Research And Implementation Of Vulnerability Scanning System Base On NASL

With the development of computer technology and its wide range of application, more and more people are relying on the Internet, which germinates a large number of small and medium start-ups. A large number of traditional industries gradually shift to the Internet. Thus, cyber threats have a greater impact on people than before. Emerging network attacks on individuals and businesses had a serious impact. Therefore, network security has become a hot topic today, to study how to reduce threats of network faced by individuals and enterprises is of great significance. Especially in a large number of small and medium enterprises in the Internet start-ups, these companies of start-up stage, which lacking of experience with the specification of network security management, are facing particularly severe problems. The network vulnerability scanning tool, which is ideal for enterprise network environment, is easy to deploy and update. It allowing the network administrator found the vulnerabilities which could be exploited by Hacker before the attack occurred in the system.Then network administrator can adopt appropriate remedial measures to prevent attacks from happening. Therefore, the vulnerability scanning based on network can protect security of enterprise network well. And become a hot topic in network security research today.In this thesis, we launched the research of network-based scanning, multi-threaded technology, plug-in mechanism and NASL script to design and implement a vulnerability scanning system based NASL. The system has high extendibility, not only to find the information of the host and port service, but also to detect the vulnerability in system. Finally, we achieve the purposes of protection of small and medium enterprise’s network. The main work is:(1) Vulnerability and vulnerability detection technology analysis. This thesis briefly introduces the theoretical concepts of vulnerabilities, then analysis the key technologies of this system, focused on ICMP scanning, vulnerability detecting technology, operating systems detecting technology, and port scanning technology, finally summarizes and contrast its technical features.(2) Design and implementation the system. Discuss System overall structure design base on analysis of the key technologies.Then discuss the detailed design of the overall design and implementation of each module.(3) Test and validation of the system. Design test cases to test the functionality and performance of the system. The results demonstrate that the system can effectively detect the vulnerability of a host. Verify that the implementation of the system achieved the desired design goals.Finally, the thesis finish design and implementation of vulnerability scanning system base on NASL.The system have greater performance then other open-source software, reaching the goal of the subject. So, this subject has extensive application prospect and reference value for implementation of similar system.