Professional Documents
Culture Documents
(PDF) COMPARATIVE ANALYSIS OF SECURITY VULNERABILITY SCANNERS (NESSUS AND OpenVAS) IN CLOUD ENVIRONMENT
(PDF) COMPARATIVE ANALYSIS OF SECURITY VULNERABILITY SCANNERS (NESSUS AND OpenVAS) IN CLOUD ENVIRONMENT
September 2023
0
Master’s Thesis
Main Report
ABSTRACT
As cloud computing continues to gain prominence in modern IT infrastructure,
ensuring the security of cloud-based systems becomes a critical concern.
Vulnerability scanning plays a pivotal role in identifying security weaknesses and
potential threats within cloud environments. This thesis compares two popular
vulnerability scanners, Nessus, and OpenVAS, specifically tailored for the cloud
environment. This research aims to evaluate and compare the effectiveness,
performance, and feature sets of Nessus and OpenVAS in identifying
vulnerabilities within cloud-based systems.
Both scanners were evaluated for their effectiveness and accuracy in detecting
known vulnerabilities. Nessus and OpenVAS exhibited competency in identifying
these vulnerabilities, showcasing their relevance in safeguarding cloud
environments from prevalent risks.
University of Bolton 1
Master’s Thesis
Main Report
ACKNOWLEDGEMENTS
My heartfelt appreciation goes to my parents, Mr. and Mrs. Toyin for their
boundless encouragement, unwavering belief in my abilities, and the constant
motivation that propelled me forward during challenging times.
I am deeply grateful to CSP. AKA Shittu and Opeyemi Oriola for their generous
financial assistance. Your contributions alleviated the financial burden and
allowed me to fully immerse myself in my studies, focusing on the research that
has led to this dissertation.
To my friends who stood by me, Davison Isesele, Austin Orumwense and Musa
Rukayat for their unwavering camaraderie, engaging discussions, and moral
support have been a source of positivity and inspiration.
University of Bolton 2
Master’s Thesis
Main Report
Table of Contents
List of Tables ...................................................................................................... 8
List of Appendices .............................................................................................. 9
List of Abbreviations ......................................................................................... 10
CHAPTER 1. Introduction ............................................................................ 11
Background and Context .............................................................................. 11
Nessus .......................................................................................................... 32
OpenVAS ...................................................................................................... 34
Summary ...................................................................................................... 38
CHAPTER 3. Methodology........................................................................... 39
University of Bolton 3
Master’s Thesis
Main Report
CHAPTER 4. Implementation....................................................................... 51
Cloud Environment Setup ............................................................................. 51
Recommendation .......................................................................................... 72
Reflection ...................................................................................................... 74
References ....................................................................................................... 76
BIBLIOGRAPHY............................................................................................... 78
Appendix .......................................................................................................... 80
University of Bolton 4
Master’s Thesis
Main Report
University of Bolton 5
Master’s Thesis
Main Report
LIST OF FIGURES
Figure 1-1 Vulnerability Scanner System Illustration ........................................ 12
Figure 2-1 Threats in the Cloud Environment ................................................... 26
Figure 2-2 How a vulnerability scanner works .................................................. 27
Figure 2-3 OpenVAS vs. Nessus: Tabular Comparison (Hoffman, 2023) ........ 37
Figure 3-1 Research Design............................................................................. 40
Figure 3-2 Implementation Flow Chart ............................................................. 41
Figure 3-3 Research Flow .............................................................................. 42
Figure 4-1 Aws Account Setup ......................................................................... 51
Figure 4-2 Virtual Private Cloud (VPC) ............................................................. 52
Figure 4-3 Subnet Configuration ...................................................................... 52
Figure 4-4 Key Pair .......................................................................................... 53
Figure 4-5 Security Groups .............................................................................. 54
Figure 4-6 Dashboard _ EC2 Management Console ........................................ 55
Figure 4-7 EC2 Instances ................................................................................. 55
Figure 4-8 Nessus Host OS.............................................................................. 56
Figure 4-9 Nessus Initialisation ........................................................................ 56
Figure 4-10 Nessus Account ............................................................................ 57
Figure 4-11 Nessus Home ............................................................................... 57
Figure 4-12 Nessus Scan Settings ................................................................... 58
Figure 4-13 Nessus Scan Credentials .............................................................. 58
Figure 4-14 Nessus Scan Type ........................................................................ 59
Figure 4-15 Nessus Scan List .......................................................................... 59
Figure 4-16 OpenVAS welcomes ..................................................................... 60
Figure 4-17 OpenVAS SSL .............................................................................. 60
Figure 4-18 OpenVAS Home............................................................................ 61
Figure 4-19 OpenVAS IP Target Config ........................................................... 61
Figure 4-20 OpenVAS SSH .............................................................................. 62
Figure 4-21 OpenVAS Target Config ............................................................... 62
Figure 4-22 OpenVAS Task ............................................................................. 63
Figure 4-23 Incoming / Outgoing Rules ............................................................ 65
Figure 4-24 AWS Bill ........................................................................................ 65
University of Bolton 6
Master’s Thesis
Main Report
University of Bolton 7
Master’s Thesis
Main Report
LIST OF TABLES
University of Bolton 8
Master’s Thesis
Main Report
LIST OF APPENDICES
Appendix A: Detailed Configuration Steps for Nessus
Appendix B: Detailed Configuration Steps for Nessus
Appendix C: Detailed Configuration Steps for OpenVAS
Appendix D: Test Cases and Vulnerabilities Used in the Study
Appendix E: Performance Metrics and Evaluation Results
University of Bolton 9
Master’s Thesis
Main Report
LIST OF ABBREVIATIONS
API - APPLICATION PROGRAMMING INTERFACE
IP - INTERNET PROTOCOL
IT - INFORMATION TECHNOLOGY
OS - OPERATING SYSTEM
University of Bolton 10
Master’s Thesis
Main Report
CHAPTER 1. INTRODUCTION
Information system attacks and security lapses are happening more frequently
and with more sophistication. Before being exploited by attackers, security flaws
must be found and proactively fixed by businesses (Savaglia, J. and Wang, P,
2017).
University of Bolton 11
Master’s Thesis
Main Report
Organizations can quickly discover and resolve possible security threats in their
network infrastructure by automating the vulnerability detection and remediation
process using a vulnerability scanner such as Nessus and OpenVAS, which
lowers the risk of data breaches and other security events.
University of Bolton 12
Master’s Thesis
Main Report
Specific Objectives
Specifically, this research aims to achieve the following objectives.
University of Bolton 13
Master’s Thesis
Main Report
University of Bolton 14
Master’s Thesis
Main Report
Research Questions
• How do the scanning capabilities of Nessus and OpenVAS compare in
terms of their ability to detect vulnerabilities in cloud instances?
• What is the accuracy and effectiveness of Nessus and OpenVAS in
detecting known vulnerabilities in cloud deployments?
• How do the reporting capabilities of Nessus and OpenVAS differ in
generating comprehensive and actionable vulnerability assessment
reports specific to cloud environments?
• How do they differ in terms of ease of integration and interoperability?
• What are the user-friendliness and ease of management of Nessus and
OpenVAS in cloud deployments? How do they compare in terms of
installation, configuration, and ongoing maintenance?
University of Bolton 15
Master’s Thesis
Main Report
Thesis Organisation
This report is organised into the following chapters.
University of Bolton 16
Master’s Thesis
Main Report
Chapter 3: Methodology
This chapter presents the methodology employed in the research project on the
comparative analysis of security vulnerability scanners Nessus and OpenVAS in
cloud environments. The chapter also discusses the testbed setup, selection of
evaluation criteria, and ethical considerations.
Chapter 4: Implementation
This chapter delves into the practical aspects of the project by detailing how to
set up the cloud environment and configure both NESSUS and OpenVAS. also
explain the specific scanning policies and configurations used, as well as any
data collected during the implementation process. Additionally, this chapter
addresses the difficulties faced and the solutions employed to ensure the
successful execution of the project.
Chapter 5: Result
This chapter presents the overall conclusion drawn from the comparative analysis
of security vulnerability scanners Nessus and OpenVAS in cloud environments.
It summarizes the key findings from Chapter 4 and discusses their implications.
Based on the findings, this chapter also provides recommendations for
organizations seeking to select a vulnerability scanner for their cloud-based
deployments.
University of Bolton 17
Master’s Thesis
Main Report
Introduction
Cloud environments introduce unique security challenges, such as shared
resources, multi-tenancy, and dynamic scalability. Security vulnerability scanners
play a vital role in mitigating these challenges by identifying vulnerabilities in
cloud-based systems. Before going into the specifics of the approaches
suggested in this dissertation, an overview of some key ideas is explored. It's no
surprise that there is several Vulnerability Scanning software, there are numerous
vulnerability scanner tools available in the market, both commercial and open-
source, offering a range of features and capabilities such as Nessus, OpenVAS,
Qualys, Rapid7 Nexpose, and many more. The requirement for automation,
scalability, accuracy, and integration with changing technology landscapes has
spurred the evolution of vulnerability scanners, which has been influenced by the
threat landscape's constant change and technological advancements.
University of Bolton 18
Master’s Thesis
Main Report
University of Bolton 19
Master’s Thesis
Main Report
Chalvatzis et al., 2020 4 Experimental Developed a framework for No Comparative Provides a complete
suitable setup and usage of analysis as the setup and
virtual machines making risk research focuses on analysis of the
analysis practical and the risk assessment proposed tools
capable of comparing
different vulnerability
scanners
Xia, Y., Liu, C. and Yu, K., 3 Qualitative Design and Implementation Focus more on Implementation of
2020 of Vulnerability Scanning OpenVAS only, OpenVAS
Tools Nessus was not
discussed
do Castelo, V., 2021 4 Qualitative Performance Assessment of Focused on the Technical Features
Free-to-Use Vulnerability accuracy and were compared and
Scanners precision analysed
Arambatzis, T., Lazaridis, I. 5 Experimental the comparison and Limited to the number Comparison and
and Pouros, S., 2015 analysis of vulnerabilities in of Operating Systems, analysis of
modern Windows OS no recent OS was vulnerabilities in
used modern Windows
operating
systems
University of Bolton 20
Master’s Thesis
Main Report
Chikohora, E. & Mogomeli, L. 2 Qualitative Impact of Network No Specific Impact of Vulnerability
2021 Vulnerability Vulnerability Scanner Scanner
Scanners on Network was used
Security
Aksu, M.U., Altuncu, E. and 3 Qualitative analyse OpenVAS from No in-depth OpenVAS is analysed
Bicakci, K., 2019 a usable security Knowledge of
perspective Vulnerability scanner
Shahid, J., Hameed, M.K., 1 Qualitative Comparison of Selected Insufficient Skills for Quality of a web
Javed, I.T., Qureshi, K.N., Ali, Web Assessment Tools Exploitation application scanner
M. and Crespi, N., 2022
Antrobus, R., Frey, S., Green, 1 Experimental Specialised Vulnerability No deep analysis was Nessus tool was one
B. and Rashid, A., 2016 Scanner for Industrial performed of the tools compared
Control Systems
Chen, A. and Zhang, Z., 2021 2 Qualitative Credential and non- No comparison with Nessus Scanner was
credential vulnerability other tools used to scan the host
scanning was the study
University of Bolton 21
Master’s Thesis
Main Report
Literature Review
Holm et al. (2011) examine if platforms utilised affect how reliably automated
vulnerability scanning identifies vulnerabilities in computer networks. For seven
different scanners, comparisons of the functionality on a qualitative and
quantitative level, as well as of false positives and false negatives, are made. The
study demonstrates how effectively automated vulnerability scanners function
when it comes to discovering security issues in a network and focuses on the
direct output of automated scans about the vulnerabilities they identify. Given that
user credentials are accessible for the hosts in your network, the results show
that a vulnerability scanner is a useful tool to have in your security toolbox.
However, manual work is required in addition to automated screening to obtain
adequate accuracy regarding network security issues.
The comparison of Simatic Scan and Nessus shows the potential benefits of
hybrid IT/OT approaches, especially when used in conjunction with already-
existing general-purpose systems like Nessus (Antrobus et al., 2016). A
SHODAN search of the three PLCs used in the evaluation was conducted by the
researcher to further demonstrate the significance of such specialised systems.
141 S7-1200, 40 S7-300, and 14 ET 200SP PLCs connected to the worldwide
internet were also found. The danger from any unpatched or previously
discovered vulnerabilities in these PLCs is high. By identifying vulnerabilities with
specialised tools like Simatic Scan, such risks can be reduced by Antrobus et al.
(2016)
University of Bolton 22
Master’s Thesis
Main Report
Aksu et al. (2019) conducted both expert and user-based testing to assess the
usability of OpenVAS 9.0, a popular open-source vulnerability detection tool.
While 10 cybersecurity professionals are chosen to participate in the user-based
testing, expert-based testing is carried out using heuristic analysis and cognitive
walkthrough techniques. As a result, they spot potential hazards that could result
in insecurity or a delusion of security and offer solutions to avoid them. They also
talk about how well the techniques used for usability testing work. Finally, a
collection of heuristics built from prior work and customised for their application
is offered for reuse in future research.
Chalvatzis et al. (2019) in the same year as Aksu, M.U., Altuncu, E. and Bicakci,
the objective is to offer a virtual machine-based testing framework for the
effectiveness of vulnerability scanners used in organisations, with an emphasis
on small and medium-sized ones. Based on the experimental evaluation
framework with virtual machine testing that is presented here, this paper also
compares three of the most well-known free vulnerability scanning solutions
(Nessus, OpenVAS, and Nmap Scripting Engine) in terms of how well-known they
can be used to automate the process of risk assessment in an organisation.
Xia et al. (2020) examine the current state of the industrial control system network
for intelligent substations as well as the major issues with current security
measures. A vulnerability scanning system based on OpenVAS is created after
the characteristics of the intelligent substation industrial control network are
analysed. The vulnerability scanning system performs and functions better than
the original vulnerability scanning system, which significantly enhances system
security and lowers system risk
Chalvatzis et al. (2020) before his research in 2019 offered a virtual machine-
based testing framework for the effectiveness of vulnerability scanners used in
organisations, this research report's objective is to offer a realistic, all-inclusive
framework based on virtual machines for evaluating the machine-based
performance of vulnerability scanners employed in such organisations, with an
emphasis on small and medium-sized ones, in the context of risk evaluation
analysis. This study also compares three popular free vulnerability scanners
University of Bolton 23
Master’s Thesis
Main Report
(Nessus, OpenVAS, and Nmap Scripting Engine) in terms of how they might be
utilised to systematise the risk assessment process in an organisation. The
proposed methodology is centred on creating a framework for proper virtual
machine setup and usage, which enables risk analysis and allows for the
comparison of various vulnerability scanners.
Also, in 2022 deRito and Bhatia's (2022) goal is to address every aspect of using
these applications, including their usability, support options, scanner
effectiveness, mitigation guidance, and other operational data. In the end, a
thorough evaluation of each scanner will be offered, outlining its benefits and
drawbacks as well as the ideal applications for it. These findings are intended to
offer an educational perspective on which vulnerability scanner should be chosen
for an individual based on a practical examination and comparison.
Kejiou and Bekaroo (2022) This Research provides a careful overview and
analysis of the most important WLAN vulnerability scanners. Four tools—Nessus
Vulnerability Scanner, OpenVAS, Nexpose, and GFI LanGuard—are assessed
as part of the inquiry, and after actual use, insights are offered. The fact that
different vulnerability scanners handle various types and numbers of
vulnerabilities—and that some of them can be more granular than others, even
in terms of the user output—is one of the important conclusions. Additionally, the
scan time varied amongst tools and was unrelated to the number of vulnerabilities
found.
University of Bolton 24
Master’s Thesis
Main Report
Lastly, Khounborine (2023) investigates the many scanner categories and seeks
to make the difficult decision of choosing the best vulnerability scanner for a
person's needs easier by surveying and comparing vulnerability scanners. Before
delving into the vulnerability scanners on the market, background data is given
regarding the kinds of testing a vulnerability scanner may use and the many kinds
of vulnerability scanners accessible. The sorts of vulnerability scanners that were
most frequently discovered in the study are highlighted in this thesis, including
application scanners, database scanners, and network-based scanners. The
accuracy of two network scanners, OpenVAS, and Nessus is also compared in
this thesis, along with the results and their consequences.
University of Bolton 25
Master’s Thesis
Main Report
Figure 2-1 Threats in the Cloud Environment showcases some common threats
in a cloud environment and Data privacy options to secure the cloud, threats listed
below can cause data loss in cloud environments.
University of Bolton 26
Master’s Thesis
Main Report
(Erturk, 2017), Figure 2-2 How a vulnerability scanner works below illustrates how
a vulnerability scanner works (Tundis et al., 2018).
University of Bolton 27
Master’s Thesis
Main Report
University of Bolton 28
Master’s Thesis
Main Report
The scoring scale is shown in Table 2-2 Common Vulnerability Scoring System
(CVSS) (Mell et al., 2006).
CVSS-Based Severity
CVSS-based severity is determined by calculating a numerical score based on
various metrics, which helps organizations prioritize and respond to
vulnerabilities. CVSS versions 2 and 3 have different metrics and scoring
systems.
University of Bolton 29
Master’s Thesis
Main Report
Vulnerabilities with low impact, which might not pose a significant risk.
CVSSv3 also incorporates the concept of "attack vectors" and "attack complexity"
to provide a more detailed assessment of the vulnerability's context and potential
risk. (Spring et al., 2021)
Both CVSSv2 and CVSSv3 are extensively used for evaluating and
communicating the seriousness of vulnerabilities, with CVSSv3 being advised
because of its enhancements over CVSSv2, such as an emphasis on user and
environmental aspects that affect the total severity score. It is significant to
highlight that while the scoring scales offer a uniform method of evaluating
vulnerabilities, the actual interpretation and response to a vulnerability may vary
depending on the context and risk management procedures of the company. (Fall
and Kobayashi, 2019).
University of Bolton 31
Master’s Thesis
Main Report
Nessus
Nessus is a widely recognized and comprehensive vulnerability scanner
developed by Tenable. It is one of the most popular commercial vulnerability
assessment tools available in the market. Nessus is trusted by organizations
worldwide for its comprehensive scanning capabilities, extensive plugin
coverage, and robust reporting and analysis features. (Nessus, 2023) It helps
organizations identify vulnerabilities, prioritize remediation efforts, and strengthen
their overall security posture. (Jetty, 2018). Numerous research studies and
industry reports have cited Nessus as a fundamental tool in vulnerability
management and risk assessment. Its widespread adoption demonstrates its
significance in identifying security weaknesses across a diverse range of systems
and applications. Nessus offers significant value in the realm of cybersecurity; it
is important to consider both its positive aspects and areas for improvement:
Strengths:
University of Bolton 32
Master’s Thesis
Main Report
Limitations:
• Usability Complexity: While Nessus offers a wide array of features, its rich
functionality can make it complex to configure and use, particularly for less
experienced users.
Overall Assessment:
University of Bolton 33
Master’s Thesis
Main Report
OpenVAS
OpenVAS (Open Vulnerability Assessment System) is a widely used open-
source vulnerability scanner. Because OpenVAS is an open-source solution, it
offers enterprises wishing to conduct vulnerability assessments without paying
high licencing fees an affordable choice. It is a dependable option for vulnerability
scanning and evaluation thanks to its vibrant community and plugin development,
which provide continual upgrades and enhancements, The open-source nature
of OpenVAS makes it an attractive option for research and practical use. Studies
often highlight its role in vulnerability assessment, particularly in environments
where cost considerations are paramount. (Rahalkar et al., 2019). OpenVAS
offers valuable capabilities for organizations seeking cost-effective vulnerability
scanning, it is important to assess both its positive aspects and areas that might
require improvement:
Strengths:
University of Bolton 34
Master’s Thesis
Main Report
Limitations:
Overall Assessment:
University of Bolton 35
Master’s Thesis
Main Report
While both Nessus and OpenVAS share the common objective of identifying
vulnerabilities, they differ in terms of their licensing model, features, support, and
integration capabilities. Research comparing these two tools can shed light on
their respective strengths and limitations, guiding organizations in selecting the
most suitable vulnerability assessment solution based on their specific
requirements and constraints. Understanding these tools' capabilities and impact
on research and practice is crucial for informing effective vulnerability
management strategies.
University of Bolton 36
Master’s Thesis
Main Report
Table 2-4 Features Comparison below also shows some of the features that
Nessus and OpenVAS offer in comparison to each other (Web, 2019).
University of Bolton 37
Master’s Thesis
Main Report
Knowledge Gap
The knowledge gap in the comparative analysis of security vulnerability scanners
(Nessus and OpenVAS) in a cloud environment pertains to a lack of
comprehensive and up-to-date research that directly compares the performance,
effectiveness, and suitability of these two scanners within the unique context of
cloud computing. While both Nessus and OpenVAS are well-known vulnerability
assessment tools, there exists a need for in-depth research that specifically
examines their performance and capabilities within cloud environments.
Summary
According to the literature assessment, Nessus, and OpenVAS each have
advantages and disadvantages when used in cloud contexts. Various factors,
including the organization's budget, the complexity of the cloud infrastructure, and
the desired amount of customization, will determine which of the two scanners is
best for a given situation. The results of this assessment can be used by security
experts and cloud administrators to make knowledgeable judgments when
choosing a security vulnerability scanner for their cloud-based systems.
University of Bolton 38
Master’s Thesis
Main Report
CHAPTER 3. METHODOLOGY
3. Install and configure Nessus and OpenVAS within the cloud environment.
5. Perform vulnerability scans using both scanners and analyse the results.
Research Design
The research methodology for comparing security vulnerability scanners in a
cloud context will be described in this section. The research design offers a
blueprint for how the study will be carried out, outlining the general strategy, data
collection procedures, and analysis methodologies.
University of Bolton 39
Master’s Thesis
Main Report
scan
Report
scan
University of Bolton 40
Master’s Thesis
Main Report
Figure 3-1 Research Design succinctly showcases the research design, depicting
three instances set up on AWS EC2. Among these, two instances are equipped
with the Nessus scanner and OpenVAS respectively. These instances are
employed to conduct vulnerability scans on the third instance, designated as the
target host created for vulnerability assessment.
Start
Setup Cloud
Environment
Deploy
Nessus and
OpenVAS
Run
Vulnerability
Scan
Evaluate
Vulnerability
Detection
Collect
Performance
Metrics
End
Figure 3-2 Implementation Flow Chart illustrate the flow of operations involved in
scanning the cloud instances.
University of Bolton 41
Master’s Thesis
Main Report
University of Bolton 42
Master’s Thesis
Main Report
Figure 3-3 Research Flow illustrates the systematic sequence of steps and
activities undertaken during the research project.
Study Approach
Analysis Techniques
The collected data will be analysed using both quantitative and qualitative
analysis techniques. The specific analysis techniques to be employed include:
University of Bolton 43
Master’s Thesis
Main Report
Ethical Considerations
Ethical considerations will be considered throughout the research process. This
includes ensuring compliance with ethical guidelines regarding data collection,
privacy, and confidentiality. Additionally, any necessary permissions and
approvals will be obtained from relevant parties for conducting the research.
Overall, the research design will provide a structured and systematic approach to
carry out the comparative analysis of Nessus and OpenVAS in a cloud
environment. It will guide the data collection and analysis process, allowing for
meaningful and valid conclusions to be drawn.
Research Philosophy
Pragmatism fits in well with the objectives of this study, which are to offer useful
information and suggestions for choosing the best vulnerability scanner for
securing cloud systems. The need to address actual issues and come up with
workable solutions is emphasised by pragmatic thinking. Nessus and OpenVAS,
two widely used vulnerability scanners, will be compared in this context, and their
performance in a cloud setting will be evaluated. This has real ramifications for
businesses that rely on cloud services.
University of Bolton 44
Master’s Thesis
Main Report
Amazon Web Services (AWS) cloud platform will be selected for this research
because it supports the deployment of virtual machines and containers and
Considers factors like availability, pricing, and compatibility with the chosen
vulnerability scanners.
2. Account Setup:
Virtual machines (VMs) within the cloud platform emulate different components
of the cloud environment. Considering the following:
Implement appropriate access controls and security measures within the cloud
environment. This may include:
University of Bolton 45
Master’s Thesis
Main Report
Thoroughly validate and test the cloud environment to ensure its stability,
functionality, and compatibility with Nessus and OpenVAS. Verify that the VMs,
containers, and services are properly configured and can communicate with each
other. Once the cloud environment is set up and validated, it will serve as the
foundation for installing and configuring Nessus and OpenVAS, as well as
conducting the vulnerability scans and comparative analysis.
In this section, the process of installing and configuring Nessus, one of the
security vulnerability scanners, within the cloud environment will be described.
OWASP Security Shepherd will be used for the test case which will be installed
as the target OS to scan for vulnerabilities, OWASP Security Shepherd is a web
and mobile application designed to teach various security concepts. It offers
challenges to learn about common vulnerabilities and secure coding practices.
In this section, the performance metrics and evaluation criteria for assessing the
effectiveness of Nessus and OpenVAS in a cloud environment will be outlined.
Consider the following metrics and criteria for conducting the comparative
analysis:
• Compare the number of true positive and false positive findings for each
scanner.
University of Bolton 46
Master’s Thesis
Main Report
Reporting Capabilities:
University of Bolton 47
Master’s Thesis
Main Report
These performance metrics and evaluation criteria will help in comparing the
effectiveness, efficiency, and usability of Nessus and OpenVAS in the context of
vulnerability scanning within a cloud environment.
1. Data Collection:
• Execute the selected test cases using both Nessus and OpenVAS
scanners in the cloud environment.
• Run the scanners individually on the same set of test cases to ensure
a fair comparison.
2. Data Recording:
Data Analysis:
University of Bolton 48
Master’s Thesis
Main Report
• Calculate the average scan speed and resource utilization for both
scanners.
• Identify any patterns, trends, or anomalies in the data that may affect the
assessment of each scanner's performance.
Statistical Analysis:
Visualization:
• Utilize charts, graphs, and plots to present the findings clearly and
concisely.
• Interpret the analysed data and conclude the performance of Nessus and
OpenVAS in the cloud environment.
Documentation:
University of Bolton 49
Master’s Thesis
Main Report
The data collection and analysis process will provide empirical evidence and
insights into the performance of Nessus and OpenVAS in the cloud environment.
The findings will help in making informed decisions and recommendations
regarding the selection and implementation of vulnerability scanners in cloud
security practices.
University of Bolton 50
Master’s Thesis
Main Report
CHAPTER 4. IMPLEMENTATION
The first step in setting up the cloud environment was the creation of an AWS
account. An existing account was used, which was associated with appropriate
permissions to provision and manage AWS resources as shown in Figure 4-1.
IPv4 CIDR Block: A private IPv4 CIDR block was selected to define the IP
address range for the VPC – “192.168.0.0/24” as shown in Figure 4-2
University of Bolton 51
Master’s Thesis
Main Report
3. Subnet Configuration
Within the VPC, public and private subnets were created to segregate the
resources based on their accessibility from the internet. as shown in Figure 4-3
The following subnets were configured:
Public Subnet: The public subnet was associated with a route table that allowed
Internet access, enabling resources within this subnet to communicate with the
Internet.
Private Subnet: The private subnet was associated with a routing table that did
not have a direct internet gateway, providing an additional layer of security for
sensitive resources.
University of Bolton 52
Master’s Thesis
Main Report
4 Key Pair
Setting up a key pair is essential for securely accessing and connecting to
Amazon EC2 instances as shown in Figure 4-4. The key pair consists of two
parts: a public key and a private key. The private key should be kept secret and
never shared, while the public key is used to authenticate and access the EC2
instance. The Downloaded “samad-key. pem” .pem file was used to access the
remote desktop connections to the instances.
Security Groups were used to control inbound and outbound traffic to resources
within the VPC as shown in Figure 4-5. The following security groups were
created:
This group allowed inbound SSH (Secure Shell) access from specific IP
addresses for remote management purposes.
This group was used to restrict inbound traffic only to specific ports necessary for
the operation of the cloud resources.
Inbound Rule: The rule was configured to allow all inbound traffic
Outbound Rule:
Note: Allowing all traffic is not a best practice in setting up security groups
University of Bolton 53
Master’s Thesis
Main Report
Amazon Elastic Compute Cloud (EC2) instances were used to deploy virtual
machines in the cloud environment. Figure 4-6 shows the EC2 dashboard while
Figure 6-7 shows the instances created. The following steps were performed:
Instance Type: The EC2 instance type was chosen based on the resource
requirements and performance characteristics.
Instance Placement: Instances were deployed in both the public and private
subnets, depending on their intended use and accessibility.
University of Bolton 54
Master’s Thesis
Main Report
University of Bolton 55
Master’s Thesis
Main Report
Figure 4-8 below shows the IP address of the Nessus Host (KALI OS) with an IP
Address of 192.168.230.131
University of Bolton 56
Master’s Thesis
Main Report
Nessus is initialised in the Kali terminal with “systemctlm start nessusd” and its
status is confirmed with “systemctlm status nessusd” as shown in Figure 4-9
while Figure 4-10 shows the account settings.
University of Bolton 57
Master’s Thesis
Main Report
A New scan is Configured with the Target IP with a suitable name and a unique
description of the scan as shown in Figure 4-12 below.
Figure 4-13 shows the Credential Tab and the Authentication method.
University of Bolton 58
Master’s Thesis
Main Report
Figure 4-14Figure 4-14 above shows the scan type for the Discovery options to
discover all vulnerabilities
Figure 4-15 below shows the Scan List which is initiated by clicking on the play
button on the scan list.
University of Bolton 59
Master’s Thesis
Main Report
Figure 4-16 OpenVAS welcome this is a screenshot taken when the open vas is
successfully installed and configured.
Figure 4-17 OpenVAS SSL Due to the SSL certificate not being present for the
connection the interface shows a warning alerting me that the connection is not
private.
University of Bolton 60
Master’s Thesis
Main Report
Figure 4-18 OpenVAS Home shows the dashboard of the task and the
vulnerability Database.
Figure 4-19 OpenVAS IP Target Config The configuration and the scan policy
have been set
University of Bolton 61
Master’s Thesis
Main Report
Figure 4-21 OpenVAS Target Config The configurations and the scanning
parameters are been set before scanning.
University of Bolton 62
Master’s Thesis
Main Report
Scans were executed on the designated target hosts within the cloud
environment, and the scanners' progress and results were monitored. Scan
outputs, including vulnerability reports, were collected for further analysis and
comparison.
University of Bolton 63
Master’s Thesis
Main Report
Overall, the implementation phase provided the necessary groundwork for the
subsequent evaluation and analysis of NESSUS and OpenVAS in the cloud
environment. The next chapter will present the findings and discussions based
on the collected data and analysis.
Network Configuration:
Challenge:
Solution:
Ensured that the necessary firewall rules, security groups, and network settings
were correctly configured to allow communication between the vulnerability
scanner and the target systems. Configure appropriate routing and networking
rules to ensure seamless communication. i.e., the Network is set to allow all
incoming traffic and outgoing traffic in the same VPC
Figure 4-23 Incoming / Outgoing Rules shows the traffic allowed on the
VPCFigure 4-24 AWS Bill
University of Bolton 64
Master’s Thesis
Main Report
Resource Allocation:
Challenge:
University of Bolton 65
Master’s Thesis
Main Report
Solution:
Monitor the resource utilization of the scanners and adjust the resource allocation
as needed. Cloud providers often offer auto-scaling and resource management
tools that can help ensure that the scanners have the resources they need.
Challenge:
Solution:
Use IAM (Identity and Access Management) roles and permissions provided by
your cloud provider to grant necessary access to the scanners. Store credentials
securely using cloud-native secrets management services or encrypted key
stores as shown in. Figure 4-25 IAM Dashboard
University of Bolton 66
Master’s Thesis
Main Report
Vulnerability Detection:
Nessus Scanner successfully identified 769 vulnerabilities across the target
environment. Its extensive vulnerability database contributed to the
comprehensive detection of various security issues. While OpenVAS Detecting
404 vulnerabilities, OpenVAS exhibited a slightly narrower coverage compared
to Nessus. This may be attributed to differences in the vulnerability databases or
detection algorithms. Among the 769 vulnerabilities detected, 310 were identified
as common vulnerabilities shared with OpenVAS. This indicates a significant
overlap in their detection capabilities, Nessus Uniquely detected 459
vulnerabilities that were not found by OpenVAS. This suggests that Nessus might
excel in identifying certain types of vulnerabilities or have a more expansive
vulnerability database as shown in Table 5-1 Vulnerability Detected below
1 4 1
2 22 11 Low
3 5 3
4 65 34
5 85 80 Medium
6 112 57
7 129 60
High
8 66 10
9 37 18
Critical
10 38 17
University of Bolton 67
Master’s Thesis
Main Report
Figure 5-1 Result by Number of Vulnerabilities and Figure 5-2 Pie Chart
Comparison shows the scan differences by chart
Result by CVSS
250
200
150
100
50
0
0 1 2 3 4 5 6 7 8 9 10
2 2
4% 4%
3 3
34% 42%
1 2 3 4 5 1 2 3 4 5
University of Bolton 68
Master’s Thesis
Main Report
Low 31 15
High 195 70
Critical 75 35
300
250
200
150
100
OpenVAS
50
NESSUS
0
Info Low Medium High Critical
NESSUS OpenVAS
University of Bolton 69
Master’s Thesis
Main Report
Scanning Duration
Nessus exhibited a longer scanning time of 180 minutes, which allowed for a
more thorough exploration of the target environment and in-depth vulnerability
detection. OpenVAS, with a scanning time of 120 minutes, demonstrated its
efficiency in identifying vulnerabilities within a shorter duration. as shown in
Figure 5-4 Scanning Duration
Scan Speed
120
180
OpenVAS NESSUS
Reporting Capabilities
Both Nessus and OpenVAS aim to provide users with comprehensive and
customizable reporting capabilities to effectively communicate vulnerability
information and guide remediation efforts. (khounborinne, 2023)
University of Bolton 70
Master’s Thesis
Main Report
Conclusion
The assessment of vulnerability scanning capabilities encompassing network
scanning, web application scanning, and configuration assessment revealed that
Nessus excels in uncovering a broader spectrum of vulnerabilities, demonstrating
its prowess in comprehensive analysis. Meanwhile, OpenVAS's shorter scanning
time offers a compelling advantage for time-sensitive scenarios, ensuring swift
insights into potential risks, which is particularly valuable for agile cloud
operations.
Both scanners were evaluated for their effectiveness and accuracy in detecting
known vulnerabilities, including common threats like SQL injection, XSS, and
insecure configurations. Nessus and OpenVAS exhibited competency in
identifying these vulnerabilities, showcasing their relevance in safeguarding cloud
environments from prevalent risks.
University of Bolton 71
Master’s Thesis
Main Report
Recommendation
Based on the comprehensive comparative analysis conducted between Nessus
and OpenVAS. Organizations seeking an effective security vulnerability scanner
should consider a thorough evaluation tailored to their specific requirements and
infrastructure. To facilitate an informed decision-making process, I recommend
undertaking a comprehensive comparative analysis of various vulnerability
scanners, encompassing the following aspects:
University of Bolton 72
Master’s Thesis
Main Report
Future works
Building upon the current comparative analysis of Nessus and OpenVAS in a
cloud environment, several avenues for future research and exploration can
further enhance the understanding of vulnerability scanners and their applicability
to modern security challenges:
University of Bolton 73
Master’s Thesis
Main Report
Reflection
Undertaking the comparative analysis of Nessus and OpenVAS in a cloud
environment has been an enlightening and thought-provoking experience. The
complexity and changing nature of the cybersecurity ecosystem became clear
when I dug more into the nuances of these vulnerability scanners. My awareness
of vulnerability management has grown as a result of the study, which also
brought to light the crucial function that these tools have in securing contemporary
IT infrastructures.
University of Bolton 74
Master’s Thesis
Main Report
Through this analysis, I've come to appreciate the nuanced trade-offs that
organizations must consider when selecting a vulnerability scanner. While
Nessus demonstrated a remarkable ability to uncover a wide range of
vulnerabilities, OpenVAS's shorter scanning time showcased the importance of
swift insights in fast-paced cloud environments. This realization has reinforced
the idea that security strategies must align with the specific goals and constraints
of an organization, ensuring an optimal balance between thorough analysis and
operational efficiency.
University of Bolton 75
Master’s Thesis
Main Report
REFERENCES
Ademowo, A., 2010. Testing Mail Server Vulnerabilities and Recommending Control
Measures: A Case of Interglobal Limited.
Antrobus, R., Frey, S., Green, B. and Rashid, A., 2016, October. Simaticscan: Towards
a specialised vulnerability scanner for industrial control systems. In 4th International
Symposium for ICS & SCADA Cyber Security Research 2016 4 (pp. 11-18).
Arambatzis, T., Lazaridis, I. and Pouros, S., 2015, September. Modern Windows
Operating Systems Vulnerabilities. In The Second International Conference on
Information Security and Digital Forensics (ISDF2015) (p. 53).
Araújo, R., Pinto, A. and Pinto, P., 2021, June. A performance assessment of free-to-
use vulnerability scanners revisited. In ICT Systems Security and Privacy Protection:
36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021,
Proceedings (pp. 53-65). Springer International Publishing.
Chalvatzis, I., Karras, D.A., and Papademetriou, R.C., 2020. Reproducible modelling and
simulating security vulnerability scanners evaluation framework towards risk
management assessment of small and medium enterprises business networks. Indian J.
Sci. Technol, 13(37), pp.3910-3943.
Daud, N.I., Bakar, K.A.A. and Hasan, M.S.M., 2014, August. A case study on web
application vulnerability scanning tools. In 2014 Science and Information
Conference (pp. 595-600). IEEE.
Download Tenable Nessus vulnerability assessment (no date) Tenable®. Available at:
https://www.tenable.com/products/nessus (Accessed: 26 June 2023).
University of Bolton 76
Master’s Thesis
Main Report
Erturk, E. and Rajan, A., 2017. Web Vulnerability Scanners: A Case Study. arXiv preprint
arXiv:1706.08017.
Fall, D. and Kadobayashi, Y., 2019. The common vulnerability scoring system vs. rock
star vulnerabilities: Why the discrepancy? ICISSP, pp.405-411.
Grobauer, B., Walloschek, T. and Stocker, E., 2010. Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), pp.50-57.
Harrell, C.R., Patton, M., Chen, H. and Samtani, S., 2018, November. Vulnerability
assessment, remediation, and automated reporting: Case studies of higher education
institutions. In 2018 IEEE International Conference on Intelligence and Security
Informatics (ISI) (pp. 148-153). IEEE.
Hoffman, J. (n.d.). OpenVAS vs. Nessus: How Different are the Two? [online]
WisdomPlexus. Available at: https://wisdomplexus.com/blogs/openvas-vs-nessus/.
Holm, H., Sommestad, T., Almroth, J. and Persson, M., 2011. A quantitative evaluation
of vulnerability scanning. Information Management & Computer Security, 19(4), pp.231-
247.
Howland, H., 2023. Cvss: Ubiquitous and broken. Digital Threats: Research and
Practice, 4(1), pp.1-12.
Ibidapo, A.O., Zavarsky, P., Lindskog, D. and Ruhl, R., 2011, October. An analysis of
CVSS v2 environmental scoring. In 2011 IEEE Third International Conference on
Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on
Social Computing (pp. 1125-1130). IEEE.
Jetty, S., 2018. Network Scanning Cookbook: Practical Network Security Using Nmap
and Nessus 7.
Kejiou, A. and Bekaroo, G., 2022, October. A review and comparative analysis of
vulnerability scanning tools for wireless LANs. In 2022 3rd International Conference on
Next Generation Computing Applications (NextComp) (pp. 1-6). IEEE.
Mell, P. and Scarfone, K., 2007. Improving the common vulnerability scoring system. IET
Information Security, 1(3), pp.119-127.
University of Bolton 77
Master’s Thesis
Main Report
Mell, P., Scarfone, K. and Romanosky, S., 2006. Common vulnerability scoring
system. IEEE Security & Privacy, 4(6), pp.85-89.
Mell, P., Scarfone, K. and Romanosky, S., 2007, June. A complete guide to the common
vulnerability scoring system version 2.0. In Published by the FIRST forum of incident
response and security teams (Vol. 1, p. 23).
Nessus vs. openvas advantages and disadvantages explained (2019) Learn Ethical
Hacking and Penetration Testing Online. Available at:
https://www.hackingloops.com/nessus-vs-openvas. (Accessed: 21 July 2023).
Nowak, M., Walkowski, M. and Sujecki, S., 2021, September. Conversion of CVSS Base
Score from 2.0 to 3.1. In 2021 International Conference on Software,
Telecommunications and Computer Networks (SoftCOM) (pp. 1-3). IEEE.
Rahalkar, S. and Rahalkar, S., 2019. OpenVAS. Quick Start Guide to Penetration
Testing: With NMAP, OpenVAS and Metasploit, pp.47-71.
Schiffman, M., Wright, A., Ahmad, D. and Eschelbeck, G., 2004. The common
vulnerability scoring system. National Infrastructure Advisory Council,
Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup.
Schiffman, M., Wright, A., Ahmad, D. and Eschelbeck, G., 2004. The common
vulnerability scoring system. National Infrastructure Advisory Council, Vulnerability
Disclosure Working Group, Vulnerability Scoring Subgroup.
Spring, J., Hatleback, E., Householder, A., Manion, A. and Shick, D., 2021. Time to
Change the CVSS? IEEE Security & Privacy, 19(2), pp.74-78.
Tundis, A., Mazurczyk, W. and Mühlhäuser, M., 2018, August. A review of network
vulnerabilities scanning tools: types, capabilities, and functions. In Proceedings of the
13th International Conference on Availability, Reliability and Security (pp. 1-10).
Xia, Y., Liu, C. and Yu, K., 2020, February. Design and Implementation of Vulnerability
Scanning Tools for Intelligent Substation Industrial Control System Based on Openvas.
In IOP Conference Series: Earth and Environmental Science (Vol. 440, No. 4, p.
042031). IOP Publishing.
BIBLIOGRAPHY
University of Bolton 78
Master’s Thesis
Main Report
Gilbert, K. and Caudill, B., 2019. Hands-on Aws penetration testing with Kali Linux: Set
up a virtual lab and pentest major Aws services, including EC2, S3, Lambda, and
CloudFormation. Packt Publishing Ltd.
Harrison, L., Spahn, R., Iannacone, M., Downing, E., and Goodall, J.R., 2012, October.
Nv: Nessus vulnerability visualization for the web. In Proceedings of the Ninth
International Symposium on Visualization for Cyber Security (pp. 25-32).
Holik, F., Horalek, J., Marik, O., Neradova, S. and Zitta, S., 2014, November. Effective
penetration testing with Metasploit framework and methodologies. In 2014 IEEE 15th
International Symposium on Computational Intelligence and Informatics (CINTI) (pp.
237-242). IEEE.
Hu, Y., Sulek, D., Carella, A., Cox, J., Frame, A., Cipriano, K. and Wang, H.X., 2016.
Efficient Distributed Vulnerability Assessment by Utilizing Miniaturized Computers.
Indu, I., Anand, P.R. and Bhaskar, V., 2018. Identity and access management in a cloud
environment: Mechanisms and challenges. Engineering Science and Technology, an
international journal, 21(4), pp.574-588.
Lerida, J.L., Grackzy, S.M., Vina, A. and Andujar, J.M., 1999, October. Detecting security
vulnerabilities in remote TCP/IP networks: an approach using security scanners.
In Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security
Technology (Cat. No. 99CH36303) (pp. 446-460). IEEE.
Malik, N. and Kamboj, S., 2022, October. Cyber security issues and challenges
comparative study. In AIP Conference Proceedings (Vol. 2555, No. 1). AIP Publishing.
Mburano, B. and Si, W., 2018, December. Evaluation of web vulnerability scanners
based on owasp benchmark. In 2018 26th International Conference on Systems
Engineering (ICSEng) (pp. 1-6). IEEE.
Nowak, M.R., Walkowski, M. and Sujecki, S., 2023. Support for the Vulnerability
Management Process Using Conversion CVSS Base Score 2.0 to 3. x. Sensors, 23(4),
p.1802.
Vimala, K. and Fugkeaw, S., 2022, January. VAPE-BRIDGE: Bridging OpenVAS Results
for Automating Metasploit Framework. In 2022 14th International Conference on
Knowledge and Smart Technology (KST) (pp. 69-74). IEEE.
Ylonen, T., 1996, July. SSH–secure login connections over the Internet. In Proceedings
of the 6th USENIX Security Symposium (Vol. 37, pp. 40-52).
University of Bolton 79
Master’s Thesis
Main Report
APPENDIX
Appendix A: Gantt Chart
Comparative Analysis
Submission
Viva Presentation
University of Bolton 80
Master’s Thesis
Main Report
1. Download Nessus:
Go to the Tenable website and sign up for an account Once you have an
account, log in and navigate to the Nessus download page via
https://www.tenable.com/downloads?loginAttempted=true.
Choose the appropriate package for your system. Since you're using Kali
Linux, you'll likely want to download the Debian package (`.deb`).
University of Bolton 81
Master’s Thesis
Main Report
Use `wget` to download the Nessus package. Open a terminal and enter the
following command,
Wget
<https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-
10.5.3-debian10_amd64.deb>
4. Install Dependencies:
Nessus may have some dependencies that need to be installed. Run the
following commands to ensure you have all the necessary packages:
5. Install Nessus:
After installation, start the Nessus service using the following commands:
University of Bolton 82
Master’s Thesis
Main Report
8. Set Up Nessus
Activation: You will need to activate Nessus using the activation code you
received during the registration process. Follow the on-screen instructions to
activate Nessus.
University of Bolton 83
Master’s Thesis
Main Report
9. Log In to Nessus:
Once you've completed the setup, log in to the Nessus web interface using the
credentials you just created.
University of Bolton 84
Master’s Thesis
Main Report
University of Bolton 85
Master’s Thesis
Main Report
University of Bolton 86
Master’s Thesis
Main Report
University of Bolton 87
Master’s Thesis
Main Report
University of Bolton 88
Master’s Thesis
Main Report
OpenVAS
University of Bolton 89