Greenbone Product Architecture

Networked knowledge atop a strong basis

The building blocks of the Greenbone Security Managers are the Greenbone OS and the Greenbone Security Feed. Integration usually occurs on a hardware appliance. Several models are also available as virtual versions.

Greenbone Security Feed

Only Greenbone has it
Greenbone features a permanent stream of over 45,000 Network Vulnerability Tests (NVT) – and more are being added every day. The scan engine is capable of recognizing known and potential security problems thanks to this daily update, regardless of what devices are connected to your network.

Content

  • Tests according to CVE alerts
  • Tests according to Bugtraq alerts
  • Aggregate compliance rulesets
  • Controls for scan agents
  • Embedded Nmap NSE test routines
  • Coverage: MS Windows, GNU/Linux (Debian, Fedora, Mandriva, Redhat, SUSE, Ubuntu), Solaris, HP-UX, Cisco and various active networks components

Features

  • Globally networked development team: North-America, Europe and Asia
  • Multi-tier quality assurance process
  • Multiple daily updates
  • Encrypted transfer
  • Test routines are digitally signed
  • Vulnerability tests via remote network access
  • Vulnerability tests via credentials

The core content of the Greenbone Security Feed consists of

  • NVTs (Network Vulnerability Tests)
  • SCAP (Security Content Automation Protocol) and
  • CERT (Computer Emergency Respone Team) data.

The content of the Greenbone Security Feed undergoes a distinct process before it arrives at our customers’ sites.

  1. Screening (validity)
  2. Research (type, correlation, priority)
  3. Implementation
  4. Quality Assurance
  5. Release (into feed service)

The Greenbone Security Feed – Take a look at the Statistics

Greenbone OS

Greenbone OS (GOS) provides a robust basis for the Greenbone Security Manager. It includes the basic operating system, an administrative level and the scan applications. The hardware-specific functions vary according to the GSM version. The following features are available for all GSM variants (see remarks):

Supported standards

  • Network integration: SMTP (Email), SNMP, SysLog, LDAP, NTP, DHCP, IPv4/IPv6
  • Vulnerability detection: CVE, CPE, CVSS, OVAL
  • Network scans: WMI, LDAP, HTTP, SMB, SSH, TCP, UDP, …
  • Policies: IT-Grundschutz, PCI DSS, ISO 27001

Web-based interface (HTTPS)

  • Scan tasks management with notes and false-positive marking
  • Multi-user support
  • Clustered and distributed scanning via master-slave mode
  • Report browsing aided by filtering, sorting, annotating and risk scoring
  • Plug-in framework for reports: XML, PDF, …
  • Appliance performance overview

Integration (API)

  • OpenVAS Management Protocol (OMP), SSL-secured
  • All user actions of web-based interface available via API
  • Easy integration with other applications using the API
  • Simple automation via command line tools (CLI)

Administrative console interface

(available as shell via SSHv2 or RS232)

  • Network integration configuration
  • Backup, restore, snapshot, factory reset, update

Scan applications

(approved and customized versions)

Greenbone OS Architecture

Greenbone uses, extends and improves the Open Vulnerability Assessment System (OpenVAS) as a base technology of the Greenbone Security Solutions.

The internal architecture follows the approach of task-oriented components. In other words, instead of an all-in-one-tool, each task is designed as a service. Your benefits:

  • Small, focused components can be implemented and operated transparently and securely. Each component uses only the system privileges that it needs to operate properly.
  • Each of the service components offers a well-defined communication protocol.

Integration

Integration into security structures is a major design and architectural feature of Greenbone technology. Among other things, the comprehensive protocol (OMP) has been developed for this purpose. This is complemented by the report plug-in framework and alert modules.

System Monitoring: Nagios/Centreon

The scan results of the Greenbone Security Manager provide a great additional benefit when they are automatically connected to monitoring tools like Nagios. Nagios is considered, together with related products like Centreon and Icinga, an industry standard for monitoring IT infrastructures.

Technical guide for linking with Nagios/Centreon

ISMS: verinice

Scan results can be transferred from Greenbone Security Manager to the ISMS tool verinice. This allows linking Greenbone data with other security related business data in a comprehensive management tool for integrated reporting. At the same time, this also makes it possible to integrate the handling of detected vulnerabilities into the existing business process.

Technical guide for linking with verinice