Implementation of the Greenbone Vulnerability Management (GVM/OpenVAS) System
Project Summary and Objective
To strengthen the company's security posture and shift from a reactive to a proactive model, a project was undertaken to deploy a dedicated server for automated vulnerability scanning and management. The objective was to gain continuous insight into the security status of the company's internet-facing infrastructure, enabling early detection of vulnerabilities and minimizing the risk of cyberattacks. 🛡️
Technology and Platform Selection
After analyzing available solutions, the Greenbone Vulnerability Management (GVM) Community Edition was chosen. It is an advanced open-source platform that utilizes the powerful OpenVAS scanner and is powered by a comprehensive, regularly updated feed of known vulnerabilities (the Greenbone Community Feed).
During the preparatory phase, the installation was tested on several Linux distributions. Gentoo Linux was selected as the final base operating system due to its unparalleled flexibility, optimization capabilities, and granular control over installed packages, making it ideal for a dedicated security appliance.
Implementation Process and Current Use
The entire process, including the installation of the base OS, the compilation and configuration of all GVM components, and the execution of initial test scans, was efficiently completed within 4 days.
The system is now fully operational and configured to perform regular, automated scans of all company servers with public access. Scan results are analyzed, and detected vulnerabilities are classified by their criticality level. This mechanism allows for an immediate response from the IT team to emerging threats and the prioritization of remediation efforts before vulnerabilities can be exploited by attackers.
Licensing and Commercial Use
The deployment is based on the Greenbone Community Edition license, which permits the full and legal use of the system for internal commercial purposes, providing a professional-grade vulnerability management tool without additional licensing costs.
Server specification:
| System | Gentoo Linux |
|---|---|
| CPU | 6 vCPU |
| Disk | 85 GB |
| RAM | 16 GB |
System status
NVT Vulnerabilities
CVE Vulnerabilities
CPE Vulnerabilities
CERT-Bund Vulnerabilities
DFN-CERT Vulnerabilities
Update status
Outcome
Through the implementation of the GVM system, the company has gained a powerful, in-house tool for the continuous monitoring of its cybersecurity, which has significantly raised the overall protection level of the infrastructure.