of sensitive data.
ISO 27001 vulnerability management can be explained in 5 stages:
1. Asset Inspection: Understand asset security by inventorying assets and identifying those most vulnerable to threats. This may involve physical inspections, configuration reviews, and network/log analysis.
2. Discovery and Evaluation: Conduct internal and external vulnerability scans using tools like Qualys or Nessus, and perform penetration tests. Vulnerabilities are scored using CVSS to prioritize based on severity.
3. Initiate Action Plan: Develop a tactical plan to address vulnerabilities through strategies like:
- Risk Acceptance: Acknowledge risks within the organization's risk appetite.
- Risk Transfer: Shift responsibility to other parties (e.g., contracts, insurance).
- Risk Mitigation: Reduce risk impact through controls (e.g., MFA, secure coding).
- Risk Remediation: Eliminate the risk by applying patches or making configuration changes.
4. Verify Remediation: Reassess the effectiveness of corrective actions, including follow-up scans to ensure vulnerabilities are addressed.
5. Document and Review Regularly: Maintain documentation for compliance, including asset inventories, policies, assessments, and remediation plans. Regular monitoring helps to detect and resolve recurring issues.
Source: https://sprinto.com/blog/iso-27001-vulnerability-management/
Greenbone OpenVAS
OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.
OpenVAS has been developed and driven forward by the company Greenbone since 2006. As part of the commercial vulnerability management product family Greenbone Enterprise Appliance, the scanner forms the Greenbone Community Edition together with other open-source modules.
Source : https://www.openvas.org/
1.To install, issue the command: sudo apt-get install gvm && openvas
.
2. Next, enter the command: sudo gvm-setup
. Please note that it may take a few minutes to download the required files."
3. Finally, issue the command: sudo gvm-start
.
4. To access the console, browse to 127.0.0.1:9932
5. To start the scan, click on "Task Wizard" and then enter the IP address of the machine.
6. To scan with credential privileges, select "Targets" under configuration tab.
7. Create a new target. Here, you can click "Elevate privileges" for authenticated checks.
8. After the target is created, create a "New Task" by going on Scans Tab".
9. Note that the following options are NOT available on the Community Edition: Full and Fast Ultimate, Full and Very Deep, and Full and Very Deep Ultimate, as they are only available on the paid version.
10. Finally you can view the Result, Reports & Vulnerabilities under Scan Tab.
11. View the vulnerability details and solutions.
Final Thoughts: Honestly, I'm expecting more results and vulnerabilities, but since deep scans are not available in the Community Edition, I hope to get some hands-on experience with their Enterprise Edition.