We show you how to do the security self-test with OpenVAS and test your PC together with the Internet: the best chain is just as good as your weakest link, says a proverb. For networks, whether in the company or at home, the same applies. The best firewall is of no use if a malicious application can execute malicious code. This is why you should periodically use Pro tools to search your home network and close holes before unintentionally visiting your home. The freely available tool OpenVAS provides support for this. It searches the connected devices in a network for known attack points. If it finds it, it simulates an attack with all Raf nessen. The result of the scan is provided by the tool in a detailed report.
Installing OpenVAS - How to do
In the following article we will show you how to install OpenVAS, make the basic settings and perform an initial test in the home network. In addition, you will get to know more tools that help you get the most out of your network traffic analysis.
Also interesting is
Note: Use OpenVAS only on your own network. Since the tool actively tries to exploit security gaps and penetrate the attacked system, a use against third-party computers is forbidden and punishable. This distinguishes OpenVAS from a port scanner. You can not ban your own network.
Perform the first attack with OpenVAS
OpenVAS has been launched as a well-developed development of the famous Vulnerability TestersNessus. Since Nessus has been transferred to a proprietary license, OpenVAS is independently developed further. The release 6 of March 2013 is currently available for download in several versions. On the website you can find the source code or already pre-compiled packages for common Linux distributions. Both presuppose that you want to install OpenVAS as a server on a computer.
There is, however, a third possibility: the OpenVAS-6 Demo Virtual Appliance. This is a finished server, including an operating system that you can run in a virtual machine. This is very good to test the functions. In addition to the server, you also need a client to control the server. This is the Greenbone Security Assistant, which runs as a web interface and is also on the demo.
The Virtual Appliance is an OVA file. The format has nothing to do with OpenVAS, but provides a partition in Open Virtualization format. This format can be imported from any virtualization environment, such as Virtualbox or Vmware. So that you can start the Virtual Appliance, you need some work. If you have not yet installed a virtualization environment, please download the latest version of Virtualbox and install it. Then import the virtual appliance under File / Import. You can accept all presets.
In this process, Virtualbox creates a copy of the data in its own format. After the process has been completed, you can delete the original OVAD file. Now the Virtual Appliance is ready to start. After the boot process, you will see a command line where you can log in with the user name openvas and the same password. The advantage is that you now get the IP address of the scanner in the network. However, the Vulnerability Scanner Server is already running without logon.
Now you can log on to the scanner from any computer in the network. To do this, enter the IP address of the appliance in your web browser with a pre-defined https: // and confirm that you trust the previously unknown certificate. Then the GreenBeach Security Assistant login screen will receive you with an unfriendly looking dachshund.
The user admin is preset here with the password admin. After you have successfully registered, you can already start a first test. However, it is better to update the system to the latest standards. OpenVAS regularly offers new packages with security gaps similar to an anti-virus solution. To update, create a new user under Administration / User and restrict its scan area to the local network
Then update the collection of test scripts under Administration / NVT Feed, SCAP Feed and CERT Feed. The core is the NVTs. NVT stands for Network Vulnerability Test. You can also create your own scripts, for details, see the developer pages.
Important for an attack is that it is executed from a separate computer. If you want to test how secure your network is from the outside, you must start the test even from a different network (for example via UMTS). Only then do you see how well your router firewall protects you (usually not bad). But also attacks within the own network can be revealing. The easiest way to start the attack is in Greenbone under Scan Management / New Task. Click on the icon with the magic wand. A Task Wizard appears. You only need to enter an IP address of the target computer. OpenVAS provides other default settings. This is sufficient for the first pass.
There should be a result after about five minutes. In the meantime, you can also display the status in the Scan Management / Tasks section. When the test is complete, you will see the results in the task details. OpenVAS divides the detected security holes into the high, medium and low hazardous classes. They are listed in a comprehensive report with many additional information. In addition to a detailed description of the security gap and a reference to additional information on the Internet, there is also a tip on how the gap can be closed. This makes the report an indispensable tool for maintaining a network.
The report can be exported in many formats, in addition to many exchange formats as PDF or HTML file. Users can also filter out certain results. This facilitates the subsequent analysis and repair of the system under investigation.
A well-maintained system, on which regular updates were implemented and which has an anti-malware suite, should have only a few gaps. The situation is different in the case of computers with obsolete software designed for use on the Internet, for example as a web server. These cases are very interesting for attackers and data pioneers.
No comments:
Post a Comment