• No results found

LinuxCon #1 OpenVAS Open Vulnerability Scanning Free your vulnerabilities!

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "LinuxCon #1 OpenVAS Open Vulnerability Scanning Free your vulnerabilities!"

Copied!
38
0
0

Loading.... (view fulltext now)

Download now ( 38 Page )

Full text

(1)

1

OpenVAS – Open Vulnerability 

Scanning

Free your vulnerabilities!

Vlatko Košturjak | [email protected] LinuxCon #1, 2009­09­22, Portland, Oregon, USA

LinuxCon #1

(2)

Agenda

Nessus

Free alternatives

 Free feed(s)

 Oval interpreters, Nmap

 OpenVAS

OpenVAS state && differencies

OpenVAS practical tips

OpenVAS future

(3)

Nessus?

(4)

4

Gartner: 80% sofware will be

open source by the year 2012

(5)
(6)

OVAL interpreters

OVAL interpreters

ovaldi

 Reference implementation

OVAL

 Open Vulnerability Assessment language

 XML

 http://oval.mitre.org

Good for local checks if you find needed

(7)

Nmap

Version 5 released recently

Has scripting support

 NSE = Nmap Scripting Engine

 Yes, that Lua thingy

 Basic misconfiguration checks

 Enumeration checks

 Basic vulnerabilties check

Missing reporting functions

No severities / risk ratings

(8)

Nessus GPL fork, Old name: Gnessus

Continues open development of

vulnerability scanner

 But OpenVAS follows its own path!

Both local and remote checks are

supported!

Reportings

Risk rating

...

(9)

What's different?

Organizational part

GPL (v2) license

Open development

Software in Public Interest (SPI)

Change requests

Democratic voting

Open in every sense

 Your new idea?

 OpenVAS DevCon

(10)

What's different

Technical part

Take advantage of organization

decisions/license

 Tools integration

Practice what you preach!

 Flawfinder, ...

 Enforce security options in compiler

Versions:

 1.x = Nessus compatible (NTP protocol)

 2.x = Nessus incompatible (OTP protocol)

(11)

Released 17

th

of December, 2008

What's new?

 Initial OVAL support

 NTP => OTP

 script_id => script_oid  64 bit support

 GUI client improved

 Bugfixes

 Code audit

 ...

OpenVAS 2.0

OpenVAS got from Nessus: •nmap •hydra •nikto •... OpenVAS additionaly integrates with: •ike-scan •portbunny •strobe •pnscan •...

(12)
(13)

It's not Debian local checks only

 You have checks for popular BSD Oses and

Linux distros

 Windows as well

 Solaris (experimental?)

You miss SMB*inc checks

 Smb functions are rewritten

 not compatible with old ones

 There is only few left which needs to be

rewritten using free smb libraries

 Help us to rewrite it

(14)
(15)

LSC credentials

manager

(16)

Severity

Override

(17)

OpenVAS vulnerability

checks/tests

It's not single language any more

NVT = Network Vulnerability Test

Plugins == NVTs

"Languages"

NASL (got from Nessus)OVAL (implemented in 2.x)NSE (planned)

(18)

NASL

Nessus Attack Script Language (NASL)

Inherited from Nessus

Language still the same

 Removed plugin localization

 There is few functions added

 Same syntax

if (description) { }

# script code

(19)

OVAL

Implemented in 2.x

Using ovaldi

OVAL checks appear in Plugins and

reporting

(20)

NSE

Nmap scripting Engine (NSE)

Lua

Phase: planning

 Choose .nse you like from OpenVAS

Options

 nmap=>libnmap

 Not system/execve

(21)

Number of NVTs

09/09/08 10/29/08 12/18/08 02/06/09 03/28/09 05/17/09 07/06/09 08/25/09 10/14/09 0 2000 4000 6000 8000 10000 12000 14000
(22)

OpenVAS tips

Use local checks (if possible)

 Use SSH keys for better security

 Harden security of scanning box

Port scans

 Nmap

 Do port scan with nmap first

 Feed it to OpenVAS (grepable results)

 Portbunny

 Kernel level port scanner  Not bad for internal scans

(23)

OpenVAS control tips

Full audit

 1-65535 ports  Thorough tests 

Report verbosity

Report paranoia

Knowledgebase (kb)

 Something like --verbose

 Save to disk

(24)

OpenVAS future

Take a look at current change requests

Virtual hosts support

Windows local checks

 Drop existing NASL implementation

 Using WMI

Linux/Unix local checks

 Drop existing NASL implementation

(25)

OpenVAS Design

(26)

OpenVAS pkgs

OpenVAS virtual appliances

 Vmware, VirtualBox, ...

OpenVAS in backtrack

 http://www.openvas.org/openvas-bt.html

 Backtrack 3

 Not included by default

 Check URL above for remastered ISO image

 Backtrack 4

 Beta version doesn't ship with OpenVAS  Prefinal version comes with OpenVAS

(27)

Integration

Autonessus

 Diff between two scans

 Supports OpenVAS and Nessus

 Time for name change? :)

Metasploit

 Some initial development done

 OpenVAS as client

 HD Moore "weekend hack"

(28)

OpenVAS + Metasploit

integration

(29)

Commercial?

Ecosystem around OpenVAS

 Trainings

 Commercial support

 Commercial NVT feeds

OIDs

 Enables vendors to have different address

space each

(30)

Come and help!

Extending scanning engine

Extending vulnerability coverage

Writting Vulnerability tests (NVTs)

 Write your PoC/test for OpenVAS!

Translating

Documentation writting (compendium)

Administration (web, irc, ...)

(31)

I'm developer...

...is there any $$$ for

me?

(32)
(33)
(34)
(35)
(36)
(37)

Summary

 Open, open and open

 Multiple vulnerability tests

 Open Vulnerability Assessment language

(OVAL)

 Nessus Attack Scripting Language (NASL)

 Nmap Scripting Engine (NSE) – early dev

 Integrated tools

 Port scanning: portbunny, strobe, pnscan...

 Enumeration: ike-scan, snmpwalk, ...

(38)

OpenVAS contacts

http://www.openvas.org

http://www.ohloh.net/p/openvas

http://www.twitter.com/openvas

http://www.identi.ca/openvas

openvas-announce

Openvas-discuss

Openvas-devel

irc.oftc.net #openvas

http://oval.mitre.org http://www.openvas.org/openvas-bt.html http://www.openvas.org http://www.ohloh.net/p/openvas http://www.twitter.com/openvas http://www.identi.ca/openvas

References

Download now ( PDF - 38 Page - 1.08 MB )

Related documents

Biomedical Polymers

Thermoresponsive polymers can be used for various biomedical applications including drug Thermoresponsive polymers can be used for various biomedical applications including

Process Design Engineering-Manual[1]

The Detailed Engineering Phase involves engineering activities as follows o Verification of FEED / Basic Design.. o Carrying out Pre-engineering Survey,

Vulnerability Assessment. A. Open Vulnerability Assessment (OpenVAS)

Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks. The details of a report can be accessed by double-clicking on

Vocational education and training (VET) for ICT employment: preparing women for work

However the UK data on ICT occupations shows that large numbers of men and women have high level ICT jobs without degree level qualifications and conversely have degree

Keys To Implementing A Successful Internal Recovery Strategy. Karl Weinberg, CBCP Rick Falvo, CBCP Chicago Mercantile Exchange (CME)

• Event interrupting the operations of a data center component Event interrupting the operations of a data center component (hardware, software, telecom, etc).. (hardware,

WP 73 - Education, Inequality, and Active Citizenship. Tensions in a Differentiated Schooling System

Schooling systems that per- form well in terms of labour market integration of school leavers and effi cient learning should dif- ferentiate students and offer vocational

Auditors Assessments of Materiality Between Professional Judgment and Subjectivity

The concept of materiality is important throughout the audit process, but is particularly relevant to planning the audit and in evaluating the results of audit

Depression and disordered gaming: does culture matter?

Conversely, research has suggested that excessive internet gaming behavior places gamers at higher risk for real-life dysfunction (e.g., the loss of one’s job) that would in