As a cybersecurity analyst, one of the ways we encourage organizations to protect themselves is through a Vulnerability Management program. Most organiztions have an IT staff, whether in-house or contracted, that will manage updates on hardware devices and keep up with new versions of software. This is known as patch management. We often manage this on our own as well with our personal devices. We'll click the Windows notification telling us an update will take place that night and then reboot the machine, or we'll update our iPhone to the lastest version to make sure we keep it secure.
While patch management on its own may serve as a "Vulnerability Management Program", a more thorough approach is to implement a regular cadence of vulnerability scanning on your network environment. I suggest doing this at least quarterly on your network devices and more often for your more critical assets, perhaps monthly. Your more critical assets would be your servers and other devices critical to the operation of your business.
However, commercial vulnerability scanning tools are not cheap preventing most organizations from scanning their network. Even in our own organization, we evaluate vulnerability scanning tools to find the best bargain that will still meet our requirements. In my position, I still like to have a backup plan in case I run into some issue running our scanning software. That plan turned out to be OpenVAS.
OpenVAS is a product of Greenbone and is open-source, meaning you can run it for free. However, it does require some work to get it set up. For my puposes, I set it up in a VirtualBox environment.
As of November 2023, you can find the documentation at https://greenbone.github.io/docs/latest/22.4/container/index.html.
The first thing I did was download and install Ubuntu 22.04 iso. I found this at https://ubuntu.com/download/desktop. I think the actual version I downloaded and installed is 22.04.3.
The Virtual Machine (VM) username for the Ubuntu install is vboxuser. Then you need to enter your own password.
I went with the recommended settings listed on the documentation page:
Recommended:
CPU Cores: 4
Random-Access Memory: 8GB
Hard Disk: 60GB free
When I ran the install I was getting an error and realized I had selected 8MB instead of 8GB. 8MB will definitely not be enough!
After installing Ubuntu, I had to add my vboxuser id to the sudoers file. I searched the internet to figure out what commands I needed to do this.
The commands to add your id to the sudoers file are:
su -
usermod -a -G sudo vboxuser
This was an important part of the setup that helped to execute many of the commands needed to get OpenVAS running. Beyond that I followed the instructions for the Ubuntu installation on the documentation page.
Once everything was running, I entered the default id and password for OpenVAS (admin/admin) and I was up and running. I ran a couple of tests against my home network just to make sure I was getting results. Sure enough, the scans ran fine and I was able to get a report of the results.