GURU NANAK DEV ENGINEERING COLLEGE, LUDHIANA

LAB MANUAL

Information Assurance Security

Branch: Information Technology

 Syllabus
Information Assurance and Security Lab

Detailed Contents:
Prerequisite: Data Communication and Computer Networks. Programming Languages: C++, C# or Java
1. Implement RSA algorithm for key generation and cipher verification.
2. Implement to demonstrate Client – Server for authenticating verification.
3. Writing program to implement RSA algorithm
4. Writing program to implement SHA-1 algorithm.
5. Writing program to implement AES algorithm.
6. Configure and demonstrate use of IDS tool such as snort.
7. Configure and demonstrate use of Traffic monitoring tool such as Wireshark.
8. Configure and demonstrate use of vulnerability assessment tool such as OpenVAS
 Practical No 1.
AIM: Write a program in C++ or Java to implement RSA algorithm for key generation
and cipher verification.
Theory: In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first
publicly described it) is an algorithm for public-key cryptography.[1] It is the first algorithm
known to be suitable for signing as well as encryption, and was one of the first great advances in
public key cryptography. RSA is widely used in electronic commerce protocols, and is believed
to be sufficiently secure given sufficiently long keys and the use of up-to-date implementations.
Operation
The RSA algorithm involves three steps: key generation, encryption and decryption.
Key generation
RSA involves a public key and a private key. The public key can be known to everyone and is
used for encrypting messages. Messages encrypted with the public key can only be decrypted
using the private key. The keys for the RSA algorithm are generated the following way:
1. Choose two distinct prime numbers p and q. o For security purposes, the integers p and q
should be chosen at random, and should be of similar bit-length. Prime integers can be
efficiently found using a primality test.
2. Compute n = pq. On is used as the modulus for both the public and private keys
3. Compute (n) = (p 1)(q 1), where is Euler's totient function.
4. Choose an integer e such that 1 < e < (n) and gcd(e, (n)) = 1, i.e. e and (n) are coprime. o e is
released as the public key exponent. o e having a short bit-length and small Hamming weight
results in more efficient encryption - most commonly 0x10001 = 65537. However, small values
of e (such as 3) have been shown to be less secure in some settings.
5. Determine d = e 1 mod (n); i.e. d is the multiplicative inverse of e mod (n). o This is more
clearly stated as solve for d given (d*e)mod (n) = 1 o This is often computed using the extended
Euclidean algorithm. o d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the private (or decryption) exponent d which must be kept secret.
Notes:

An alternative, used by PKCS#1, is to choose d matching de 1 mod with = lcm(p 1,q 1), where
lcm is the least common multiple. Using instead of (n) allows more choices for d. can also be
defined using the Carmichael function, (n).
The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p and q
match additional requirements: be strong primes, and be different enough that Fermat
factorization fails.
Encryption
Alice transmits her public key (n,e) to Bob and keeps the private key secret. Bob then wishes to
send message M to Alice.
He first turns M into an integer m, such that 0 < m < n by using an agreed-upon reversible
protocol known as a padding scheme. He then computes the ciphertext c corresponding to
c = me (mod n).
This can be done quickly using the method of exponentiation by squaring. Bob then transmits c
to Alice.
Decryption
Alice can recover m from c by using her private key exponent d via computing
m = cd (mod n).
Given m, she can recover the original message M by reversing the padding scheme.
A worked example
Here is an example of RSA encryption and decryption. The parameters used here are artificially
small, but one can also use OpenSSL to generate and examine a real keypair.
1. Choose two distinct prime numbers, such as
p = 61 and q = 53.
2. Compute n = pq giving
n = 61 · 53 = 3233.
3. Compute the totient of the product as (n) = (p 1)(q 1) giving
(3233) = (61 1)(53 1) = 3120.
4. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e
leaves us only to check that e is not a divisor of 3120.
Let e = 17.
5. Compute d, the modular multiplicative inverse of yielding d = 2753.
The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function
is m17 (mod 3233).
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is
c2753 (mod 3233).
For instance, in order to encrypt m = 65, we calculate c = 6517 (mod 3233) = 2790.
To decrypt c = 2790, we calculate m = 27902753 (mod 3233) = 65.
Both of these calculations can be computed efficiently using the square-and-multiply algorithm
for modular exponentiation. In real life situations the primes selected would be much larger; in
our example it would be relatively trivial to factor n, 3233, obtained from the freely available
public key back to the primes p and q. Given e, also from the public key, we could then compute
d and so acquire the private key.
 Practical No 2.

Aim: Write a Client Server program in C++ or Java for authentication verification.
Theory: Client/server describes the relationship between two computer programs in which one
program, the client, makes a service request from another program, the server, which fulfills the
request. Although the client/server idea can be used by programs within a single computer, it is a
more important idea in a network. In a network, the client/server model provides a convenient
way to interconnect programs that are distributed efficiently across different locations. Computer
transactions using the client/server model are very common. For example, to check your bank
account from your computer, a client program in your computer forwards your request to a
server program at the bank. That program may in turn forward the request to its own client
program that sends a request to a database server at another bank computer to retrieve your
account balance. The balance is returned back to the bank data client, which in turn serves it
back to the client in your personal computer, which displays the information for you.
Authentication:The authentication service is concerned with assuring that a communication is
authentic. In the case of a single message, such as a warning or alarm signal, the function of the
authentication service is to assure the recipient that the message is from the source that it claims
to be from. In the case of an ongoing interaction, such as the connection of a terminal to a host,
two aspects are involved. First, at the time of connection initiation, the service assures that the
two entities are authentic, that is, that each is the entity that it claims to be. Second, the service
must assure that the connection is not interfered with in such a way that a third party can
masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or
reception.
Two specific authentication services are defined in X.800:
Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an
association. It is provided for use at the establishment of, or at times during the data transfer
phase of, a connection. It attempts to provide confidence that an entity is not performing either a
masquerade or an unauthorized replay of a previous connection.
Data origin authentication: Provides for the corroboration of the source of a data unit. It does not
provide protection against the duplication or modification of data units. This type of service
supports applications like electronic mail where there are no prior interactions between the
communicating entities.
Client Server Authentication Program in java
import java.io.*;
import java.net.*;
class Server_1
{
public static String user = new String("Jyoti"); public static String password = new
String("MIT");
public static void main(String ar[])throws Exception
{
ServerSocket ss=new ServerSocket(10000); Socket s=ss.accept();
DataInputStream temp_1=new DataInputStream(s.getInputStream());
String sUNAME=temp_1.readLine();
DataInputStream temp_2=new DataInputStream(s.getInputStream());
String sPSWD=temp_2.readLine();
PrintStream ps=new PrintStream(s.getOutputStream());
if (user.equals(sUNAME) && password.equals(sPSWD)) { ps.println("Success."); } else {
ps.println("Failed."); }
}
}
import java.io.*;
import java.net.*;
class Client_1 { public static void main(String ar[])throws Exception
{
Socket s=new Socket(InetAddress.getLocalHost(),10000);
System.out.println("enter the Username :");
DataInputStream uname=new DataInputStream(System.in);
String sUNAME=uname.readLine();

System.out.println("enter the password :");

DataInputStream pswd=new DataInputStream(System.in);
String sPSWD=pswd.readLine();
PrintStream ps=new PrintStream(s.getOutputStream());
ps.println(sUNAME);
ps.println(sPSWD);
DataInputStreamdis1=newDataInputStream(s.getInputStream());
System.out.println("password status:"+dis1.readLine());
}}
 Practical No3.

AIM:-Write a program to implement RSA Algorithm.

Theory: In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first
publicly described it) is an algorithm for public-key cryptography.[1] It is the first algorithm
known to be suitable for signing as well as encryption, and was one of the first great advances in
public key cryptography. RSA is widely used in electronic commerce protocols, and is believed
to be sufficiently secure given sufficiently long keys and the use of up-to-date implementations.
Operation
The RSA algorithm involves three steps: key generation, encryption and decryption.
C program for the Implementation Of RSA Algorithm */

#include< stdio.h>
#include< conio.h>
int phi,M,n,e,d,C,FLAG;
int check()
{
int i; for(i=3;e%i==0 && phi%i==0;i+2)
{ FLAG = 1; return; } FLAG = 0; }
void encrypt()
{
int i; C = 1; for(i=0;i< e;i++) C=C*M%n; C = C%n; printf("\n\tEncrypted keyword :
%d",C);
}
void decrypt()
{
int i; M = 1; for(i=0;i< d;i++)

M=M*C%n; M = M%n; printf("\n\tDecrypted keyword : %d",M);

}
void main()
{
int p,q,s; clrscr();
printf("Enter Two Relatively Prime Numbers\t: ");
scanf("%d%d",&p,&q); n = p*q; phi=(p-1)*(q-1);
printf("\n\tF(n)\t= %d",phi);
do
{ printf("\n\nEnter e\t: ");
scanf("%d",&e); check();
}
while(FLAG==1); d = 1;
do
{ s = (d*e)%phi; d++;
}
while(s!=1); d = d-1; printf("\n\tPublic Key\t: {%d,%d}",e,n);
printf("\n\tPrivate Key\t: {%d,%d}",d,n);
printf("\n\nEnter The Plain Text\t: ");
scanf("%d",&M); encrypt();
printf("\n\nEnter the Cipher text\t: ");
scanf("%d",&C); decrypt();
getch(); }
/*************** OUTPUT *****************
Enter Two Relatively Prime Numbers : 7 17
F(n) = 96
Enter e : 5
Public Key : {5,119} Private Key : {77,119}
Enter The Plain Text : 19
Encrypted keyword : 66
Enter the Cipher text : 66
Decrypted keyword : 19
 Practical No 4.

Aim:Writing program to implement SHA-1 algorithm.

The SHA hash functions are a collection of cryptographic hash functions designed by the
National Security Agency (NSA) of the US Govt. and published by the National Institute of
Standards and Technology (NIST), USA. Hash algorithms compute a fixed-length digital
representation (called message digest or signature or hash) of an input message of any length.
SHA-1 produces a message digest that is 160 bits long

A hash function is called secure when it is computationally infeasible to:

1) find a message that corresponds to a given hash, and

2) find two different messages that produce the same hash.

Also, any change to a message will most probably result in a different hash.

The implementations given here is in C / C++. It is given as an aid for beginners to get
acquainted with the algorithm and can be used as a base for actual implementation. The main
feature of this SHA-1 implementation is not efficiency; It is simplicity and readability.

#include<stdio.h>
#include<string.h>
#include<malloc.h>
#include<math.h>
#include<stdlib.h>
#define rotateleft(x,n) ((x<<n) | (x>>(32-n)))
#define rotateright(x,n) ((x>>n) | (x<<(32-n)))
void SHA1(unsigned char * str1)
{
unsigned long int h0,h1,h2,h3,h4,a,b,c,d,e,f,k,temp;
h0 = 0x67452301;
h1 = 0xEFCDAB89;
h2 = 0x98BADCFE;
h3 = 0x10325476;
h4 = 0xC3D2E1F0;
unsigned char * str;
str = (unsigned char *)malloc(strlen((const char *)str1)+100);
strcpy((char *)str,(const char *)str1);
int current_length = strlen((const char *)str);
int original_length = current_length;
str[current_length] = 0x80;
str[current_length + 1] = '\0';
char ic = str[current_length];
current_length++;
int ib = current_length % 64;
if(ib<56)
ib = 56-ib;
else
ib = 120 - ib;
for(int i=0;i < ib;i++)
{
str[current_length]=0x00;
current_length++;
}
str[current_length + 1]='\0';
for(i=0;i<6;i++)
{
str[current_length]=0x0;
current_length++;
}
str[current_length] = (original_length * 8) / 0x100 ;
current_length++;
str[current_length] = (original_length * 8) % 0x100;
current_length++;
str[current_length+i]='\0';
int number_of_chunks = current_length/64;
unsigned long int word[80];
for(i=0;i<number_of_chunks;i++)
{
for(int j=0;j<16;j++)
{
word[j] = str[i*64 + j*4 + 0] * 0x1000000 + str[i*64 + j*4 + 1] * 0x10000 + str[i*64 + j*4 + 2]
* 0x100 + str[i*64 + j*4 + 3];
}
for(j=16;j<80;j++)
{
word[j] = rotateleft((word[j-3] ^ word[j-8] ^ word[j-14] ^ word[j-16]),1);
}
a = h0;
b = h1;
c = h2;
d = h3;
e = h4;
for(int m=0;m<80;m++)
{
if(m<=19)
{
f = (b & c) | ((~b) & d);
k = 0x5A827999;
}
else if(m<=39)
{
f = b ^ c ^ d;
k = 0x6ED9EBA1;
}
else if(m<=59)
{
f = (b & c) | (b & d) | (c & d);
k = 0x8F1BBCDC;
}
else
{
f = b ^ c ^ d;
k = 0xCA62C1D6;
}
temp = (rotateleft(a,5) + f + e + k + word[m]) & 0xFFFFFFFF;
e = d;
d = c;
c = rotateleft(b,30);
b = a;
a = temp;
}
h0 = h0 + a;
h1 = h1 + b;
 Practical No. 5

Aim:Writing program to implement AES algorithm.

import java.security.MessageDigest;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.IvParameterSpec;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class AES {

static String IV = "AAAAAAAAAAAAAAAA";
static String plaintext = "test text 123\0\0\0"; /*Note
null padding*/
static String encryptionKey = "0123456789abcdef";
public static void main(String [] args) {
try {

System.out.println("==Java==");
System.out.println("plain: " + plaintext);

byte[] cipher = encrypt(plaintext, encryptionKey);

System.out.print("cipher: ");
for (int i=0; i<cipher.length; i++)
System.out.print(new Integer(cipher[i])+" ");
System.out.println("");

String decrypted = decrypt(cipher, encryptionKey);

System.out.println("decrypt: " + decrypted);

} catch (Exception e) {
 e.printStackTrace();
}
}

public static byte[] encrypt(String plainText, String

encryptionKey) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding",
"SunJCE");
SecretKeySpec key = new
SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES");
cipher.init(Cipher.ENCRYPT_MODE, key,new
IvParameterSpec(IV.getBytes("UTF-8")));
return cipher.doFinal(plainText.getBytes("UTF-8"));
}

public static String decrypt(byte[] cipherText, String

encryptionKey) throws Exception{
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding",
"SunJCE");
SecretKeySpec key = new
SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES");
cipher.init(Cipher.DECRYPT_MODE, key,new
IvParameterSpec(IV.getBytes("UTF-8")));
return new String(cipher.doFinal(cipherText),"UTF-8");
}
}
h2 = h2 + c;
h3 = h3 + d;
h4 = h4 + e;
}
printf("\n\n");
printf("Hash: %x %x %x %x %x",h0, h1, h2, h3, h4);
printf("\n\n");
}
void main()
{
SHA1((unsigned char *)"The quick brown fox jumps over the lazy dog");
}
 Practical No 6.

AIM:- Configure and demonstrate use of IDS tool such as snort.

Theory: In this lab, we will use a Network Intrusion Detection System (NIDS) to detect attacks
through the network. Our tool of choice is Snort, an open source signature-based NIDS (remind
yourself about the differences between anomaly-based and signature-based intrusion detection
systems).
1) Architecture of IDS
2) Misuse based IDS
3) Anomaly based IDS
Note: Explain each of the above in detail.
Step 1: Install and configure snort
NOTE: Write down the steps for installation and configuration of snort for WindowsXP.
$sudo apt-get install snort Read the comments in /etc/snort/snort.conf carefully and pay attention
to the definition of variable HOME_NET and EXTERNAL_NET. Then try running Snort as
root: $sudo snort -c /etc/snort/snort.conf Watch the output carefully, and address any errors in
your config file. (Hint: some default .rules files contain deprecated format, try to comment those
files in the config file). Continue rerunning snort until you get it working correctly.
Step 2: Read about Snort's signature syntax in the Snort User's Manual. In particular, be sure to
review the metadata options reference and sid. Once you are somewhat familiar with the rule
language, read through some of the web attacks rules files. These are files named in the form
web-*.rules under /etc/snort/rules/. Follow the references listed in a few of the rules and read
about the type of attack the specific signatures are designed to detect. Now, select two web attack
signatures that seem straight-forward to understand. It would be simpler if you select a signature
that looks for "evil" data in an HTTP URL string. Log into your Windows server and open a
browser. Based on the documentation provided with the signature you have selected, attempt to
trigger the Snort signature by making a HTTP request to which contains an attack string which
should be detected. Next, verify in your Snort logs that your attack triggered an alert based on
that. (Hint:/var/log/snort/)

Step 3: Snort also allows us to write custom rules. Open the file /etc/snort/rules/local.rules and
add one rule that detects each visit to www.google.com that is made by the virtual machine. The
rule should look for any outbound TCP traffic that is going to port 80 and contains the pattern
"www.google.com" in the URL and trigger an alert when it gets a match. Give the rule an SID of
1000000 or higher. Then visit Google with a web browser and check if your rule triggered an
alert.
Questions: 1. In step 1, how did you modify the config file to make it work? 2. In step 2, describe
the two attack signatures you chose and explain the corresponding rules against them.
 Practical No 7.

AIM:- Configure and demonstrate use of Traffic monitoring tool such as Wireshark

You may know Wireshark as the „best network protocol analyzer in the world,‟ but do you know
how to use it? Being familiar with this popular tool can help you stand out on your resume, or
can help you go further in your current IT role as it has plenty of benefits for users.
“With more than 500,000 downloads a month, the IT industry has embraced Wireshark as the
go-to tool for network troubleshooting, optimization, and security,” says TechTarget. Sure, it‟s
important to be able to configure a TCP/IP network, but understanding the inner workings of a
network can set you apart as an in-demand network analyst.
What is a network packet analyzer?
A network packet analyzer (also known as a network analyzer, protocol analyzer or packet
sniffer) is a computer program or piece of computer hardware that can intercept and log traffic
that passes over a digital network or part of a network.
You could think of a network packet analyzer as a measuring device used to examine what‟s
going on inside a network cable. Without it, understanding a network communication exchange
would be almost impossible.
As a refresher, the network protocol is comprised of 7 layers, of which Wireshark deals with 2
through 7. Essentially, Wireshark can decode most well-known protocols. For a refresher, review
the OSI Model.
Why is Wireshark the best?
In the past, packet analyzers were very expensive or proprietary, but Wireshark has changed that.
Those with the ability to use this tool have become a highly demanded. Not to mention, it offers
a wide range of capabilities to those who utilize it.
According to the Wireshark website, “It [Wireshark] lets you see what‟s happening on your
network at a microscopic level and is the de facto standard across many commercial and non-
profit enterprises, government agencies, and educational institutions. Wireshark development
thrives thanks to the volunteer contributions of networking experts around the globe and is the
continuation of a project started by Gerald Combs in 1998.”
What is Wireshark used for?
On the surface level, network administrators use it to troubleshoot network problems, network
security engineers use it to examine security problems and developers use it to debug protocol
implementations. In general, it can be used to analyze network protocols.
To get more specific, I‟ll list some uses here:
1. Capture and analyze frames and packets so you can identify what‟s really happening on
your networks.
2. Gain insight about who or what is consuming the network resources and discover latency
details.
3. Verify by seeing the actual traffic such as protocols used, port and protocol numbers, header
types, addresses, payloads, and more.
4. Identify problems before users do using proactive analysis.
5. Watch network communications or capture login credentials.

See an example of Wireshark in action, here:

Keep in mind that Wireshark is not an intrusion detection system and cannot manipulate things
on the network; it simply measures them.

Why should I learn Wireshark?

The need for highly skilled analysts with Wireshark knowledge is crucial for organizations who
need to understand the inner workings of their networks. When a network problem can‟t be
solved, “you can be „that person‟ who has taken the time to learn Wireshark and can now apply
the skills to quickly capture and analyze the traffic in question.”
Network traffic can actually be engaging to dissect, like Sudoku or a puzzle; not to mention with
all its‟ features, it can make your job much easier.

How can I learn Wireshark?

Sure, there are plenty of online tutorials, but if you really want to become a „Wireshark Guru,‟
and truly learn the different capabilities of this tool, we recommend learning step-by-step with
the Introduction to Wireshark Hands-On Lab. While other tutorials may show and tell you about
the tool, this Wireshark lab walks you through the steps to perform the tasks yourself so you can
learn by doing.

What is a virtual lab?

Virtual labs are pre-configured hardware layouts with accompanying lab guides for fast,
convenient access that make studying for an exam or learning new technologies an engaging
experience. Develop your comprehensive IT skills in a safe, working environment without the
need to invest in your own hardware and software.
 Practical Training on the Latest Industry Technology
 Real Equipment, No Simulations
 6 Month Unified Access Available on Any Device
 No Hardware or Licensing Costs

What will I learn in this lab?

If you are ready to lead proactive analysis of networks and solve ever-changing puzzles related
to packets and users, this is the ideal skill enhancement tool for you.
Because there is always something new to learn from the packets flowing through a network,
most IT professionals get a thrill out of using Wireshark. In this lab, you will learn how to install
and customize Wireshark, as well as how to work with and analyze captured traffic. The modules
cover common ports and protocols, Wireshark functionality and packet sniffing using this tool.
Lab exercises include:
 Understand Common Ports and Protocols
 Installing Wireshark
 Wireshark Functionality
 Customizing Wireshark
 Working with Captured Traffic
 Analyzing Captured Traffic
 Analyzing Protocols
 Packet Sniffing with Wireshark

To Summarize
Wireshark is a popular network packet analyzer that has a variety of benefits to those who use it.
Learning the various capabilities of Wireshark makes you a more desirable professional, and is
now easier than ever to learn with the Introduction to Wireshark Hands-On Lab, found in the
Cybrary catalog.
 Practical No 8.

AIM:- Configure and demonstrate use of vulnerability assessment tool such as OpenVAS

• OpenVAS (Open Vulnerability Assessment System, originally known as GNessUs) is

a software framework of several services and tools offering vulnerability scanning
and vulnerability management.
• All OpenVAS products are free software, and most components are licensed under
the GNU General Public License(GPL). Plugins for OpenVAS are written in the Nessus
Attack Scripting Language, NASL.
• OpenVAS began under the name of GNessUs, as a fork of the previously open
source Nessus scanning tool, after its developers Tenable Network Security changed it to
a proprietary (closed source) license in October 2005.[2] OpenVAS was originally
proposed by pentesters at Portcullis Computer Security[3] and then announced[4] by Tim
Brown on Slashdot.
• OpenVAS is a member project of Software in the Public Interest.

• OpenVAS Vulnerability Scan

• The OpenVAS scanner is a comprehensive vulnerability assessment system that can
detect security issues in all manner of servers and network devices. Use this hosted
version of the OpenVAS software to easily test your Internet infrastructure.
• Results will be delivered to your email address for analysis; allowing you to start re-
mediating any risks your systems face from external threats.

• The primary reason to use this scan type is to perform comprehensive security testing of
an IP address. It will initially perform a port scan of an IP address to find open services.
Once listening services are discovered they are then tested for known vulnerabilities and
mis-configuration using a large database (more than 53000 NVT checks). The results are
then compiled into a report with detailed information regarding each vulnerability and
notable issues discovered.

• Once you receive the results of the tests, you will need to check each finding for relevance
and possibly false positives. Any confirmed vulnerabilities should be re-mediated to ensure
your systems are not at risk.
Vulnerability scans performed from externally hosted servers give you the same perspective as
an attacker. This has the advantage of understanding exactly what is exposed on external facing
services.

How does the OpenVAS scan work?

1. Enter the target to scan

• Depending on what you are testing the target could be a fully qualified host name, an IP
address or a range of IP addresses (range scanning is only available on PRO and
BUSINESS plans and allows up to 254 addresses to be scanned at a time).

• 2. Select scan type

• Multiple options are available depending on the type of system to be tested.

• Full Scan for a full test of network, server and web application vulnerabilities.

• Web Server Scan a more focused test for web server and web application vulnerabilities.

• WordPress Scan testing for known WordPress vulnerabilities and web server issues.

• Joomla Scan testing for known Joomla vulnerabilities and web server issues.

• 3. Click on the start button

• Testing will begin and the target system will be probed in order to discover vulnerabilities
that could place the system at risk of compromise. Results will be delivered to your
registered email address within 10 - 60 mins depending on the scan type and number of
target systems to be tested.

• Sample OpenVAS Reports

• These OpenVAS test scans were conducted a number of different systems to show a wide
range of discovered vulnerabilities.

Test Server
In this report you can see the customer PDF report. Build your own report with the raw HTML
results.

Windows 7
In this test the firewall has been disabled. Multiple issues discovered including MS17-010.
Metasploitable
This target is a deliberately insecure system. It is used for testing and has many critical
vulnerabilities.

• Technical details of the scan configuration

• A number of high end Virtual Private Servers (VPS) are hosting OpenVAS 8. The
NVT's or vulnerability database is updated daily, using the open source signature feed.
 • OpenVAS is configured to run using batch mode and the OMP command line client. The
scan is a "Full and Fast Scan". External NASL wrappers
for Nikto, Dirbuster, Arachni and wapiti have been disabled. This gives a good balance
of testing thousands of vulnerabilities while keeping the speed and reliability of the scan
solid as you would expect in an automated vulnerable scan. We have our
standalone Nikto security scanner available for a focused web server scan.

• If you are technically minded; an interesting way to develop your understanding of

different scanners and tools such as OpenVAS is to run a packet capture whilst the scan
is running. Using tcpdump or Wireshark can reveal details of the tests that are being
performed, and you can closely monitor what is happening on your system and network.

• OpenVAS has a thriving community, with contributions from both individuals and
corporations from all over the world