Qualys Community Edition is a free version of the Qualys Cloud Platform designed for the security community.

  • Discover IT assets.
  • Manage vulnerabilities.
  • Scan web apps.
  • Inventory cloud assets.

Qualys Community Edition Getting Started Guide: https://www.qualys.com/docs/qualys-community-edition-user-guide.pdf

Features

Qualys Community
Edition gives you these great capabilities at no cost:

  • Monitor up to 16 assets with
    Qualys Cloud Agent
  • Scan up to 16 internal and 3
    external IPs with Vulnerability Management
  • Scan 1 URL with Web Application
    Scanning.
  • Deploy a Virtual Scanner Appliance
    within your internal network.
  • Gain visibility within your
    cloud environments.
  • Generate reports and assess
    results quickly and easily.

Your scan data within the platform will be
retained for 90 days. Be sure to download and save reports for your records as
you continue to use the Qualys Community Edition. Accounts that are inactive
for 6 months
are automatically purged for security.


To summarize the limitations:
Only the scanning of 16 IP addresses (internal or public) is allowed, and only 1 Web application Scanner is available. Furthermore, only one local appliance can be deployed, so only one internal network can be scanned.

Similar product: Tsunami Security Scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
URLs: 
  • https://github.com/google/tsunami-security-scanner
  • https://github.com/google/tsunami-security-scanner/blob/master/docs/index.md
  • https://github.com/google/tsunami-security-scanner-plugins



Registration

Registration can be done here
1. Registration

2. Emails

The Getting Started Guide will assist with initial setup of the Community Edition.

Quick Start

To scan your internal network you will need to download the virtual appliance, and register it with the Qualys Platform. 
Use the Discovery scan to get a list of assets (hosts) present on you local network, and check the open ports.


Operations


Vulnerability Scan

This is where it gets interesting. Select up to 16 internal or external IP addresses to be scanned. This is the basis for either an on-demand scan, or future scheduled scans. There are many options to choose from, but often the defaults are fine. To scan the internal network, select the virtual appliance you downloaded earlier. I also recommend performing some external scans using the external (Qualys) scanner, targeting your external IP address, to see what is vulnerable from the outside. The internal scan took about 35 minutes on my network, but it probably depends on the number of open ports.

Web Application scanning

Qualys Community Edition package also includes Web Application scanning, although the CE is limited to one web application only. There are many settings to tweak the scan to your needs. Even complicated Selenium scripts can be included in the scans. It is unfortunate that contrary to the vulnerability scans, the Web Application Scans cannot be scheduled.

Cloud agents

A different way to scan the infrastructure is the use of cloud agents. These are small programs that are installed on the computers of the network. Agents can be downloaded for Linux, Windows, IBM AIX, and OSX. From the inside of the computer, they can detect things that cannot be detected easily from the outside. The agents can for instance detect software that needs updating.

Results

By default, both the vulnerability scan and web application scans may give a lot vulnerabilities. And this is where things get more complicated. What are false positives, what can be ignored, and what should be rectified immediately? Of course, all vulnerabilities are ranked by threat level, and Qualys does an excellent job at giving additional information about the vulnerabilities found. One the other hand, the discovery scan only sees devices which respond to ICMP (ping) messages, so rogue devices can still be hiding in your network without being detected. The cloud agents work really well, the day after Adobe reported a vulnerability I could see which of my system contained the problem. Scanning from the outside proved useful, and pointed out that some application used uPnP to unintentionally forward a port on my router.


Videos

 

Here is a video to show you how to register a community edition and install virutal appliance on your local network to execute internal scanning:

References

By netsec

Leave a Reply