ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    So you want to build a Security Program? Part 1 - Vulnerability Scanning

    IT Discussion
    13
    72
    6.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DustinB3403 @IRJ
      last edited by

      @IRJ So what good is the reporting, if its no good?

      How do you interpret the information you receive?

      I 1 Reply Last reply Reply Quote 1
      • I
        IRJ @DustinB3403
        last edited by

        @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

        @IRJ So what good is the reporting, if its no good?

        How do you interpret the information you receive?

        The reporting is fine for a technical person. It is not great for managment. You can get CVS files of all the vulnerabilities found with references and solutions how to fix them. So for a technical person you have 100% what you need.

        1 Reply Last reply Reply Quote 2
        • D
          DustinB3403
          last edited by

          @IRJ ok so then the reports are fine for someone who knows what they are reading.

          All I needed to know. 🙂

          1 Reply Last reply Reply Quote 1
          • I
            IRJ
            last edited by

            With Nessus, I am able to pull reports for specific groups of assets. Like I can just say give me all web servers, Server 2008 R2, database servers, or citrix. You can also create custom groups based on applications or whatever else like location etc.

            1 Reply Last reply Reply Quote 0
            • D
              DustinB3403
              last edited by

              But Nessus is a paid for solution, correct?

              I 1 Reply Last reply Reply Quote 0
              • I
                IRJ @DustinB3403
                last edited by

                @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                But Nessus is a paid for solution, correct?

                Correct.

                1 Reply Last reply Reply Quote 0
                • I
                  IRJ
                  last edited by

                  I am just highlighting that the reporting in OpenVAS does not compare to Nessus. Let me grab an OpenVAS sample report for you @DustinB3403

                  1 Reply Last reply Reply Quote 0
                  • K
                    Kelly
                    last edited by

                    I am also interested in this @IRJ, so I'll be following your topics with interest even if I don't have specific questions.

                    I 1 Reply Last reply Reply Quote 0
                    • I
                      IRJ @Kelly
                      last edited by

                      @Kelly said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                      I am also interested in this @IRJ, so I'll be following your topics with interest even if I don't have specific questions.

                      @DustinB3403 and I working on setting his up through chat. I will share details in this thread when we are done

                      1 Reply Last reply Reply Quote 1
                      • D
                        DustinB3403
                        last edited by

                        Key note, once installed and you're able to access the web console, you need to enable the root account get to a shell command and run openvasmd --update && openvasmd --rebuild to download the NVTs and other SecInfo.

                        This has taken about 5 minutes so far, but could take longer still.

                        I 1 Reply Last reply Reply Quote 0
                        • B
                          BRRABill
                          last edited by

                          I remember trying to get OpenVAS set up once.

                          (Shudders...)

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            DustinB3403 @BRRABill
                            last edited by

                            @BRRABill So the setup its self so far hasn't seemed to difficult.

                            The GUI sucks though, and isn't intuitive. Adding targets is awkward, but once you've seen it, its easy enough.

                            B 1 Reply Last reply Reply Quote 0
                            • B
                              BRRABill @DustinB3403
                              last edited by

                              @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                              @BRRABill So the setup its self so far hasn't seemed to difficult.

                              The GUI sucks though, and isn't intuitive. Adding targets is awkward, but once you've seen it, its easy enough.

                              Yeah, I guess installing wasn't a big deal. I ended up just using one of their preconfigured ones. (This was back in my pre-Linux days.)

                              I think getting it work was more my thing. I'm sure if I stayed on it I would have figured it out. The GUI is definitely terrible.

                              1 Reply Last reply Reply Quote 1
                              • I
                                IRJ
                                last edited by

                                Probably the worse GUI I've seen. It's so bad I had to download the vm again just to help @DustinB3403 because it's not intuitive at all.

                                1 Reply Last reply Reply Quote 0
                                • D
                                  DustinB3403
                                  last edited by

                                  So besides the bad interface, and oddity of having to download the NVTs separately the solution its self doesn't seem so bad.

                                  A bit slow (vbox on my system), once you start to use it its actually kinda simply, and provides a nice insight to where things are vulnerable.

                                  I 1 Reply Last reply Reply Quote 0
                                  • I
                                    IRJ @DustinB3403
                                    last edited by

                                    @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                    So besides the bad interface, and oddity of having to download the NVTs separately the solution its self doesn't seem so bad.

                                    A bit slow (vbox on my system), once you start to use it its actually kinda simply, and provides a nice insight to where things are vulnerable.

                                    NVTs are downloaded on a schedule (weekly). You only have to do it once manually and it should update after that. You can always verify in the GUI by looking at the date of the latest NVTs.

                                    The other option, which I've done for small companies who are low on resources is to just have the update command run at startup. There isn't a real reason to have this server up 24/7 so you can boot it up weekly or whatever if you want.

                                    1 Reply Last reply Reply Quote 0
                                    • I
                                      IRJ @DustinB3403
                                      last edited by

                                      @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                      Key note, once installed and you're able to access the web console, you need to enable the root account get to a shell command and run openvasmd --update && openvasmd --rebuild to download the NVTs and other SecInfo.

                                      This has taken about 5 minutes so far, but could take longer still.

                                      Another thing to note, is that the free version is only allowed to run this command once a week. I've read that they can cut you off completely for you try to do it daily or whatever.

                                      1 Reply Last reply Reply Quote 0
                                      • I
                                        IRJ
                                        last edited by IRJ

                                        How to start your first scan

                                        Ok so step one is to go to Configuration > Targets

                                        Click the Star (top left) to Add A new Target

                                        Let's just use one target for now. Name it whatever you want and just type in IP in manually

                                        Otherwise I would use a text file

                                        Then go to Configuration > Credentials

                                        Add a credential and save it

                                        Now go back to Configuration > Targets and edit the one you already made and go to SMB and select the credential you just made

                                        Next go to Scan Management > Tasks

                                        Then click the star to create a new task

                                        Name it whatever you want and select the scan target you just created

                                        Once you are finished with the task click the green play button to start the scan

                                        Note: Added to the OP as well.

                                        1 Reply Last reply Reply Quote 0
                                        • stacksofplatesS
                                          stacksofplates @IRJ
                                          last edited by

                                          @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                          @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                          Is OpenVAS intuitive to use and pickup? Does it have built in scans and reporting that are easily assessed (read).

                                          The GUI and reporting are not good. In fact the GUI is one of the ugliest GUIs I have ever seen, but you will get the same data as you would with paid solutions.

                                          You don't like the lady?

                                          I 1 Reply Last reply Reply Quote 0
                                          • I
                                            IRJ @stacksofplates
                                            last edited by

                                            @stacksofplates said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                            @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                            @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                            Is OpenVAS intuitive to use and pickup? Does it have built in scans and reporting that are easily assessed (read).

                                            The GUI and reporting are not good. In fact the GUI is one of the ugliest GUIs I have ever seen, but you will get the same data as you would with paid solutions.

                                            You don't like the lady?

                                            Maybe if I had a 4k monitor I could appreciate her more!

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post