Tag Archive for: it security

Elmar Geese

Follina (CVE-2022-30190): Greenbone’s Feeds Offer Protection

Once again, a flaw has surfaced in Microsoft Office that allows attackers to remotely execute malicious code on the systems of attacked users using manipulated documents. Known as Follina, CVE-2022-30190 has been known for years, but Microsoft has not fixed it to date. Greenbone has added an appropriate vulnerability test to their feeds to detect the new Follina vulnerability in Microsoft Office.

Visual showing a digital padlock and binary code with the text “Follina CVE-2022-30190 Zero Day”, symbolizing a critical Microsoft Office vulnerability.

Follina Requires Immediate Action

The CVE named “Follina” is critical and requires immediate action: just opening Microsoft Word documents can give attackers access to your resources. Because a flaw in Microsoft Office allows attackers to download templates from the Internet via ms-msdt:-URI handler at the first click, attackers can create manipulated documents that, in the worst case, can take over entire client systems or spy on credentials.

According to Microsoft, the “protected view” offers protection. However, because users can deactivate this with just one click, the US manufacturer advises deactivating the entire URL handler via a registry entry. As of today, all Office versions seem to be affected.

Greenbone Enterprise Feed Helps and Protects

The Greenbone Enterprise Feed and the Greenbone Community Feed now contain an authenticated check for Microsoft’s proposed workaround, helping you to protect yourself from the impact of the vulnerability. Our development team is monitoring the release of Microsoft patches and recommendations for further coverage. We will inform about updates here on the blog.

Securing IT Networks for the Long Term

If you want to know which systems in your network are (still) vulnerable to vulnerabilities – including the critical vulnerability associated with CVE-2022-30190– our vulnerability management helps you. It applies to systems that definitely need to be patched or otherwise protected. Depending on the type of systems and vulnerability, they can be found better or worse. Detection is also constantly improving and being updated. New gaps are found. Therefore, there may always be more systems with vulnerabilities in the network. Thus, it is worthwhile to regularly update and scan all systems. For this purpose, Greenbone’s vulnerability management offers appropriate automation functions.

Vulnerability management is an indispensable part of IT security. It can find risks and provides valuable information on how to eliminate them. However, no single measure, including vulnerability management, offers 100 % security. To make a system secure, many systems are used, which in their entirety should provide the best possible security.

Contact Free Trial Buy Here Back to Overview
/by
Elmar Geese

TISAX Certification for Greenbone

Greenbone is now a TISAX participant and its Information Security Management System (ISMS) and data protection processes are certified within the German automotive industry’s TISAX scheme. “We have taken this step as an effort in providing the best possible protection of sensitive and confidential information for our customers, as the next logical step after being successfully certified for worldwide accepted international industry standards like ISO 27001 and ISO 9001.” – Dr. Jan-Oliver Wagner, CEO of Greenbone. The results are available on the ENX portal using the Scope ID S3LW9L and the Assessment ID A1P7V9. TISAX and TISAX results are not intended for general public.

TISAX-Logo

TISAX, the “Trusted Information Security Assessment Exchange”, is a mechanism for checking and exchanging test results according to industry-specific standards. Originally created as a system for the exchange of standardized test results in the automotive industry, it is optimized for the risk assessment of suppliers. Therefore, TISAX is being developed and governed by the ENX Association and published by the German Association of the Automotive Industry (VDA). Its focus lies on secure information processing between business partners, protection of prototypes and data protection in accordance with the EU’s General Data Protection Regulation (GDPR) for potential deals between car manufacturers and their service providers or suppliers.

As a crucial part of a secure supply chain, TISAX is a standard for Information Security Management Systems (ISMS), originally derived from the ISO/IEC 27001 standard in 2017, but has since diverged. For the automotive industry, TISAX brings standardization, quality assurance and guarantees information security measures are assessed by audit providers in accordance with the VDA standards. Audits according to TISAX, especially for service providers and suppliers, are carried out by so-called “TISAX audit service providers” and come with three levels of maturity an overview of which you can find in the TISAX Participant Handbook and on websites of certification providers like Adacor (German only).

Greenbone’s certifications increase our products’ value for our customers, not just by saving time and money, but also by proving our outstanding security level and high standards. Elmar Geese, CIO at Greenbone: “With TISAX, we document our independently audited security status. Customers do not need to do individual assessments, work with lengthy questionnaires or all the other things needed in a bottom-up audit. We guarantee that we meet their security requirements.”

Therefore, Greenbone follows the question catalogue of information security of the German Association of the Automotive Industry (VDA ISA). The assessment was conducted by an audit provider. The result is exclusively retrievable via the ENX portal (Scope ID: S3LW9L, Assessment ID: A1P7V9).


Contact Free Trial Buy Here Back to Overview

/by
Jan-Oliver Wagner

Active and Passive Vulnerability Scans – One Step Ahead of Cyber Criminals

In networked production, IT and OT are growing closer and closer together. Where once a security gap “only” caused a data leak, today the entire production can collapse. Those who carry out regular active and passive vulnerability scans can protect themselves.

What seems somewhat strange in the case of physical infrastructure – who would recreate a break-in to test their alarm system – is a tried and tested method in IT for identifying vulnerabilities. This so-called active scanning can be performed daily and automatically. Passive scanning, on the other hand, detects an intrusion in progress, because every cyber intrusion also leaves traces, albeit often hidden.

Controlling the Traffic

Firewalls and antivirus programs, for example, use passive scanning to check traffic reaching a system. This data is then checked against a database. Information about malware, unsafe requests and other anomalies is stored there. For example, if the firewall receives a request from an insecure sender that wants to read out users’ profile data, it rejects the request. The system itself is unaware of this because the passive scan does not access the system but only the data traffic.

The advantage of this is the fact that the system does not have to use any additional computing power. Despite the scan, the full bandwidth can be used. This is particularly useful for critical components. They should have the highest possible availability. The fewer additional activities they perform, the better.

The disadvantage of passive scanning is that only systems that are actively communicating by themselves can be seen. This does not include office software or PDF readers, for example. But even services that do communicate do so primarily with their main functions. Functions with vulnerabilities that are rarely or not at all used in direct operation are not visible, or are only visible when the attack is already in progress.

Checking the Infrastructure

Active scans work differently and simulate attacks. They make requests to the system and thereby try to trigger different reactions. For example, the active scanner sends a request for data transfer to various programs in the system. If one of the programs responds and forwards the data to the simulated unauthorized location, the scanner has found a security hole.

Graphic comparing active and passive vulnerability scanning: On the left, the scanner sends requests to network devices (active scan); on the right, it passively monitors data traffic (passive scan).

The advantage: the data quality that can be achieved with active scanning is higher than with passive scanning. Since interaction takes place directly with software and interfaces, problems can be identified in programs that do not normally communicate directly with the network. This is also how vulnerabilities are discovered in programs such as Office applications.

However, when interacting directly, systems have to handle extra requests which may then affect the basic functions of a program. Operating technology such as machine control systems, for example, are not necessarily designed to perform secondary tasks. Here, scanning under supervision and, as a supplement, continuous passive scanning are recommended.

Scanning Actively, but Minimally Invasive

Nevertheless, active scanning is essential for operational cyber security. This is because the risk posed by the short-term overuse of a system component is small compared to a production outage or data leak. Moreover, active scans not only uncover vulnerabilities, they can also enhance passive scans. For example, the vulnerabilities that are detected can be added to firewall databases. This also helps other companies that use similar systems.

Active and Passive Scanning Work Hand in Hand

Since the passive scanner can also provide the active scanner with helpful information, such as information about cell phones or properties about network services, these two security tools can be considered as complementary. What they both have in common is that they always automatically get the best out of the given situation in the network. For the passive and active scanning techniques, it does not matter which or how many components and programs the network consists of. Both security technologies recognize this by themselves and adjust to it. Only with a higher level of security does the optimized tuning of network and scanners begin.

So it is not a question of whether to use one or the other. Both methods are necessary to ensure a secure network environment. A purely passive approach will not help in many cases. Proactive vulnerability management requires active scans and tools to manage them. This is what Greenbone’s vulnerability management products provide.


Contact Free Trial Buy Here Back to Overview

/by
Markus Feilner

New Vulnerability Scanner “Notus”

The employees of Greenbone are currently developing a completely new scanner for version comparisons. The new vulnerability scanner “Notus” should significantly accelerate the comparison of software versions, CVEs and patches in the future.

Scanner architecture of the new vulnerability scanner

 

A large part of modern vulnerability management consists of comparing software versions. If you want to find out whether your server is immune to a vulnerability, you need to know which version of a particular software is running on that machine. For example, version 1 may be affected by a vulnerability that is already fixed in version 2. Whether vulnerability scanners like the new vulnerability scanner “Notus” issue a warning depends, among other things, heavily on the result of these comparisons.

Björn Ricks, Unit Lead Services & Platforms at Greenbone explains, “Such tasks alone accounted for more than a third of a scanner’s work, and the scanner we have optimized specifically for version comparisons is designed to speed this up significantly.”

Performance Shortcomings of Classic Scanners

At the beginning of the work of a classic scanner is an advisory with a gap found by experts. Greenbone employees then search for matching (affected) software versions and those that have already corrected the error. This information must now be made available to the scanner.

“It then rattles off the relevant servers and records software running there. For the actual scan, it essentially only gets the info about affected and fixed packages,” Ricks explains. “With the OpenVAS scanner and its predecessors, we usually had to start a separate process per version check, meaning a separate manually created script. Generating these scripts automatically is costly.”

JSON Data Helps Speed up the Scanner

The new scanner, on the other hand, only loads the data it needs from files in JSON format, an easy-to-read plain-text standard. “This means the logic for the tests is no longer in the scripts. This has many advantages: fewer processes, less overhead, less memory required.” Ricks believes the approach is “significantly more efficient.”

Elmar Geese, COO of Greenbone explains, “Our new Notus scanner will be a milestone for our users, it will significantly improve performance. Our well-known high detection quality as well as performance are key goals of our product strategy, and the new scanner supports this in an optimal way.”

The “Notus” project consists of two parts: a “Notus” generator, which creates the JSON files containing information about vulnerable RPM/Debian packages, and the “Notus” scanner, which loads these JSON files and interprets the information from them. Greenbone plans to complete the new vulnerability scanner “Notus” in the next few months.

About Greenbone and OpenVAS

When the development team of the vulnerability scanner Nessus decided to stop working under open source licenses and switch to a proprietary business model in 2005, several forks of Nessus were created. Only one of them is still active: the Open Vulnerability Assessment System (OpenVAS).

The founding of Greenbone in 2008 aimed to drive the development of OpenVAS and provide users with professional vulnerability scanning support. Greenbone started to lead the further development of OpenVAS, added several software components and thus transformed OpenVAS into a comprehensive vulnerability management solution that still carries the values of free software. The first appliances hit the market in spring 2010.

Contact Free Trial Buy Here Back to overview
/by
Greenbone AG

Full CVSSv3x Coverage in the Greenbone Feeds

With the help of Greenbone products, known vulnerabilities in an IT infrastructure can be detected and subsequently eliminated. Assessing the severity of a vulnerability is an essential tool for planning and prioritizing subsequent remediation actions. CVSS provides such an assessment according to a metrics system. Since 2021, Greenbone’s current solutions also support CVSS versions 3.0 and 3.1, and at the same time, Greenbone started to provide all vulnerability tests for which a respective rating is available with it. As of October 2021, this work is now complete and there is – as far as possible – full CVSSv3x coverage in the Greenbone feeds.

Helpful Severity Metrics

Every cyber attack needs a vulnerability to be successful. Most vulnerabilities, namely 999 out of 1,000, have already been known for more than a year and can therefore be proactively detected and eliminated. For detection, a Greenbone vulnerability scanner is used, which finds the known vulnerabilities in an IT infrastructure.

If vulnerabilities are discovered, they can subsequently be eliminated using a wide variety of measures. The most urgent vulnerabilities to be eliminated are those that pose a critical risk to the IT system. Prioritization is required for selecting the measures and the order.

The severity is an essential tool for prioritization. However, we will take a closer look at how vulnerabilities are assigned a severity level in the first place and how it is calculated.

How Severity Ratings Are Created

In the past, different organizations and security research teams discovered and reported vulnerabilities at the same time and named them with different names. This resulted in the same vulnerability being reported by, for example, multiple scanners under different names, making communication and comparison of results difficult.

To address this, MITRE founded the Common Vulnerabilities and Exposures (CVE) project. Each vulnerability was given a unique identifier as a central reference, consisting of the year of publication and a simple number. The CVE database is used to link vulnerability databases with other systems and to allow comparison of security tools and services.

CVEs thus do not contain any detailed, technical information or information regarding the risks, effects or elimination of a vulnerability. In some cases, the version in which the vulnerability was removed is stored.

Further information about a vulnerability can be found in the National Vulnerability Database (NVD). The NVD – a U.S. government vulnerability management data repository – supplements CVEs with information regarding remediation, potential impact, affected products, and also the severity of a vulnerability.

How is the Severity of a Vulnerability Calculated?

The Common Vulnerability Scoring System (CVSS) was developed to enable the assessment of vulnerabilities. CVSS is an industry standard for describing the severity of security risks in IT systems. It was developed by the CVSS Special Interest Group (CVSS-SIG) of the Forum of Incident Response and Security Teams (FIRST). The latest CVSS version is 3.1.

The CVSS score evaluates vulnerabilities according to various criteria, so-called “metrics”: base-score metrics, temporal-score metrics and environmental-score metrics.

  • Base-score metrics: base-score metrics represent the basic characteristics of a vulnerability that are independent of time and the IT environment: how well can the vulnerability be exploited and what is the impact?
  • Temporal-score metrics: temporal-score metrics represent characteristics that can change over time but are the same in different IT environments. For example, the deployment of a patch by the deploying organization would lower the score.
  • Environmental-score metrics: environmental-score metrics represent the characteristics that apply to a specific IT environment. Relevant here are how well the affected organization can intercept successful attacks or what status a particular vulnerable system has within the IT infrastructure.

Since, in general, only the base score metrics are meaningful and can be determined permanently, only these are usually published and used.

CVSSv3.0/v3.1 Support Since GOS 21.04

Since GOS 21.04, which was released in April 2021, versions 3.0 and 3.1 of CVSS are also supported. Although some CVEs – and thus also the associated vulnerability tests – still contain version 2 CVSS data, this mainly affects older CVEs from the year 2015 and earlier, for which no CVSSv3.0/v3.1 score is yet stored in the NVD.

Let’s look at the biggest changes that versions 3.0 and 3.1 include.

Compared to CVSS version 2.0, version 3.0 retains the main groups of metrics – base, temporal, and environmental – but adds new criteria. For example, the metrics “Scope (S)”, which indicates whether a vulnerability can also affect other components of an IT network, and “User Interaction (UI)”.

Some existing criteria have also been replaced by newer ones: “Authentication (Au)” has become “Privileges Required (PR)”. It is no longer measured how often attackers have to authenticate themselves to a system, but what level of access is required for a successful attack.

In addition, the severity levels were subdivided more finely. In version 2.0, the values from 0 to 10 were divided into three severity levels: “Low” (0.0 – 3.9), “Medium” (4.9 – 6.9) and “High” (7.0 – 10.0). Since version 3.0, there are five levels: “None” (0.0), “Low” (0.1 – 3.9), “Medium” (4.0 – 6.9), “High” (7.0 – 8.9) and “Critical” (9.0 – 10.0).

CVSS version 3.1 did not bring any changes to the metrics or the calculation formulas. Instead, the focus was on emphasizing that CVSS measures the severity of a vulnerability rather than the risk it poses. A common mistake was to view the CVSS score as the sole characteristic of a vulnerability’s risk, rather than performing a fully comprehensive risk assessment.

In the course of this, the definitions of the metrics were formulated more clearly and the glossary was expanded.

Full CVSSv3.0/v3.1 Coverage in the Feed

With CVSSv3.0/v3.1 support in April 2021, Greenbone began updating all vulnerability tests assigned a CVSSv3.0/v3.1 score in the NVD to include a CVSSv3.0/v3.1 score.

This was done in daily stages of 500 – 600 vulnerability tests. The update and conversion were thoroughly reviewed and tested. Since October 2021, this work has now been completed. Thus, there is – as far as possible – full CVSSv3x coverage in the Greenbone feeds.

Contact Free Trial Buy Here Back to overview
/by
Greenbone AG

More than 100,000 Vulnerability Tests in the Greenbone Security Feed

The goal of vulnerability management is to detect all security gaps in an IT network before an attacker does so. The Greenbone Security Feed (GSF) provides the vulnerability tests (VTs) that the scanner of the Greenbone solutions performs for this purpose. As a component of the Greenbone Security Manager (GSM) and the Greenbone Cloud Services (GCS), it is updated daily and provides protection against major and well-known vulnerabilities such as SUPERNOVA, BlueKeep and PrintNightmare.
We are happy to announce that the success story is growing steadily and that since this month our Greenbone Security Feed contains more than 100,000 vulnerability tests!

Let’s take a look at the history of the feed.

In 2005, the development of the Nessus vulnerability scanner decided to stop working under open source licenses and switch to a proprietary business model. By that time, members from Intevation and DN-Systems – the two companies that would later found Greenbone – were already contributing developments to Nessus. In 2006, several forks of Nessus were created in response to the discontinuation of the open source solution. Of these forks, only one remains active: OpenVAS, the Open Vulnerability Assessment System.

In late 2008, Greenbone was formed to push OpenVAS. In the same year, two other companies became active: Secpod from India and Security Space from Canada. Both focused on providing vulnerability testing and partnered with Greenbone to create a reliable and up-to-date feed of vulnerability tests.

This started with the removal of source code and vulnerability tests where the license was unclear or incompatible. Several thousand vulnerability tests were eliminated to get a clean baseline with just under 3000 vulnerability tests at the time.

Shortly after, the content of the feed grew rapidly and steadily to over 10,000 vulnerability tests. 50,000 tests were then contained in the feed after about 8 years of development in 2016. The next 50,000 followed after only 5 more years and represent the current state with more than 100,000 vulnerability tests.

Number of VTs over time

Number of VTs over time

How Is the Feed Composed Anyway?

It is also interesting to see how these 100,000 vulnerability tests in the feed are put together. In our SecInfo Portal, you can easily take a look at all the included tests yourself.

About half of the tests detect vulnerabilities with a high severity class – i.e., with a severity between 7.0 and 10.0. Another 40,000 tests such with the severity class “Medium” (severity 4.0 to 6.9).

Distribution of the more than 100,000 vulnerability tests among the severity classes

Distribution of VTs by severity class

Vulnerabilities for the same area are grouped into families. Among the largest families of vulnerability tests are mainly those for local security checks, i.e., authenticated scans. In these, the target is scanned both from the outside via the network and from the inside using a valid usage login. Thus, more details about vulnerabilities can be found on the scanned system. Vulnerability tests for such authenticated scans already account for over 60,000 tests. The largest VT families with a total of almost 30,000 vulnerability tests are “Fedora Local Security Checks” and “SuSE Local Security Checks”.

Number of VTs in the top 10 VT Families

Number of VTs in the top 10 VT Families

Globally Known Vulnerabilities Are also Covered

The general public is unaware of many vulnerabilities. But every now and then, particularly significant and spectacular cyber attacks make it into the media – especially when many large companies or governments are affected.

Greenbone reacts immediately when such incidents become known and starts developing a corresponding vulnerability test. Such notable vulnerabilities in recent years include Heartbleed (2014), POODLE (2014), DROWN (2016), Meltdown (2018), Spectre (2018), BlueKeep (2019) and PrintNightmare (2021). Most people probably also particularly remember the Solarwinds attack in 2019 and 2020. The attackers had exploited a previously unknown vulnerability to inject the malicious webshell “SUPERNOVA”.
All of these vulnerabilities can be detected via tests in the Greenbone Security Feed.

In the future, we will continue to work on expanding the scope of our feed to provide users with the opportunity to detect vulnerabilities at an early stage and not give attacks a chance. So with our solutions constantly updated to cover the latest and most critical vulnerabilities, you can relax. The next 100,000 vulnerability tests will follow – stay tuned!


Contact Free Trial Buy Here Back to Overview

/by
Greenbone AG

Greenbone OS 21.04 – All New Features at a Glance

Since 2021-04-30, the latest GOS version – version 21.04 – is available and, as always, it brings a lot of new features and improvements! What exactly? Get an overview of all important changes with GOS 21.04 here!

New Hardware Models for Our Midrange Class Available

A new hardware generation has been introduced for the Midrange Class hardware appliances, which are used for medium-sized companies or for branch offices of large, distributed companies.

The new hardware now uses SSD-type hard disks instead of HDD, which are 10 times faster, quieter and lighter. There is also more hard disk space available. The RAM has also been improved. It is now DDR4 instead of DDR3, which makes it significantly faster with a higher clock rate (3200 MHz). Furthermore, twice to four times as much main memory is available than before. In addition, a new, faster CPU of the latest generation has been installed. The ports of the appliances also change: instead of 6 ports GbE-Base-TX and 2 ports 1 GbE SFP, there are now 8 ports GbE-Base-TX and 2 ports 10 GbE SFP+.

The model names remain unchanged.

Boreas Alive Scanner now as Standard

The Boreas Alive Scanner is a host alive scanner that identifies the active hosts in a target network. It was introduced with GOS 20.08, but was previously optional. With GOS 21.04, the Boreas Alive Scanner became standard.

Compared to the Nmap port scanner, which was previously used by default, the Boreas Alive Scanner is not limited in terms of the maximum number of alive scans performed simultaneously and is therefore faster.

The Boreas Alive Scanner significantly reduces scanning time for large networks with a small percentage of reachable hosts. This also makes it possible to get the first scan results faster, regardless of the percentage of alive hosts in the network.

Clearer Results Thanks to New Report Formats

Two additional report formats are now available for exporting reports, replacing the previous standard report formats: Vulnerability Report PDF and Vulnerability Report HTML. The report formats are clearly structured and easy to understand. Specific information relevant to the target group can be quickly identified and understood.

The report formats provide a basis for user-defined reports, which are planned for future GOS versions.

Example of a Greenbone vulnerability report in HTML format, featuring a risk matrix and detailed scan results of IT infrastructure vulnerabilities.

 

New Network Backend for a more Stable Connection

With GOS 21.04, the network configuration backend in GOS has been improved by introducing the gnm networking mode. This prevents connection losses in certain network configurations as well as connection problems with SSH sessions. In addition, the GSM no longer needs to be restarted after certain network settings have been changed.

New Hypervisors for Our Virtual Appliances

The officially supported hypervisors for the virtual appliances have been changed with GOS 21.04. The GSM EXA/PETA/TERA/DECA and 25V can be used with Microsoft Hyper-V, VMware vSphere Hypervisor (ESXi), and Huawei FusionCompute; the GSM CENO can be used with Microsoft Hyper-V and VMware vSphere Hypervisor (ESXi); and the GSM ONE can be used with Oracle VirtualBox, VMware Workstation Pro, and VMware Workstation Player. Additionally, GOS 21.04 supports the ARM instruction set on Huawei FusionCompute.

Improvement of the Web Server, Ciphers and Web Certificates

With GOS 21.04, the nginx web server is used in addition to the Greenbone Security Assistant Daemon (gsad). This web server uses OpenSSL instead of GnuTLS to define the available ciphers and protocols of the server. There is now a new menu in the GOS administration menu for configuring the TLS version. In addition, the menu for configuring the ciphers has been adapted.

Another change can be found in the generation of HTTPS certificates. Here it is now possible to define one or more Subject Alternative Name(s) (SAN). These are used to cover multiple domain names and IP addresses with one certificate.

CVSS v3.0/v3.1 Support for Severity Calculation

CVSS version 3.0 and 3.1 are now supported for calculating the severity of CVEs (Common Vulnerability Enumeration).

VTs and CVEs can contain version 2 and/or version 3.0/3.1 CVSS data. If a VT/CVE contains both CVSS v2 data and CVSS v3.0/v3.1 data, the CVSS v3.0/v3.1 data is always used and displayed.

The page CVSS Calculator now contains both a calculator for CVSS v2 and a calculator for CVSS v3.0/v3.1.

Screenshot comparing CVSSv2 and CVSSv3.1 score calculation in GOS 21.04, showing severity levels, vectors, and risk ratings for a sample vulnerability.

Open Scanner Protocol Makes all Sensor GSMs Lightweighted

Already with GOS 20.08 it was optionally possible for all sensors to be controlled via the Open Scanner Protocol (OSP). This results in the sensors becoming lightweighted and avoids the need for additional credentials on the sensor.

With GOS 21.04, only OSP is now used as the protocol to control a sensor GSM via a master GSM. The Greenbone Management Protocol (GMP) is no longer used.

Simplified and More Intuitive Functions on the Web Interface

With GOS 21.04, some minor changes have also been made to GOS and the web interface to make GSM operation and scanning clearer and more intuitive.

For example, the Auto-FP function and the alternative severity class schemes – BSI Vulnerability Traffic Light and PCI-DSS – have been removed.

Some devices – especially IoT devices – can crash when scanned across multiple IP addresses simultaneously. This can happen, for example, if the device is connected over IPv4 and IPv6. With GOS 21.04, it is possible to avoid scanning over multiple IP addresses at the same time by using the new setting Allow simultaneous scanning via multiple IPs when creating a target.

See for Yourself!

Check out our new features and changes for yourself! New appliances with GOS 21.04 are now available and existing appliances can also be upgraded to the latest version. Also our free trial version can be used with GOS 21.04.

Contact Free Trial Buy Here Back to overview
/by
Elmar Geese

Greenbone OS 21.04 – Even faster, more reliable and clearer

We are pleased to inform you that the latest version of our operating system Greenbone OS is now available! We have taken many of your wishes into account: the focus of the improvement was the scanning of large networks with many scan results and extensive reports. Among other things, GOS 21.04 offers new hardware, an improvement of host detection and clearer reports.


Delivering the best vulnerability management to our customers – this goal has always been at the core of our products. With the new release of our operating system Greenbone OS, we stay true to this claim and make our products more powerful: especially for large networks with many distributed branch offices, scanning with GOS 21.04 is faster and the scan results are even clearer.

More powerful and faster hardware for the Midrange Class

In large networks, several distributed medium-sized to large appliances are usually used, linked together via a master-sensor setup. For this reason, the Midrange Class hardware appliances have been strengthened by improving their hardware.

Our new hardware now uses SSD-type hard disks instead of HDD, which are 10 times faster, quieter and lighter. There is also more storage space available. The RAM has also been improved: instead of DDR3, it is now DDR4, which is much faster due to a higher clock rate (3200 MHz). Furthermore, twice to four times as much working memory is available than before. In addition, the hardware received new, faster CPU of the latest generation and also the ports of the appliances were updated: instead of 6 ports GbE-Base-TX and 2 ports 1 GbE SFP there are now 8 ports GbE-Base-TX and 2 ports 10 GbE SFP+.

Boreas Alive Scanner for faster availability of results now as standard

Scanning is also getting faster – which is especially helpful in large networks. GOS 20.08 already introduced the Boreas Alive Scanner, a host alive scanner that identifies the active hosts in a target network. With GOS 21.04, the Boreas Alive Scanner becomes standard, eliminating the need for manual activation.

The Boreas Alive Scanner is not limited in terms of the maximum number of simultaneous alive scans it can perform, making it faster than its predecessor Nmap. This significantly reduces the scanning time for large networks. Initial scan results are available faster, regardless of the percentage of reachable hosts in the network.

Clearer reports thanks to new report formats

The evaluation of scans is also clearer – thanks to new report formats. With the Vulnerability Report format as PDF and as HTML, the reports are clearly structured and easy to read. Specific information relevant to the target group can be quickly identified and understood.

Example of a Greenbone Vulnerability Report with risk matrix and detailed scan results in HTML format

See for Yourself

Scanning with GOS 21.04 is even faster, more reliable and clearer. Convince yourself of our new features and changes! New appliances with GOS 21.04 are available now. For existing appliances, the upgrade to the latest version will be available next week. Also our free trial version will be usable with GOS 21.04 then.

Contact Free Trial Buy Here Back to overview
/by