In this endeavour, a robust Azure network infrastructure was meticulously crafted, housing two virtual machines meticulously provisioned for distinct purposes: one tasked with executing the OpenVAS Vulnerability Management Scanner, while the other hosted a Windows 10 environment. Notably, the latter virtual machine was deliberately subjected to vulnerabilities through the intentional deactivation of security protocols and the deployment of outdated software, serving as a controlled environment for vulnerability assessment. Emphasizing the criticality of meticulous vulnerability management, the assessment proceeded in two distinct phases. Initially, an unauthenticated scan was meticulously executed on the Windows 10 system, probing its defences from an external perspective. Subsequently, a more comprehensive credentialed scan, bolstered by privileged access, was meticulously configured and executed. The outcomes of this comprehensive assessment informed the implementation of targeted remediation strategies, specifically tailored to address identified vulnerabilities of significant magnitude. In a concerted effort to validate the efficacy of the instituted remedial actions, a conclusive credentialed scan was meticulously conducted. This final phase served as a litmus test, affirming the efficacy of the deployed remediations and underscoring the overarching importance of robust vulnerability management practices within contemporary network infrastructures.
- NIST Cybersecurity Framework (CSF)
- Azure Virtual Network
- OpenVAS Vulnerability Management Scanner
- Windows 10 Pro virtual machine
- Outdated software, known to have vulnerabilities. (Mozilla Firefox, v97.0b5 ,Video LAN VLC Media Player, v1.1.7 ,Adobe Reader, v10.0.0)
The initial step in this project involved the creation of the primary resource: the OpenVAS Vulnerability Management Scanner. Specifically, we opted for the OpenVAS version offered by HOSSTED, configured with default developer settings. Concurrently, a virtual machine running Windows 10 Pro was established. In readiness for vulnerability assessment, the Windows 10 environment underwent preparatory steps. This included the deliberate deactivation of the firewall and the installation of outdated versions of Firefox, VLC Media Player, and Adobe Reader. The objective was to intentionally expose the Windows 10 system to vulnerabilities. Following the disabling of the firewall and the installation of vulnerable software, the machine underwent a restart process.
To configure OpenVAS for an unauthenticated scan, the following steps were completed:
- A new host was created by using the Windows 10 virtual machine’s private IP Address.
- A new target was created, using the host from the previous step. All other configurations were left as default and no credentials were provided to OpenVAS.
- A new task was created with the target from the previous step. Again, all other configurations were left as default for this scan.
Because the scan lacked authentication, the identified vulnerabilities do not provide an accurate reflection of the known vulnerabilities present on the machine. The outdated software installed on the virtual machine does not manifest in this scan due to the inherent limitations of unauthenticated scans.
In preparation for a credentialed scan on the Windows 10 machine, several adjustments were required. The initial task involved confirming that the Domain, Private, and Public profiles for Windows Firewall remained disabled from the initial configuration. Subsequently, the following steps were undertaken:
-
Disable User Account Control.
-
Enable Remote Registry.
-
Navigate to the Windows Registry and create a new DWORD named “LocalAccountTokenFilterPolicy” and set the value to “1”.
-
Restart the virtual machine.
As the Windows 10 machine underwent a restart, the subsequent steps were undertaken to configure OpenVAS for a credentialed scan:
- Create a new credential by providing the Windows 10 virtual machine’s username and password to OpenVAS.
-
Clone the existing target by clicking the sheep icon found under “Actions.” Edit the cloned target and enable SMB by selecting the credentials created in the previous step.
-
Clone the existing task and edit the clone to use the credentialed target created in the previous step.
Results of the Credentialed Scan
The disparity in vulnerabilities unearthed between the unauthenticated and credentialed scans is immediately evident. Not only did the severity rating escalate from 5.0 (medium) to 10.0 (high), but the credentialed scan revealed an additional 107 vulnerabilities.
The credentialed scan facilitated a comprehensive evaluation of the system by OpenVAS, enabling the detection of vulnerabilities within the outdated software. For further insight into these vulnerabilities, OpenVAS offers a dedicated tab for Common Vulnerabilities and Exposures (CVEs). By incorporating CVEs, OpenVAS furnishes a readily understandable breakdown of each vulnerability. This breakdown encompasses a description, score, vector, references, and remediation measures.
To address many vulnerabilities identified during the credentialed scan, the outdated software was removed from the Windows 10 machine. Subsequently, another credentialed scan was conducted to validate whether the implemented remediations effectively mitigated the anticipated vulnerabilities. The scan results indicated successful remediation efforts, evidenced by a decline in the number of vulnerabilities detected. Through the removal of outdated software, the quantity of vulnerabilities identified by OpenVAS decreased by 91.
This project effectively showcased the setup of OpenVAS and the subsequent remediation of vulnerabilities. Additionally, it underscored the significance of conducting credentialed scans whenever feasible, given that unauthenticated scans may not offer an accurate portrayal of system security. While the verification scan revealed the persistence of some high-severity vulnerabilities, addressing these issues was beyond the project's scope.
This project aimed to provide me with practical exposure to vulnerability management, encompassing configurations and remedial actions. Looking ahead, I intend to revisit this project, emphasizing advanced vulnerability remediation techniques