Vulnerability Management with OpenVAS and the Greenbone Community Edition (GCE)

Vulnerability Management: not optional, but mandatory!

Almost all cyber attacks exploit vulnerabilities or misconfigurations (e.g. poorly chosen passwords or the use of insecure protocols) to achieve their goal. The targets of attacks are not only traditional hardware and software products, but also machines and systems as well as smart everyday objects that are connected to the Internet.

While the focus used to be earlier on detecting vulnerabilities, today´s challenge is to deal with them: A professional IT operation often maintains hundreds of different IT systems, all of which can be accessed via the Internet. As a result, administrators are faced with a multitude of updates, patches and security alerts on a daily basis. The dependency of business processes on IT, combined with high performance requirements and an ever-increasing shortage of skilled workers can therefore quickly lead to an overburdened IT stuff. It is then only a matter of time before a serious IT security incident occurs.

Professional vulnerability management solutions are therefore an essential part of every IT operation. They not only help to identify vulnerabilities, but also to assess the risk and prioritise IT security measures. Most products can also verify compliance with configuration specifications and policies.

Open Source Vulnerability Scanner: Greenbone Community Edition (GCE)

One of the most popular and feature-rich open source vulnerability scanners is OpenVAS (Open Vulnerability Assessment Scanner). Greenbone AG, based in Osnabrück, has been the main developer of OpenVAS since 2006 and provides the vulnerability scanner, together with other open source modules, to the general public free of charge as the 'Greenbone Community Edition'. The development of 'OpenVAS' was supported by the German Federal Office for Information Security (BSI). Among other things, it was possible to provide numerous features and test routines of the commercial vulnerability scanner of Greenbone AG free of charge as open source.

OpenVAS, like all other components of the GCE, is updated daily and now contains more than 120.000 vulnerability tests (as of 1.8.2023) and compliance checks. In the forum users will find support on numerous topics related to the GCE. Below is an overview of the main functions and properties:

Examinations

• Security scanning of complete networks
• Application and service testing
• Policy auditing
• Support for inventorying computer and networks
• Covering high- and low-level Internet protocols and typical industrial applications
• Classification of vulnerabilities and security alerts to prioritise countermeasures

Operational aspects

• Suitable for large IT networks
• Multi-user and multi-client capability
• Import and export interfaces for integrating OpenVAS into a complex IT security infrastructure (e.g. interfaces to intrusion detection systems)

Technical features:

• Scalable master sensor operation with scan sensors in remote networks
• Unauthenticated and authenticated security checks
• Extensive internal programming language for implementing any type of vulnerability testing
• Comprehensive inspection tasks and management features

Report management

• Comprehensive reporting capabilities (evaluate, present, search, compare and export test results)
• Description of remediation actions for vulnerabilities, including risk level and prioritisation suggestions
• Integration of current CVE (Common Vulnerabilities and Exposures) information including links to the CERT-Bund (Computer Emergency Response Team of the BSI) and others.
• Alerts on policy violations or identified vulnerabilities
  

Installing the Greenbone Community Edition

The installation of the Greenbone Community Edition with OpenVAS is possible on almost every current Linux based computer. Greenbone provides comprehensive installation instructions for the Linux distributions Debian, Ubuntu, Fedora and CentOS.

Users can also find further help in the Greenbone Community forum.

To facilitate the installation, Greenbone has offers containers on Dockerhub since 2022. These Docker containers also run on the Windows and MacOS operating systems. Instructions for this can be found at https://greenbone.github.io. Installation packages for other distributions (e.g. Kali Linux) are also available from the community.

Framework agreement for the federal administration

The BSI has signed a framework contract with Greenbone AG through the Federal Procurement Office. Its portfolio includes pre-installed hardware appliances as well as virtual appliances with OpenVAS as a vulnerability scanner in various dimensions of Greenbone Enterprise Appliances as well as manufacturer support. These appliances have an extended data feed and additional functions compared to the GCE (see also Greenbone product-comparison) .