References : https://www.greenbone.net/en/vulnerability-management/ https://www.slideshare.net/ChandrakTrivedi/openvas-vulnerability-assessment-scanner - Prevention is better than the cure in every way, this is how information security engineer should think or cure will be nothing worth than firefighting. - Vulnerability is weakness point or gap in a security program that can be exploited by threats to gain unauthorized access to an asset. We all know that networks are vulnerable but we don’t all know where and how that’s vulnerability comes. - Vulnerability Assessment (VA) is the process of identifying, quantifying, and prioritizing (or ranking) the potential risks, threats and vulnerabilities in a system making (to-do) check list and develop strategies to deal with them. - We need to know our systems' weak points to harden them and protect our sensitive information from theft and attacks. - We all hear about high-skilled hacks that cause loos of sensitive data that happen everyday everywhere, this is why we need to look at our system from outside as an attacker would. - Servers may be secured, firewalls may be locked on tight polices but what about attached devices, printers, scanners, and fax machines. - Default configurations are your enemy. - The aim is to locate any vulnerability that might exist in your IT infrastructure. VA highlight all this is seconds. - IT security is a process and vulnerability management provides the foundation of this process. - Once you know where the chinks are in your armor, you can do something about them. - The process from recognition to remedy and monitoring represents a continuous cycle. You’ll always be one step ahead of attackers. - You can focus your hot spots, thus increasing the efficiency of antivirus systems, firewalls & Co. - Any IT system is at risk of attack by skilled hackers. - Typical causes of vulnerability are improper configuration or programming errors, unauthorized installations or violations of security measures. - Greenbone Security Manager uncovers these and countless other risks and helps you set priorities. - See the video at this link: https://www.greenbone.net/wp-content/uploads/Reduce_Attack_Surface_With_VM_v2.mp4 - OpenVAS framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009. - VA and Pen Testing are both deal with finding and fixing security holes but they are not the same thing. VA find vulnerabilities and can rate how dangerous they are, then offer a written report, but pen testing will actually try to exploit the system.

1. Presented By :-
Khaled Rakha
Marina Atef
Mostafa Eisa
Ahmed Ata

2. OUTLINE
 Vulnerability Assessment (VA).
 OpenVAS Overview.
 OpenVAS Architecture.
 Conducting VA using OpenVAS ((Demo)).

3. OUTLINE
 Vulnerability Assessment (VA).
 OpenVAS Overview.
 OpenVAS Architecture.
 Conducting VA using OpenVAS ((Demo)).

4. VULNERABILITY ASSESMENT (VA)
RISK =ASSET *THREAT * VULNERABILITY
• What is Vulnerability ?
• What isVulnerability Assessment (VA) ?
• Why we needVulnerability Assessment (VA) ?

5. Outside-In Instead Of Inside-Out

6. Stay One Step Ahead Of Attackers

7. Recognize And Manage Risks

8. OUTLINE
 Vulnerability Assessment (VA).
 OpenVAS Overview.
 OpenVAS Architecture.
 Conducting VA using OpenVAS ((Demo)).

9. OpenVAS OVERVIEW
• Framework of services and tools offering powerful tests on clients
using DB of known exploits and weaknesses.
• How well your clients are guarded against known attacks ??
• OpenVAS is used as
VULNERALABILIT ASSESSMENT tool
and can be used as
PENETRATION TESTING tool.

10. OpenVAS
BENEFITS
• The world's most advanced
open source vulnerability
scanner and manager.
• Compatible with different
Operating System.
• Keeps a history of past scans.
LIMITATIONS
• False negatives may be
reported.
• Find less vulnerabilities as
compared with Nessus.
• Requires 2-3 services to
perform VA.

11. OUTLINE
 Vulnerability Assessment (VA).
 OpenVAS Overview.
 OpenVAS Architecture.
 Conducting VA using OpenVAS ((Demo)).

12. OpenVAS ARCHITECTURE

13. Clients Components
• OpenVAS CLI:
Set of tools that allow
administration through shell.
• Greenbone SecurityAssistant (GSA):
Web-based tool with interface for
variousVA services.

14. Services Components
• OpenVAS Scanner:
Allows us the scan of hostname/ip,
port range or entire networks.
• OpenVAS Manager:
Receives task from Administrator
then use the Scanner to perform VA.
Also processes the results of the scans,
so it generates the final report.

15. Data Components
• NVT’s (Network Vulnerability Tests):
The containers of feed, i.e. test
cases that detect the vulnerabilities,
which are currently over 50,000.
• Results, Configs:
The DB (PostgreSQL) where reports
are collected and where the entire
configuration is stored.

16. OpenVAS Feeds
• Updating Network
VulnerabilityTests (NVTs),
Security Content Automation
Protocol (SCAP)
and Computer Emergency
ResponseTeam (CERT) Feeds.

18. OUTLINE
 Vulnerability Assessment (VA).
 OpenVAS Overview.
 OpenVAS Architecture.
 Conducting VA using OpenVAS ((Demo)).

19. CONDUCTING VA USING OpenVAS
 Step 1: Installing and Connecting to the OpenVAS.
 Step 2: Tabs (Administration Tab, Configuration Tab, SecInfo
Management Tab, and Scan Management Tab).
 Step 3: Scanning (New Target, New Task, and Start Scanning).
 Step 4: Export report of VA conducted.

20. Step 1: Installing OpenVAS 7 on CentOS 7
• The OpenVAS binary packages aren’t included with the stock repositories.
So, we need to enable the Atomicorp repository.
• First, we need to install a few prerequisites. To do that, run this command.
• Now, we will install OpenVAS 7.

21. Step 1: Connecting to the OpenVAS Web Interface
• Point your browser to
https://localhost:9392.
• Enter the credentials for the admin
user.
• The admin password was generated
during the setup phase.

23. Step 2: Tabs
 Explanation of Administration Tab.
• Adding Users, Groups and Roles.
• Updating NVT, SCAP and CERT Feeds.

24. Administration Tab

25. Add New Users

26. New User Details

27. Step 2: Tabs
 Explanation of Configuration Tab.
• Targets, Port lists and Credentials.
• Scan Configs.
• Alerts and Schedules.
• Permissions.

28. Configuration Tab

29. Targets

30. Port List

31. Scan Configs

32. Permissions

33. Step 2: Tabs
 Explanation of SecInfo Management Tab.
• SecInfo Dashboard.
• NVTs.
• CVEs.

34. SecInfo Management Tab

35. SecInfo Dashboard

36. NVTs – Network Vulnerability Tests

37. CVEs – Common Vulnerabilities and Exposure

38. Step 2: Tabs
 Explanation of Scan Management tab.
• Tasks.
• Reports.
• Results.

39. Scan Management tab

40. New Tasks

41. Reports

42. Results

43. Step 3: Scanning
 Explanation for Scanning a Target to find Vulnerabilities.
 Procedures:
I. New Target (Creating Target).
II. New Task (Creating Task).
III. Start Scanning.

44. I. New Target

45. Port List Options

46. Target Added

47. II. New Task

48. Scan Config Options

49. Task Created

50. III. Start Scanning

51. Total Task List

52. Scanned Target Summary Report

53. Results of Target

54. Step 4: Export report of VA conducted
 Explanation on Exporting the scanned target vulnerabilities into
file.
 Different extension are possible to export like .pdf, .xml etc.
• PDF will be used to submit to your higher management.
• XML can be used to import in Metasploit for doing penetration
testing.
 Also you can study by just clicking the vulnerability.

55. Studying Vulnerability

56. Exporting as file

57. PDF file