基于OpenVAS的漏洞扫描系统设计与实现

发布时间：2018-02-28 18:39

本文关键词： 漏洞扫描 OpenVAS 网络安全多线程 OMP协议　出处：《济南大学》2016年硕士论文　论文类型：学位论文

【摘要】：随着计算机网络技术的日趋完善,互联网已经成为人们必不可少的通信工具。然而,在人们享受互联网带来便利性的同时,互联网安全问题也愈发严重,每天各种恶意的攻击破坏行为层出不穷。漏洞扫描技术能够检测出系统的潜在漏洞,使系统维护者能够事先预测攻击者的行为,降低黑客攻击造成的损失。本文深入研究与分析开源漏洞扫描工具OpenVAS的相关技术和工作原理,成功将OpenVAS移植到基于中标麒麟系统的龙芯3B服务器上,并在此基础中进行了二次开发工作,实现了一套基于国产服务器的可靠漏洞扫描系统。论文进行的主要工作如下:(1)对安全漏洞进行了深入研究,分析漏洞产生的原因以及可能带来的危害。阐述了常用的漏洞扫描技术以及OpenVAS采用的相关技术。分析OMP协议,为实现漏洞扫描系统打下基础。(2)深入研究OpenVAS漏洞扫描系统,阅读理解扫描模块的源码并进行相关优化工作,系统研究NASL脚本,并对典型脚本进行分析。实现OpenVAS在中标麒麟操作系统上的移植工作。(3)设计并实现基于B/S架构的漏洞扫描系统,系统主要由WEB客户端,控制后台,OpenVAS后台以及数据库组成。(4)搭建漏洞扫描系统的测试环境,并进行Linux,Windows,Mac系统下的测试工作,验证了漏洞扫描系统的可行性和有效性。经过系统测试和产品审核,目前该漏洞扫描系统已通过验收,并且已经投入实际使用。
[Abstract]:With the improvement of computer network technology, the Internet has become an indispensable communication tool. However, while people enjoy the convenience of the Internet, the Internet security problem is becoming more and more serious. Every day a variety of malicious attacks and vandalism emerge. Vulnerability scanning technology can detect potential vulnerabilities in the system and enable system maintainers to predict the behavior of attackers in advance. In this paper, we deeply study and analyze the technology and working principle of open source vulnerability scanning tool OpenVAS, and successfully transplant OpenVAS to Lonson 3B server based on winning Kirin system. On this basis, the second development work is carried out, and a reliable vulnerability scanning system based on domestic server is implemented. The main work of this paper is as follows: 1) the security vulnerability is deeply studied. This paper analyzes the cause and possible harm of vulnerability, expounds the commonly used vulnerability scanning technology and the related technology adopted by OpenVAS, analyzes the OMP protocol, lays a foundation for realizing the vulnerability scanning system, and deeply studies the OpenVAS vulnerability scanning system. Read and understand the source code of the scanning module and carry on the related optimization work, systematically study the NASL script, and analyze the typical script. Realize the transplantation of OpenVAS on the winning Kirin operating system. (3) Design and implement the vulnerability scanning system based on the B / S architecture. The system is mainly composed of WEB client, control backstage, OpenVAS and database to build the testing environment of the vulnerability scanning system, and carry out the testing work under the Linux Windows Windows Mac system. The feasibility and effectiveness of the vulnerability scanning system have been verified. After system test and product audit, the vulnerability scanning system has passed the acceptance check and has been put into practical use.
【学位授予单位】：济南大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP393.08

【参考文献】