Welcome to this hands-on lab on vulnerability scanning using OpenVAS (Open Vulnerability Assessment System). In this lab, we'll explore the critical cybersecurity practice of identifying and assessing vulnerabilities in computer systems and networks.
Next, we'll dive into vulnerability scanning, an automated technique used to identify weaknesses in systems that could potentially be exploited by malicious actors. We'll introduce you to various vulnerability scanners available in the industry, with a focus on OpenVAS, the open-source tool we'll be using in this lab.
Throughout this lab, you'll gain practical experience by:
- Accessing the Greenbone Security Assistant (GSA), the web interface for OpenVAS
- Reviewing a pre-conducted vulnerability scan report
- Analyzing different types of vulnerabilities, their severity levels, and potential impacts
- Understanding how to interpret scan results and prioritize remediation efforts
By the end of this lab, you'll have a solid foundation in vulnerability scanning techniques and be better equipped to identify and assess potential security weaknesses in computer systems and networks.
Lab Questions and Answers: 1.1 Core Concepts
1. Vulnerability scanning is best defined as:
A. Exploiting weaknesses in software, services, and hosts.
B. Evaluating assets against known CVEs in the NVD.
C. Automated probing of assets in search of weakness and flaws that could be potentially exploited.
D. Checking systems for malicious software (malware).
Answer: C
2. A _______ is a weakness or flaw in an asset; a ________ is a opportunity to take advantage of a weakness or flaw in an asset; _______ is the likelihood and impact of an exploited weakness or flaw in an asset:
A. threat; vulnerability; risk
B. vulnerability; threat; risk
C. risk; impact; vulnerability
D. vulnerability; risk; impact
Answer: B
3. In practice, vulnerability scanners like OpenVAS are used to:
A. Test compliance with standards and regulations.
B. Proactively identify weaknesses in systems and apply corrective measures to address them.
C. Assess the effectiveness of existing security controls, as in a penetration test.
D. All of the above.
Answer: D
4. What is the CVE ID associated with the Ghostcat vulnerability?
CVE-2020-1938
Hint: Go to scan/tasks and click on oopsec task and then click CVE tab.
Lab Questions and Answers: 1.2 Guided Exercise
1. What is the minimum version of Jenkins that OpenVAS recommends upgrading to for removal of the vulnerability?
Answer: 2.276
Hint: Let the run finish and click on report then go to results tab.
3. What is the short name of this SSL vulnerability as told in the official CVE Description? (the _______ bug)
2. What CVE is associated with the Arbitrary File Read vulnerability you discovered in the Jenkins Server?
Answer: CVE-2021-21615
Hint: Click on the Jenkins vulnerability and scroll down to find the CVE.
3. What is the short name of this SSL vulnerability as told in the official CVE Description? (the _______ bug)
Answer: Heartbleed
Hint: Click on the SSL vulnerability that is associated with heartbeat extension, click it and scroll down to find the CVE and then open the CVE description to find the name.
Lab Questions and Answers: 1.3 Challenge Exercise
1. You’ve discovered two vulnerabilities in the installed version of Apache Struts. What type of vulnerability is this version prone to?
A. Local File Inclusion (LFI)
B. Remote Code Execution (RCE)
C. Arbitrary File Read or Directory Traversal
D. Information Disclosure
Answer: B
Hint: Expand the Apache Struts Vulnerability find in summary.
2. One of these Struts vulnerabilities results from an incomplete fix attempted on the other. What CVE is associated with the ‘incomplete fix’ vulnerability?
Answer: CVE-2021-31805
Hint: Open the second struts vulnerability and find in insights.
3. Given what you know about the importance of host exposure in assessing risk (external vs. internal servers), which vulnerabilities are most likely to be prioritized above the others?
A. The TLS/SSL vulnerabilities on the web server.
B. The ICMP Timestamp disclosure vulnerability on the web server.
C. The Apache Struts vulnerabilities on the dev server.
D. The “Missing ‘HttpOnly’ Cookie attribute” vulnerability on the dev server.
Answer: A
Hint: Dev servers are most likely internal, and others aren't that critical.
Conclusion:
This lab has provided you with practical experience in vulnerability scanning using OpenVAS. You've learned to navigate the Greenbone Security Assistant, interpret vulnerability reports, and understand the importance of context in assessing risk. By examining various types of vulnerabilities and their potential impacts, you've gained insight into the complexities of maintaining system security. Remember that vulnerability scanning is just one component of a comprehensive security strategy. As you move forward in your cybersecurity journey, continue to hone your skills in identifying, prioritizing, and addressing vulnerabilities. The landscape of threats is ever-evolving, and staying vigilant and informed is key to protecting digital assets effectively. Apply the knowledge gained here to real-world scenarios, always considering the broader context of each vulnerability and its potential risk to your organization.
