Research And Optimization Of Vulnerability Scanning System Based On Nessus

With the popularization and development of informatization,the Internet has greatly changed social life and development,but the security problems that accompany it have also intensified.According to statistics,security vulnerabilities have caused many network security problems.As an important technology for network security detection,vulnerability scanning technology can detect whether the network environment is safe through automated detection methods.However,traditional vulnerability scanning systems in the market have many deficiencies.For example,most of them use the standalone mode,and even some scanning systems have disadvantages such as slow scanning speed,limited loading speed,and redundant reporting.Cloud computing,as a product in the context of the Internet era,provides a new solution for vulnerability scanning: security as a service.Cloud security is to provide security vulnerability scanning services to the required users through the dynamically scalable resources of the cloud computing platform,which can solve the problem of high computing costs and reduce the user's operation difficulty.In addition,this thesis studies the traditional vulnerability scanning technology and the new vulnerability scanning technology based on it,and analyzes the Nessus scanner with high scanning efficiency in the current market.Nessus is a powerful and widely used network vulnerability scanning system,so it has great practical value for the research and optimization of Nessus.The study found that Nessus' s scanning efficiency and practicality have its own advantages,but there are also some shortcomings,including its single server,slow scanning speed,difficult plug-in loading,report redundancy,and so on.Aiming at the shortcomings of a single Nessus scanner,this thesis designs a set of vulnerability scanning system based on the Nessus scanner,deployed in the cloud platform and using the characteristics of the elastic resources of the cloud platform virtual machine.The system mechanism fully takes into account various factors such as load imbalance caused by the actual situation of vulnerability scanning during the execution process,and effectively implements the scheduling of vulnerability scanning tasks,which can meet the customization needs of users and maximize the use of resources,and Optimize these aspects.This thesis first studies cloud security,vulnerability scanning technology and related task scheduling algorithms,analyzes the working process and vulnerability scanning technology of the vulnerability scanner in the system,and the cloud platform virtualization technology on which the system is deployed.According to the analysis of existing functional and non-functional requirements,the overall architecture of the system and the overall summary design of the main functional modules are proposed,and each module is designed and implemented in detail,including user rights management,scanning task management,platform engine management,and missing scanning tasks The main modules of scheduling,host detection scanning,missing scan report management,etc.Finally,in the laboratory cloud platform environment,the main management module of the system was tested for functions and performance.According to the relevant test indicators,the test results showed that the vulnerability scanning system met the expected design goals.