List of vulnerability tests


#1

Dear all,

I have a list of security policies that need to be implemented. These are for example:

  • standard passwords shall not be used and must be replaced.
  • standard admin accounts like root and admin shall be deactivated
  • authentication credentials shall be protected against replay-attacks
  • etc.

I would like to check, whether these individual policies are covered (i.e. can be checked) using OpenVAS.

What would be a good way to do this? Is there a list (excel, html, CVS) of VTs that are currently part of OpenVAS, which I can use.

Do you know of a more efficient way to get this done?

Thanks!


#2

Hi an.schall.
The GSM can indeed be used for compliance scans as well. You should find all VTs you’ll need for this in the eponymous VT family “Compliance”.

If you prefer a preconfigured scan config, I suggest the “IT-Grundschutz” scan config. It’s usage and source is described in the manual at
https://docs.greenbone.net/GSM-Manual/gos-4/en/compliance.html#it-grundschutz

It’s an official compliance standard of the German Federal Office for IT Security, BSI. It should cover all security policy tests you probably want to implement.