Design And Implementation Of OpenVAS Based Vulnerability Scanning System

With the rapid development of network technology, digital and information technology becomes one of the contemporary theme in people's production and life, more and more enterprises moving the traditio nal business and service to the Internet, network is not only brings convenient to people but also produces a new security problem. Nowadays, all kinds of software products and services security vulnerabilities emerge in endlessly, hackers can easily get the information they want by security vulnerability, so how to protect the safety of network is becoming the focus of people.Common security products such as firewalls and antivirus software are usually in the will to passive defense against attack, these products is weak for potential vulnerabilities in the network environment. Vulnerability scanning system scans the objects like the network environment, operating system and application software in order to find the potential vulnerability. Then the system will give the solution to the vulnerability and guide administrator to repair the vulnerability. So, vulnerability scanning system can fix security vulnerabilities before the damage happened to the enterprise, and ensure the safety of enterprise network environment.First of all, this paper introduces the definition and harm of common security vulnerabilities, and analysis the principle of a variety of vulnerability scanning technology combined with different kinds of vulnerability, then gives the common vulnerability repair methods. At present, the mainstream vulnerability scanning products on the market are difficult to deal with security vulnerabilities emerge in endlessly, they usually are weak in updating the vulnerabilities. For this reason, this paper proposes a vulnerability scanning system based on Open VAS, its characteristics is the plug- in which had implemented the specific security vulnerabilities of matching rules. The system is not only meet the regular vulnerability scanning function, but also have the advantage in updating the plugin library and matching rules, improve the updating speed of vulnerability. Then, introduces the common network topology for corporate users, analysis some part which is threated by the security vulnerability, obtained the vulnerability scanning system's functional requirements and performance requirements. According to user requirements, the system is divided into four modules by the functions and responsibilities, those modules are host detection module, system setting module, report module. Host detection module is to obtain the target's basic information like operating system type, application services. The function of the task management module is based on the task of the basic unit to implement the control of the scanning process. System settings module is used to configure management system. Report module is used to generate the document according to the results of the task mission statements. Using the use case diagram to described each module. The vulnerability scanning system overall design framework is given according to the advantage of Open VAS open source framework and user requirements. Then the design and implementation of each module.is given. Finally, the test network environment is set up, the test cases and test plans of each module are designed according to the functions. The result shows that vulnerability scanning system has achieved the expected function.