Graphic: The "Vulnerability Management" chapter covers automated tests using the Greenbone appliance.

Vulnerability Assessment

To maintain a high level of security, anynode undergoes continuous vulnerability assessments, including automated security scans and penetration testing. These tests ensure that both anynode and the underlying system are protected against known threats and vulnerabilities.

By combining automated vulnerability assessments with targeted penetration testing, anynode ensures a secure and resilient communication environment for enterprise deployments.

Vulnerability Management

Vulnerability management uses the Greenbone appliance to scan all IANA-assigned ports with a full and fast methodology, supplemented by OpenVAS, CVE scanning, and compliance audits. Default system configurations are tested, but users must secure custom settings. Security testing includes automatic tests against common vulnerabilities using the Greenbone appliance.

All test runs include a full scan of the servers running anynode, including

  • All IANA assigned TCP and UDP ports

  • "Full and fast" scan configuration (most NVTs (Network Vulnerability Tests); optimized by using previously collected information supplied by Greenbone)

  • Using a collection of 58 individual NVTs (OS/service detection, security checks, brute force attacks et al.)

  • Double testing via OpenVAS and CVE scanner

  • Compliance Audits using various compliance policies

This ensures that not only anynode services are checked, but the server hosting anynode is seen as a complete system.

Keep in mind though that we will always test default system configurations after a fresh installation of the supported operating systems. This includes default system services like OpenSSH. We cannot test custom settings, so it is up to the end user to ensure that customized systems have the same level of security.

Penetration tests

Penetration Tests simulate real-world attack scenarios using tools like sipsak, SIPp, and the Protos SIP Test Suite to evaluate anynode’s resilience against malformed SIP messages, request flooding, and other protocol-based exploits.

A selection of common tools is used to test the resilience of anynode's SIP message parser by sending corrupted messages and flooding anynode with many simultaneous requests.

The list of tools includes

  • sipsak

  • SIPp

  • Protos SIP Test Suite