Risk Assessment has been identified as a critical issue in computer infrastructures, especially in medium to large scale organizations and enterprises. The goal of this research report is to provide a virtual machine based framework for testing the performance of vulnerability scanners applied to such enterprises, focused to small and medium size ones. Moreover, the purpose of this paper is to compare three of the most wellknown free vulnerability scanning solutions (Nessus, OpenVAS, Nmap Scripting Engine) in regards to how they can be used to automate the process of Risk Assessment in an organization, based on the herein presented experimental evaluation framework involving virtual machine testing.
Objectives: Risk Management has been recognized as a critical issue in computer infrastructures, especially in medium to large scale organizations and enterprises. The goal of this research report is to provide a practical comprehensive virtual machine based framework for assessing the performance of vulnerability scanners applied to such enterprises, focused to small and medium size ones towards a risk evaluation analysis. Moreover, the purpose of this paper is to compare three of the most well-known free vulnerability scanners (Nessus, OpenVAS, Nmap Scripting Engine) with regards to how they can be used to systematise the process of Risk Assessment in an enterprise, based on the herein presented experimental evaluation framework involving virtual machine testing. Method: The proposed methodology is based on developing a framework for suitable setup and usage of virtual machines making risk analysis practical and being capable of comparing different vulnerability scanners. Findings: The herein developed framework is shown to be efficient with regards to comparison and selection of candidate risk analysis software with easily accessed and affordable infrastructure. Novelty: Although there might be few other similar comparisons of vulnerability scanners in the literature, the main herein contribution is the provision of a practical and above all easily reproducible framework for small business enterprises to establish proper selection procedures of such security software without spending a lot of money for expensive testing infrastructure. Keywords: Vulnerability Scanning; risk assessment; nessus; OpenVAS; Nmap scripting engine
Vulnerability scanning is a very important aspect in computer network security management towards prevention of system intrusions. To this end, Nessus is a worldwide accepted such tool involving state of the art techniques. The goal of this research is to analyze the principles of vulnerability scanning using Nessus and, more importantly, to model configurations and architectures of computer networks for efficiently employing Nessus towards formalizing vulnerability scanning evaluations. Most importantly, the contribution of the herein research is to provide a superscript based framework for such a vulnerability analysis of a small to medium enterprise.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.