Even a seasoned system administrator cannot locate every single vulnerability on a dedicated server. From the misconfiguration of services to outdated versions of user-installed scripts, the list of possible vulnerabilities can grow quite long. You could easily spend several hours each day, reading security news reports, scouring logs, testing web applications, and monitoring services, but that would require hiring a full-time server security specialist, a luxury many may not have.
One way to find vulnerabilities without hours of searching, is to use a vulnerability scanner. One of the popular choices for scanners is a commercial product called Nessus. It is free for personal use but requires licensing for enterprise use. Fortunately, for those who prefer free and open source software, OpenVas is a reasonable alternative to Nessus.
Among the highlighted features of OpenVas Scanner are:
- The ability to concurrently scan multiple target hosts
- OpenVAS Transfer Protocol (OTP)
- SSL support for OTP
- WMI support
The OpenVAS system includes a server application, a desktop client, and a feed service for updated vulnerability information with live synchronization.
System administrators interested in trying OpenVAS can download a virtual machine version or a Live CD. For installation on a current production server, the project website provides binary packages and the source code. OpenVAS supports many Linux distributions, including Red Hat Enterprise Linux, CentOS, Gentoo, SUSE Linux Enterprise Server, Ubuntu, and Slackware. It also supports FreeBSD and Windows.