1 Introduction¶

1.1 Vulnerability Management¶

In IT security, the combination of three elements influence the attack surface of an IT infrastructure:

Cyber criminals with sufficient experience, equipment and money to carry out the attack.
Access to the IT infrastructure.
Vulnerabilities in IT systems, caused by errors in applications and operating systems, or incorrect configurations.

If these three elements come together, a successful attack on the IT infrastructure is likely.

Since most vulnerabilities are known and can be fixed, the attack surface can be actively influenced using vulnerability management. Vulnerability management involves looking at the IT infrastructure from the outside – just as potential cyber criminals would. The goal is to find every vulnerability that could exist in the IT infrastructure.

Vulnerability management identifies weaknesses in the IT infrastructure, assesses their risk potential, and recommends concrete measures for remediation. In this way, attacks can be prevented through targeted precautionary measures. This process – from recognition to remedy and monitoring – is carried out continuously.

_images/vm_steps.png — Fig. 1.1 Process of vulnerability management¶

1.2 OpenSight OS¶

The OpenSight Operating System (OpenSight OS) sets the secure and flexible foundation for OPENVAS product.

OpenSight OS utilizes a security-hardened Linux kernel and modules, a strict two-roles concept as well as the OPENVAS API to provide security on multiple levels. OPENVAS products are deployed containerized on the OpenSight OS using the OpenSight Container Management API.