WEBVTT 0 00:01.040 --> 00:01.880 Welcome back! 1 00:02.420 --> 00:08.270 We’ll start a series of lectures on Vulnerability Assessment Systems of VAS. 2 00:10.180 --> 00:16.800 One of the keys to being a successful ethical hacker or penetration tester is the ability to find 3 00:16.820 --> 00:23.920 vulnerabilities on the target systems in order to secure them. As you already know, a vulnerability 4 00:23.950 --> 00:32.100 is a bug of an asset,that an taker can exploit to gain unauthorized access to sensitive data, inject 5 00:32.110 --> 00:38.470 malicious code, or generate denial of service attacks. To prevent security breaches 6 00:38.740 --> 00:46.840 it is important to identify and immediate security holes and vulnerabilities that can expose an asset 7 00:47.080 --> 00:47.840 to an attack. 8 00:48.930 --> 00:55.740 We took a look at several ways to do that, including various tools like and map, zenmap, routersploit 9 00:55.740 --> 01:03.150 or metasploit. Even though they are great tools in finding vulnerabilities on different systems 10 01:03.490 --> 01:10.590 a lot of human effort is needed in detecting and suggesting solutions for different vulnerabilities 11 01:10.710 --> 01:11.430 and flaws. 12 01:12.460 --> 01:19.970 A tool that detects, assesses, reports and integrates with other tools would be of great help. 13 01:20.420 --> 01:29.330 Such a tool is called Generically Vulnerability Assessment System, or VAS, and is used by professional 14 01:29.330 --> 01:34.270 penetration testers for both personal and enterprise networks 15 01:34.330 --> 01:34.940 testing. 16 01:36.170 --> 01:44.900 Most of them use common vulnerabilities and exposures or CVEs to run test cases for the vulnerability 17 01:44.900 --> 01:47.240 testing on different infrastructures. 18 01:48.240 --> 01:52.140 They use signatures of the discovered vulnerabilities 19 01:52.440 --> 01:59.940 so it's important to update their database as quickly as possible for newly exposed vulnerabilities. 20 02:00.370 --> 02:07.500 A VAS helps you to understand the cyber exposure of all assets, including vulnerabilities. 21 02:08.460 --> 02:08.970 misconfigurations 22 02:09.150 --> 02:11.760 and other security health indicators. 23 02:13.230 --> 02:18.050 Let's see what vulnerability assessment systems are available on the market! 24 02:18.960 --> 02:25.920 One of the first such products was Nessus which started in 1998 to provide 25 02:25.920 --> 02:29.970 the Internet community with a free remote security scanner. 26 02:30.600 --> 02:37.140 However in 2005, Tenable Network Security, the company that developed 27 02:37.200 --> 02:41.610 Nessus, changed it to a proprietary, closed source license. 28 02:42.060 --> 02:49.260 Nowadays, Nessus is one of the most well-known and used commercial VAS, especially by big networks 29 02:49.320 --> 02:50.310 or corporations. 30 02:51.000 --> 02:57.960 A one year license price starts from 3000 U.S. dollars, which is considered expensive for 31 02:57.960 --> 02:59.910 individuals or small companies. 32 03:00.670 --> 03:07.140 Note that there is also a trial version which is free of cost for personal use, you know, non-commercial 33 03:07.140 --> 03:09.810 environment for a limited period of time. 34 03:11.090 --> 03:18.030 After Nessus became a commercial software, a few pen testers created an open source and free fork 35 03:18.200 --> 03:20.270 called OpenVAS. 36 03:20.660 --> 03:27.470 Now OpenVAS is an open-source Vulnerability Manager (VM) and Vulnerability Assessment System (VAS), which 37 03:27.470 --> 03:30.100 means it is free to use and its source code is 38 03:30.290 --> 03:31.400 public as well. 39 03:32.480 --> 03:40.880 It is licensed under GPL and although it is free, it is really good at its job and is in the list of 40 03:40.880 --> 03:42.020 the top VAS. 41 03:43.240 --> 03:49.780 In this section, we'll take a look at OpenVAS, which is a tool that scans the entire network 42 03:49.780 --> 03:56.380 infrastructure for vulnerabilities and generates a scan report, which helps you to prioritize 43 03:56.440 --> 04:03.010 vulnerabilities based on risk factor and determine the most effective solution to implement. 44 04:04.140 --> 04:12.110 Another VAS is Nexpose which is developed by Rapid7, the same company that develops 45 04:12.130 --> 04:12.590 Metasploit. 46 04:13.170 --> 04:20.040 It also integrates with Metasploit so that it provides a vulnerability assessment and validation tool, 47 04:20.280 --> 04:26.950 which helps you eliminate false positive, verify vulnerabilities and test remediation measures. 48 04:28.040 --> 04:33.110 Nexpose camps in several versions, both commercial and free. 49 04:34.520 --> 04:41.300 The Community Addition is a free and limited version of Nexpose, and it's the one someone should 50 04:41.300 --> 04:43.970 start with. In order to install it 51 04:44.090 --> 04:47.720 the first step is to create a free account at this address. 52 04:48.820 --> 04:56.770 An e-mail address, other than a free one, is required and a license key that is valid for one year will 53 04:56.770 --> 04:58.070 be emailed to that address. 54 04:58.480 --> 05:05.550 Note that Vulnerability Assessment Systems are complex applications with lots of components and 55 05:05.560 --> 05:07.570 require a lot of resources. 56 05:08.380 --> 05:16.210 For example, the minimum requirements for Nexpose is 8GB of RAM, 16GB being the 57 05:16.390 --> 05:21.640 recommended, and 100GB of free space on your disk. 58 05:22.840 --> 05:29.410 On the other hand, OpenVAS does not require anything near that amount of memory, 59 05:29.830 --> 05:35.630 but the more you can provide it, the smoother your scanning system will run. 60 05:36.220 --> 05:44.560 Keep in mind that most of the problems, errors and crashes of VAS are due to insufficient resources 61 05:44.620 --> 05:47.140 allocated. For our tests 62 05:47.290 --> 05:53.950 I'd recommend you to allocate, if possible, 3-4 GB of RAM to the VM. 63 05:55.140 --> 05:59.820 This was a short introduction to vulnerability assessment systems. 64 06:00.120 --> 06:01.230 We'll take a short break 65 06:01.470 --> 06:07.140 and in the next lectures, I'll show you how to install and use OpenVAS.