OS X may be considered Apple's desktop OS magnum opus, but it certainly hasn't been without its share of vulnerabilities (1,250 to date per the CVE database). The following are the top 11 OS X vulnerabilities and exploitation prevention tips. As soon as the login prompt “Welcome to Greenbone OS” appears, log in with the previously created administration account. You now enter the setup wizard which guides you through the final steps: Web-User: Creation of an administration account for the web interface. There, you can later create more account as needed. Perform the following steps to configure vulnerability scan results settings: Vulnerability scan results settings are a subset of vulnerability scan settings. For details about vulnerability scan settings, see Running Vulnerability Scans. Launch TMVS.exe. Click Settings. The Settings screen appears. Go to the Save results section. Vulnerability scan finished. As expected, OpenVAS found a number of severe vulnerabilities. Interpreting the Scan Results. Once the vulnerability scan has finished, you can browse to Scans → Reports in the top menu. Looking at the reports page, you will find the report for the completed scanning task: Vulnerability scanning report.
- How To Configure Account For Os X Vulnerability Scan Mac
- How To Configure Account For Os X Vulnerability Scan Pc
- How To Configure Account For Os X Vulnerability Scan Tool
In the first tutorial, you installed OpenVAS onto your Kali Linux, as well as the virtual appliance. This tutorial will walk you through the configuration and operation of OpenVAS so you can try your first vulnerability scanning. For this lesson, you should download and install another program called Metasploitable 2, which you will use as a target with your OpenVAS. If you would like to download and install Metasploitable 3 instead, scroll down a tad bit more.
Before you start trying out vulnerability scanning using OpenVAS 9, you must complete the tasks below:
- Create and configure your target
- Create and set scan task
- Run your scan
If you’re reading this portion of the tutorial, then you should have already read about, downloaded, installed, and configured OpenVAS 9.0. If you haven’t done any of these things as of yet, you should hold off on this part and return to part one of this tutorial.
For those readers who have already finished everything in part one, you’ll need to download and install Metasploitable and having it up and running. It should be accessible via OpenVAS 9.0 or your Kali Linux VM if OpenVAS is installed there. If everything is in order, set up your lab like this:
- Host machine with VMWare Workstation Pro 12
- Kali Linux 2018.2 VM with OpenVAS 9.0 installed (192.168.65.128)
- Metasploitable 2 VM (192.168.65.137)
Every virtual machine uses something called the NAT Network. You can configure it in the network settings on the network adapter. Once you’ve got everything up and running, start by setting the target and configuring the scan task.
Tip: Did you forget to write down or change your OpenVAS admin password? Check out the installation tutorial to find out how to reset the admin password.
Creating a Target in OpenVAS
The first step is to create and configure a target using the OpenVAS/Greenbone Security Assistant web interface. This newly created target is selected in the following step where you configure a scanning task.
To create a target, you need to follow two steps:
- Go to Configuration in the top menu and select Targets
- Click the blue icon in the top left corner to create a new target
Once you’ve clicked the new target button, you’ll see a dialogue box appear in the space where you have to enter this information:
- Make the target name Metasploitable 2
- The target IP host (the IP address for your Metasploitable 2 lab machine)
- All other settings should remain as default
The newly created target will now appear in the list of available targets:
Now that you’ve set up your target, continue with creating a scan task that will scan the Metasploitable 2 target for vulnerabilities.
Configuring a Scanning Task in OpenVAS
This section of the tutorial covers a new scanning task. Your scanning task defines which set of targets will be scanned, as well as scanning options such as schedules, scanning configurations, and targets already examined and NVTs per host. You will only create a scan task and use the program’s default scan configurations.
To create a new scan task, we have to perform the following steps:
- Go to ‘Scans’ in the top menu and select Tasks
- Point to the blue icon in the top left corner and select New Task
After clicking the new scan option, a dialog screen appears where we have to enter the following information:
- For this exercise, name the task “Scan Metasploitable 2“
- Make sure that the Metasploitable 2 target you created earlier is selected
- Tick the schedule once checkbox.
- Keep all other settings default and click the Create button to create the new task
The newly created task will now appear in the task list as follows:
There’s also a few other options for creating scan tasks. You can use the scan task wizard to instantly scan a target, as well as the advanced scan task wizard, which gives a few more options to configure. For demonstration purposes, stick with the task you’ve just created.
Now that you’ve configured the scan task and added the Metasploitable 2 machine to the target list, all that remains is to run the task and wait for the results.
Running the OpenVAS Vulnerability Scan
To run the newly created task, click the green start button as follows:
The scan task will now execute against the selected target. Please note that the full scan may take a while to complete. When you refresh the tasks page, you will be able to check the progress for the executed task. To do this, follow these steps:
- Reload the page.
- Check task status/progress.
After waiting for a while the scan task is finished and the status changes to Done:
As expected, OpenVAS found a number of severe vulnerabilities.
How To Configure Account For Os X Vulnerability Scan Mac
Interpreting the Scan Results
Once the vulnerability scan has finished, you can browse to Scans→Reports in the top menu. Looking at the reports page, you will find the report for the completed scanning task:
By clicking the report name you get an overview of all discovered vulnerabilities on the Metasploitable 2 machine, which is a lot as already expected. The results are ordered on severity rate by default:
When you click on the vulnerability name you can get an overview of the details regarding the vulnerability. The following details apply to a backdoor vulnerability in Unreal IRCD covered in an earlier tutorial:
Finally, you can also export the report in a variety of formats, such as XML, HTML, and PDF. this can be done by selecting the desired format from the drop-down menu and click the green export icon as follows:
Port scanner is an application that randomly searches for vulnerable areas of the computers that are connected on a network. When you use the Internet, port scanners might try to infect through the vulnerabilities of your Mac. The Vulnerability Protection feature monitors your Mac for port scans and blocks the connection from unauthorized or unknown computers.
Port scans are also used for legitimate purposes. For example, network administrators perform port scans to find and solve any potential problem in your Mac. You can adjust the sensitivity of Vulnerability Protection against the port scan.
How To Configure Account For Os X Vulnerability Scan Pc
Your Norton product notifies you each time it blocks a port scan. The number of notifications varies based on the sensitivity level that you configure for port scans. For example, if you configure the Most secure option, your Norton product displays more notifications. Norton port scan detection does not work when the built-in Mac OS X firewall is turned on.
![Account Account](/uploads/1/2/6/6/126601298/624020190.png)
How To Configure Account For Os X Vulnerability Scan Tool
- Start Norton.If you see the My Norton window, next to Device Security, click Open.
- In the Norton product main window, click Advanced or Settings.
- On the left pane, click Firewall.
- In the Vulnerability Protection row, click the settings icon.
- In the Vulnerability Protection window, click the Advanced tab.
- Under Sensitivity, select any one of the following sensitivity level:Most secureWhen you set this level, your Norton product is more sensitive to port scan. It blocks any application from accessing your Mac and notifies you with alerts. You can set this option when you use a public wireless network to provide the maximum protection for your Mac.Moderate secureWhen you set this level, your Norton product is moderately sensitive to port scans and blocks any unknown or any unwanted application from accessing your Mac.By default, this option is selected.Less secureWhen you set this level, your Norton product is less sensitive to port scans and allows applications to access your Mac. However, your Norton product scans all the application that attempts to access your Mac and notifies you about the details of the applications.
- Click Done.