Should I get started with GCE in a Windows domain?

aaa · July 22, 2024, 5:09am

Greetings!

I need to install a vulnerabilty scanner in my company (a Windows domain with a few Linux hosts sprinkled in) as a final project for my education. We heard about OpenVAS, learned that Greenbone Community Edition is its successor but limited in what it can do.

However, I find it incrediby difficult to find out what exactly the free version can and can not do. I searched the web site and found that it scans for “IT-Grundschutz” and against what Greenbone considers to be consumer hardware/software.

Does it make sense then to think about using this tool in our company? It would have to scan Windows Servers with the typical services like DC, DNS, DHCP, Hyper-V and whatnot, Windows clients (10 and 11) and also the Linux servers with a variety of things running on them. As a German company we wouldn’t mind “IT-Grundschutz” scan although it would be nice to know exactly what this means.

If the answer is “No, go look elsewhere” then I’d be wondering what you are using GCE for. Or are there alternatives to the Greenbone Community Feed like private servers in the gaming world?

Thanks!

rippledj · July 22, 2024, 5:13am

Although this is a complex question, I can try to get you in the right direction. Here is the official comparison of the feeds, and here is a couple different comparison of the solutions.

However, for more updated information, I suggest contacting Greenbone sales department directly.

aaa · July 22, 2024, 1:12pm

Thank you for the links but I knew them already and don’t think they answer my questions. As we won’t pay anything for such a project I guess I need to try out how viable it is in the environment of our company as contacting Sales makes no sense in such a situation.

Lukas · July 22, 2024, 5:12pm

Keep in Mind that a Windows Domain is a typical commercial environment that is not total covered with the Community Feed / Version. As well support is only on voluntarily basis without any SLA available here.

aaa · July 22, 2024, 5:29pm

I’m aware that I will have to find out what is covered and what is not. It is so strange that this is not disclosed plain and simple on the front page of the web site. That leads me to one of my original questions: What do people actually do with the free version when it’s not even discclosed which vulns are checked with the Community Feed?

rippledj · July 23, 2024, 7:08am

If you visit the SecInfo pages of the Greenbone Community Edition - from top menu bar of the GSA web-interface, you can see a compete list of all vulnerability test that are included with the Community Feed. If you want to see a complete list of all the Enterprise + Community feed vulnerability tests, you can visit the Greenbone online SecInfo portal.

The only thing not being provided is a subtractive list of all the VTs minus the Community VTS.

You can also find the NASL source code for all community VTs in the /lib/openvas/plugins/ directory.