Greenbone Product Architecture

Networked knowledge atop a strong basis

The building blocks of the Greenbone Security Manager are the Greenbone OS and the Greenbone Security Feed. Integration usually occurs on a hardware appliance but several models are also available as virtual versions.

Greenbone Security Feed

Only Greenbone has it
Greenbone  Networks features a permanent stream of over 79,000 Vulnerability Tests (VT) – and more are being added every day. The scan engine is capable of recognizing known and potential security problems thanks to this daily update, regardless of what devices are connected to your network.

Content

  • Tests according to CVE alerts
  • Tests according to Bugtraq alerts
  • Aggregate compliance rule sets
  • Controls for scan agents
  • Embedded Nmap NSE test routines
  • Coverage: Microsoft Windows, GNU/Linux (Debian, Fedora, Mandriva, Redhat, SUSE, Ubuntu), Solaris, HP-UX, Cisco and various active network components

Features

  • Globally networked development team: North America, Europe and Asia
  • Multi-tier quality assurance process
  • Multiple daily updates
  • Encrypted transfer
  • Test routines are digitally signed
  • Vulnerability tests via remote network access
  • Vulnerability tests via credentials

The core content of the Greenbone Security Feed consists of

  • VTs (Vulnerability Tests)
  • SCAP (Security Content Automation Protocol)
  • CERT (Computer Emergency Respone Team) data

The content of the Greenbone Security Feed undergoes a distinct process

  1. Screening (validity)
  2. Research (type, correlation, priority)
  3. Implementation
  4. Quality assurance
  5. Release (into feed service)
Greenbone OS

Greenbone OS (GOS) provides a robust basis for the Greenbone Security Manager. It includes the basic operating system, an administrative level and the scan applications. The hardware-specific functions vary according to the GSM type. The following features are available for all GSM types (see remarks):

Supported standards

  • Network integration: SMTP (e-mail), SNMP, SysLog, LDAP, NTP, DHCP, IPv4/IPv6
  • Vulnerability detection: CVE, CPE, CVSS, OVAL
  • Network scans: WMI, LDAP, HTTP, SMB, SSH, TCP, UDP, …
  • Policies: IT-Grundschutz, PCI DSS, ISO 27001

Web-based interface (HTTPS)

  • Scan tasks management with notes and false-positive markings
  • Multi-user support
  • Clustered and distributed scanning via master-sensor mode
  • Report browsing aided by filtering, sorting, annotating and risk scoring
  • Plug-in framework for reports like XML and PDF
  • Appliance performance overview

Integration (API)

  • Greenbone Management Protocol (GMP), SSL-secured
  • All user actions of web-based interface available via API
  • Easy integration with other applications using the API
  • Simple automation via command line tools (CLI)

Administrative console interface

(available as shell via SSHv2 or RS232)

  • Network integration configuration
  • Backup, restore, snapshot, factory reset, feed update, GOS upgrade

Scan applications

(approved and customized versions)

Greenbone OS Architecture

Greenbone uses, extends and improves the Open Vulnerability Assessment System (OpenVAS) as a base technology of the Greenbone security solutions.

The internal architecture follows the approach of task-oriented components. In other words, instead of an all-in-one tool, each task is designed as a service. Your benefits:

  • Small, focused components can be implemented and operated transparently and securely. Each component uses only the system privileges that it needs for operating properly.
  • Each of the service components offers a well-defined communication protocol.

Integration

Integration into security systems is a major design and architectural feature of Greenbone Networks’ technology. Among other things, the comprehensive protocol (GMP) has been developed for this purpose. This is complemented by the report plug-in framework and alert modules.

System Monitoring: Nagios/Centreon

The scan results of the Greenbone Security Manager provide a great additional benefit when they are automatically connected to monitoring tools like Nagios. Together with related products like Centreon and Icinga, Nagios is considered an industry standard for monitoring IT infrastructures.

Technical guide for linking with Nagios/Centreon

ISMS: verinice

Scan results can be transferred from the Greenbone Security Manager to the ISMS tool verinice. This allows linking Greenbone data with other security related business data in a comprehensive management tool for integrated reporting. At the same time, this also enables integrating the handling of detected vulnerabilities into an existing business process.

Technical guide for linking with verinice