Nessus and OpenVAS are so-called vulnerability scanners.
Vulnerability scanners fall into the category of security scanners and serve to improve your own IT security by using their scans to show administrators known vulnerabilities in the network. These scanners are also part of the standard repertoire at Security Audits . The BSI itself provided a vulnerability scanner based on Nessus, but discontinued it in favor of a recommendation from OpenVAS.
The last few years have shown how valuable these scanners can be when, in the course of the requirement to network every device, old devices and devices that were previously ignored suddenly affected the integrity and security of the entire network.
Not only software errors emerged that could be exploited, but especially the use of poor passwords, or none at all, as well as the operation of too many unused, mostly insecure protocols, which made it easier for attackers to gain access.
Nessus & OpenVAS collect security-relevant information
Regardless of whether it is servers, network printers, routers, desktop computers, Linux, Windows or embedded systems that are examined carefully, Nessus, OpenVAS and Co collect the security-relevant information of the specified test area in the specified depth. They are not limited to vulnerabilities that can be reached via the network, but can – if configured – also check locally on the machines.
The configuration of both scanners allows great freedom and can thus be adapted to the requirements of your own network. From pure presence scans to specific protocols or operating systems to comprehensive scans that use all available checks, adapted to specified goals, specified schedules and, if desired, individually set timeouts for certain checks.
These “checks” are based on the Nessus scripting language NASL (Nessus Attack Scripting Language), which is also used by OpenVAS, since OpenVAS is a spin-off from Nessus when it was placed under a proprietary license. These checks are provided by the manufacturers of the two scanners, as well as by their community, since NASL of course also allows an administrator to assign and integrate their own checks. New vulnerabilities can be quickly discovered in your own network during the next scan and then eliminated.
Delta matching and common vulnerability scoring by Nessus & OpenVAS
In addition to the pure display of vulnerabilities, Nessus and OpenVAS offer further information on these, such as the value of the Common Vulnerability Scoring System (CVSS), how they can be eliminated and further references to information from the manufacturer or entries from IT security specialists Organizations.
They also offer the possibility of delta comparison of the previous scans in order to be able to present a statement about the course of the vulnerabilities that have occurred.
In addition, they offer a further option to support the inventory in the company. For better evaluation, both scanners also offer the option of filtering the respective test reports and exporting them in different formats.
In order to achieve an effective profit at IT security through the use of vulnerability scanners, a regulated process for management is required the identified weaknesses. Recognizing the existing weak points and risks is only the first step in this process. Basically, this process can be divided into the following process steps:
Scanning the network or system for vulnerabilities and generating a report on the results of the scan.
Review of scan results, correction of false positives and evaluation of risks and business impact of the scan results.
3. Prioritization and planning:
Determination of priorities for action – e.g. on the basis of the identified risks or the expected effort of rectification.
Elimination of the selected vulnerabilities based on the planning.
5. Examination of the effect:
Check whether remedial measures have eliminated the vulnerability and the risks no longer exist or have been reduced.
Once this process has been completed, it starts all over again with a new scan.
In order to work successfully on reducing vulnerabilities in your own organization and thereby effectively improving IT security, it is important that responsibilities for the above-mentioned process steps are clearly assigned within the framework of vulnerabilities management. It is important that there are no conflicts of interest. Bodies that are responsible for rectification should not be responsible for classification, prioritization or testing of the effect at the same time.
If you want to introduce effective weak point management in your company, please do not hesitate to contact us. ProSec GmbH will be happy to support you with the conception, planning, selection of tools and implementation.