GFI LANguard Network Security Scanner 5 Manual
GFI LANguard Network Security Scanner 5ManualBy GFI Software Ltd.
GFI SOFTWARE Ltd.http://www.gfi.comE-mail: info@gfi.comInformation in this document is subject to change without notice.Companies, names, and data used in examples herein are fictitiousunless otherwise noted. No part of this document may be reproducedor transmitted in any form or by any means, electronic or mechanical,for any purpose, without the express written permission of GFISOFTWARE Ltd.LANguard is copyright of GFI SOFTWARE Ltd. 2000-2004 GFISOFTWARE Ltd. All rights reserved.Version 5.0 – Last updated 01/12/04
ContentsIntroduction5Introduction to GFI LANguard Network Security Scanner. 5Importance of Internal Network Security . 5Key Features . 6GFI LANguard N.S.S. components . 6License Scheme . 7Installing GFI LANguard Network Security Scanner9System Requirements . 9Installation Procedure. 9Entering your License key after installation. 11Getting Started: Performing an Audit13Introduction to Security Audits. 13Performing a Scan . 13Analyzing the Scan Results. 14IP, Machine name, OS and Service pack Level.15Vulnerabilities Node.15Potential Vulnerabilities Node .16Shares .16Password Policy .17Registry.17Security audit policy.17Open Ports .19Users & Groups .19Services .19System Patching status .19Additional Results . 20General Information -?.Error! Bookmark not deTrusted Domains - ? .Error! Bookmark not deComputer .20Performing On site and Off site scans. 20On Site Scan .20Off Site Scan .21Comparison of on site and off site scans .21Filtering scan results23Introduction . 23Selecting the scan results source. 24Creating a custom scan filter . 24Configuring Scan Options27Introduction to Scan Options . 27Scanning profiles . 27Scanned TCP/UDP ports. 28How to add/edit/remove ports .28Scanned OS data . 29LANguard Network Security Scanner ManualContents i
Scanned Vulnerabilities . 30Types of Vulnerabilities .30Downloading the latest Security Vulnerabilities.31Scanned Patches . 31Scanner options. 32Network discovery methods .33Scheduled Scans. 34Parameter files. 36Patch Deployment39Introduction to patch deployment . 39The patch deployment agent .39Step 1: Perform a scan of your network . 39Step 2: Select on which machines to deploy the patches . 40Step 3: Select which patches to deploy. 41Step 4: Download the patch & service pack files . 42Downloading the patches .42Step 5: Patch file deployment parameters . 43Step 6: Deploy the updates . 44Deploying custom software . 45Step 1: Select the machines on which to install thesoftware/patches .46Step 2: Specify software to deploy .46Step 3: Start the deployment process .46Deployment options. 47Results Comparison49Why Compare Results?. 49Performing a Results Comparison interactively . 49Performing a Comparison with the Scheduled Scans Option . 50Tools51Introduction . 51DNS lookup. 51Trace Route . 52Whois Client. 53SNMP Walk . 53SNMP Audit . 53MS SQL Server Audit . 54Enumerate Computers . 55Launching a security scan .55Deploying Custom patches.55Enabling Auditing Policies .55Enumerate Users. 56Adding vulnerability checks via conditions or scripts57Introduction . 57GFI LANguard N.S.S. VBscript language. 57Adding a vulnerability check that uses a custom script . 57Step 1 : Create the script.57Step 2: Add the new vulnerability check:.58Adding a CGI vulnerability check . 59Adding other vulnerability checks . 60Troubleshooting65Introduction . 65Knowledgebase . 65Contents iiLANguard Network Security Scanner Manual
Request support via e-mail. 65Request support via webchat . 66Request support via phone. 66Web Forum . 66Build notifications. 66IndexLANguard Network Security Scanner Manual67Contents iii
IntroductionIntroduction to GFI LANguard Network Security ScannerGFI LANguard Network Security Scanner (GFI LANguard N.S.S.) is atool that allows network administrators to quickly and easily perform anetwork security audit. GFI LANguard N.S.S. creates reports that canbe used to fix security issues on a network. It can also perform patchmanagement.Unlike other security scanners, GFI LANguard N.S.S. will not create a'barrage' of information, which is virtually impossible to follow up on.Rather, it will help highlight the most important information. It alsoprovides hyperlinks to security sites to find out more about thesevulnerabilities.Using intelligent scanning, GFI LANguard N.S.S. gathers informationon machines such as usernames and groups, which may includerogue objects to allow backdoor access, network shares and similarobjects found on a Windows Domain.Apart from this, GFI LANguard N.S.S. also identifies specificvulnerabilities such as configuration problems in FTP servers, exploitsin Microsoft IIS and Apache Web Servers or problems in NT securitypolicy configuration, plus many other potential security issues.Importance of Internal Network SecurityInternal Network security is, more often than not, underestimated byits administrators. Very often, such security does not even exist,allowing one user to easily access another user’s machine using wellknown exploits, trust relationships and default settings. Most of theseattacks require little or no skill, putting the integrity of a network atstake.Most employees do not need and should not have access to eachother’s machines, administrative functions, network devices and soon. However, because of the amount of flexibility needed for normaloperation, internal networks cannot afford maximum security. On theother hand, with no security at all, internal users can be a major threatto many corporate internal networks.A user within the company already has access to many internalresources and does not need to bypass firewalls or other securitymechanisms which prevent non-trusted sources, such as Internetusers, to access the internal network. Such internal users, equippedwith hacking skills, can successfully penetrate and achieve remoteadministrative network rights while ensuring that their abuse is hard toidentify or even detect.LANguard Network Security Scanner ManualIntroduction 5
In fact, 80% of network attacks originate from inside the firewall(ComputerWorld, January 2002).Poor network security also means that, should an external hackerbreak into a computer on your network, he/she can then access therest of the internal network more easily. This would enable asophisticated attacker to read and possibly leak confidential emailsand documents; trash computers, leading to loss of information; andmore. Not to mention then use your network and network resources toturn around and start attacking other sites, that when discovered willlead back to you and your company, not the hacker.Most attacks, against known exploits, could be easily fixed and,therefore, be stopped by administrators if they knew about thevulnerability in the first place. The function of GFI LANguard N.S.S. isto assist administrators in the identification of these vulnerabilities.Key Features Finds rogue services and open TCP and UDP ports Detects knownvulnerabilities Detects Rogue or backdoor users Detects Open shares Enumeration of users, services, etc. Can perform Scheduled Scans Automatically updates Security vulnerability checks Ability to detect missing hot fixes and service packs for theoperating system. Ability to detect missing hot fixes and service packs for supportedapplications. Ability to compare scans, to learn about new possible entry points Ability to patch OS (English Windows Systems) & Officeapplications (English, French, German, Italian, Spanish) Operating system identification Live host detection HTML, XSL and XML output SNMP & MS SQL auditing VBscript compatiblevulnerability ildothercustomGFI LANguard N.S.S. componentsGFI LANguard N.S.S. is built on an enterprise class architecture andhas the following componentsGFI LANguard Network Security ScannerThis is the main interface to the product. Use this application to viewthe scanning results real time, configuring scan options, scan profiles,filter reports, use specialized security administration tools and more.6 IntroductionLANguard Network Security Scanner Manual
GFI LANguard N.S.S. attendant serviceThis service runs scheduled network scans, and scheduled patchdeployments. It runs in the background.GFI LANguard N.S.S. Patch agent serviceThis service is deployed on the target machines on which a patch,service pack or software has to be deployed and takes care of theactual patch, service pack or software installation.GFI LANguard N.S.S. Script DebuggerUse this module to write/debug custom scripts that you have created.License SchemeThe GFI LANguard N.S.S. licensing scheme works on the number ofmachines & devices that you wish to scan. For example, the 100 IPlicense allows you to scan up to 100 machines or devices from asingle workstation/server on your network.LANguard Network Security Scanner ManualIntroduction 7
Installing GFI LANguard NetworkSecurity ScannerSystem RequirementsThe installation of GFI LANguard Network Security Scanner requiresthe following: Windows 2000/2003 or Windows XP Internet Explorer 5.1 or higher Client for Microsoft Networks must be installed. NO Personal Firewall software or the Windows XP InternetConnection Firewall can be running while doing scans. It can blockfunctionality of GFI LANguard N.S.S. To deploy patches on remote machines you need to haveadministrator privilegesInstallation Procedure1. Run the LANguard Network Security Scanner setup program bydouble clicking on the lannetscan.exe file. Confirm that you wish toinstall GFI LANguard N.S.S. The set-up wizard will start. Click Next.2. After reading the License agreement dialog box, click Yes toaccept the agreement and continue the installation.3. Setup will ask you for user information and License keyLANguard Network Security Scanner ManualInstalling GFI LANguard Network Security Scanner 9
Specify domain administrator credentials or use local system account4. Setup will ask you for domain administrator credentials which areused by the LANguard N.S.S Attendant service (which runs scheduledscans). Enter the necessary credentials and click Next.Choose database back-end5. Setup will ask you to choose the database backend for the GFILANguard N.S.S database. Choose between Microsoft Access orMicrosoft SQL Server\MSDE and click Next.NOTE : SQL Server/MSDE must be installed in mixed mode or SQLserver authentication mode. NT authentication mode only is notsupported.10 Installing GFI LANguard Network Security ScannerLANguard Network Security Scanner Manual
6. If you selected Microsoft SQL Server/MSDE as a databasebackend, you will be asked for the SQL credentials to use to log on tothe database. Click Next to continue.7. Setup will ask you for an administrator email address and your mailserver name. These settings will be used for sending administrativealerts.8. Choose the destination location for GFI LANguard N.S.S. and clickNext. GFI LANguard N.S.S. will need approximately 40 MB of freehard disk space.9. After GFI LANguard N.S.S. has been installed, you can run GFILANguard Network Security Scanner from the start menu.Entering your License key after installationIf you have purchased GFI LANguard N.S.S., you can enter yourLicense key in the General Licensing node.If you are evaluating GFI LANguard N.S.S., it will time out after 60days (with evaluation key). If you then decide to purchase GFILANguard N.S.S., you can just enter the License key here withouthaving to re-install.You must license GFI LANguard N.S.S. for the number of machinesthat you wish to scan, and for the number of machines that you wishto run it on. If you have 3 administrators using GFI LANguard N.S.S.then you have to buy 3 licenses.Entering the License key should not be confused with the process ofregistering your company details on our website. This is important,since it allows us to give you support and notify you of importantproduct news. Register on:http://www.gfi.com/pages/regfrm.htmNote: To find out how to buy GFI LANguard N.S.S., follow the General How to purchase node.LANguard Network Security Scanner ManualInstalling GFI LANguard Network Security Scanner 11
Getting Started: Performing an AuditIntroduction to Security AuditsAn audit of network resources enables the administrator to identifypossible risks within a network. Doing this manually requires a lot oftime, because of the repetitive tasks and procedures, which have tobe applied to each machine on the network. GFI LANguard N.S.S.automates the process of a security audit & easily identifies commonvulnerabilities within your network in a short time.Note: If your company runs any type of Intrusion Detection Software(IDS) then be aware that the use of LANguard Network SecurityScanner will set off almost every bell and whistle in it. If you are notthe one in charge of the IDS system, make sure that the administratorof that box or boxes is aware of the scan that is about to be run.Along with the warning of IDS software be aware that a lot of thescans will show up in log files across the board. Unix logs, webservers, etc. will all show the attempt from the machine runningLANguard Network Security Scanner. If you are not the soleadministrator at your site make sure that the other administrators areaware of the scans you are about to run.Performing a ScanThe first step in beginning an audit of a network is to perform a scan ofcurrent network machines and devices.To begin a new network scan:1. Click on File New.2. Select what to scan. You can select the following:a. Scan one Computer - This will scan a single machine.b. Scan Range of Computers – This will scan a specific rangeof IP'sc. Scan List of Computers – This scans a custom list ofcomputers. Computers can be added to the list by selectingthem from a list of enumerated computers, by enteringthem one by one, or by importing the list from a text file.d. Scan a Domain – This scans an entire windows domain.3. Depending on what you want to scan input the starting and endingrange of the network to be scanned.4. Select Start Scan.LANguard Network Security Scanner ManualGetting Started: Performing an Audit 13
Performing a scanLANguard Network Security Scanner will now perform a scan. It willfirst detect which hosts/computers are on, and only scan those. This isdone using NETBIOS probes, ICMP ping and SNMP queries.If a device does not answer to one of these GFI LANguard N.S.S. willassume, for now, that the device either does not exist at a specific IPaddress or that it is currently turned off.Note: If you want to force a scan on Imps that do not respond, see thechapter ‘Configuring scan options’ for information how to configurethis.Analyzing the Scan ResultsAnalyzing the results14 Getting Started: Performing an AuditLANguard Network Security Scanner Manual
After a scan, nodes will appear under each machine that GFILANguard N.S.S. finds. The left pane will list all the machines andnetwork devices. Expanding one of these will list a series of nodeswith the information found for that machine or network device. Clickingon a particular node will display the scanned information in the rightpane.GFI LANguard N.S.S. will find any network device that is currentlyturned on when doing a network probe. Depending on the type ofdevice and what type of queries it responds to will determine how GFILANguard N.S.S. identifies it and what information it can retrieve.Once GFI LANguard N.S.S. has finished its scan ofmachine/device/network it will display the following information.theIP, Machine name, OS and Service pack LevelThe IP address of the machine/device will be shown. Then theNetBIOS DNS name will be shown, depending on the type of device.GFI LANguard N.S.S. will report what OS is running on the device andif it is a Windows NT/2000/XP/2003 OS, it will show the service packlevel.Vulnerabilities NodeThe vulnerabilities node displays detected security issues and informsyou how to fix them. These threats can include missing patches andservice packs, HTTP issues, NETBIOS alerts, configuration problemsand so on.Vulnerabilities are broken down into the following sections: MissingService Packs, Missing Patches, High security vulnerabilities, Mediumsecurity vulnerabilities and Low security vulnerabilities.Under each of the High / Medium / Low vulnerabilities sections youcan find further categorization of the issues detected using thefollowing grouping: CGI Abuses, FTP Vulnerabilities, DNSVulnerabilities, Mail Vulnerabilities, RPC Vulnerabilities, iscellaneousVulnerabilities.Missing patches GFI LANguard N.S.S. checks for missing patchesby comparing installed patches with the available patches for aparticular product. If the machine is missing any patches you shouldsee something like this:First it tells you what product the patch is for. If you expand that, it willtell you the specific patch that is missing and give you a link to whereyou can download that specific patch.CGI Abuses describe issues related to Apache, Netscape, IIS andother web servers.LANguard Network Security Scanner ManualGetting Started: Performing an Audit 15
FTP vulnerabilities, DNS vulnerabilities, Mail vulnerabilities, RPCvulnerabilities, and Miscellaneous vulnerabilities provide links toBugtraq or other security sites so that you can lookup moreinformation about the problem GFI LANguard N.S.S. found.Service vulnerabilities can be a number of things. Anything fromactual services running on the device in question to accounts listed ona machine that have never been used.Registry vulnerabilities cover information pulled from a Windowsmachine when GFI LANguard N.S.S. does its initial scan. It willprovide a link to Microsoft’s site or other security related sites thatexplain why these registry settings should be changed.Information vulnerabilities are alerts added to the database that areissues important enough to be brought to the administrators’ attention,but not always damaging to leave open.Potential Vulnerabilities NodeThe potential vulnerabilities node displays potential security issues,important information, as well as certain checks that could not beperformed. For example if it could not be determined that a particularpatch is installed, it will be listed under the Non-detectable patchesnode. These potential vulnerabilities need to be reviewed by theadministrator.Potential vulnerabilities nodeSharesThe shares node lists all shares on a machine and who has access toa share. All network shares must be properly secured. Administratorsshould make sure that:1. No user is sharing his/her whole drive with other users.2. Anonymous/unauthenticated access to shares is not allowed.3. Startup folders or similar system files are not shared. This couldallow less privileged users to execute code on target machines.16 Getting Started: Performing an AuditLANguard Network Security Scanner Manual
The above is very important for all machines, but especially formachines that are critical to system integrity, such as the PublicDomain Controller. Imagine an administrator sharing the startup folder(or a folder containing the startup folder) on the PDC to all users.Given the right permissions, users can then easily copy executablesinto the startup folder, which will be executed upon the next interactivelogon by the administrator.Note: If you are running the scan logged in as an administrator, youwill also see the administrative shares, for example "C - defaultshare". These shares will not be available to normal users.With the way Klez and other new viruses are starting to spread,through the use of open shares, all unneeded shares should be turnedoff, and all needed shares should have a password on them.Password PolicyThis node allows you to check if the password policy is secure. Forexample enable a maximum password age and password history.Minimum password length should be something practical, such as 8characters. If you have Windows 2000, you can enable a securepassword policy, network wide, using a GPO (Group Policy Objects) inActive Directory.RegistryThis node gives vital information about the remote registry. Click onthe Run node to check what programs automatically launch at startup.Check that the programs that automatically launched are not Trojansor even valid programs that provide remote access into a machine ifsuch software is not allowed on your network. Any type of RemoteAccess software can end up being a backdoor that a potential hackercan use to gain entrance.Security audit policyThis node shows which security auditing policies are enabled on theremote machine. The following auditing policies are recommended:Auditing PolicySuccessFailureAccount logon eventsYesYesAccount managementYesYesDirectory service accessYesYesLogon eventsYesYesObject accessYesYesPolicy changeYesYesPrivilege useNoNoProcess trackingNoNoSystem eventsYesYesYou can enable auditing directly from GFI LANguard N.S.S. Right clickon one of the computers in the left pane and select “Enable auditing”.This will bring up a the auditing policy administration wizard.LANguard Network Security Scanner ManualGetting Started: Performing an Audit 17
Specify which auditing policies to turn on. There are 7 securityauditing policies in Windows NT and 9 security auditing policies inwindows 2000. Enable the desired auditing policies on the computersto be monitored. Click on Next to turn on the auditing policies.Enabling Audit Policies on remote machines.If no errors are encountered, the finish page will be displayed. If anerror has occurred then another page will be displayed indicating thecomputers on which the application of the policies failed.Results dialog in audit policy wizard18 Getting Started: Performing an AuditLANguard Network Security Scanner Manual
Open PortsThe open ports node lists all open ports found on the machine. (This iscalled a port scan). GFI LANguard N.S.S. does a selective port scan,meaning it does not by default scan all 65535 TCP and 65535 UDPports, just the ports it is configured to scan for. You can configure theports it should scan for from Scan options. For more information seethe chapter “Configuring Scan Options,
GFI LANguard N.S.S. will need approximately 40 MB of free hard disk space. 9. After GFI LANguard N.S.S. has been installed, you can run GFI LANguard Network Security Scanner from the start menu. Entering your License key after installation If you have purchased GFI LANguard N.S.S., you can e
GFI LANguard Network Security Scanner Introduction 1 Introduction Introduction to GFI LANguard Network Security Scanner GFI LANguard Network Security Scanner (GFI LANguard N.S.S.) is a security auditing tool, which proactively reports, and suppor
220 220 s sss 3 lcfp s s gfi gfi gfi gfi wp gfi 60x30 free standing ss 3 ss 3 gfi 24" ut s s s ref gfi gfi gfi gfi gfi gfi 2 r & 2 s 1. all dimensions are to the rough frame of studs 2. center all openings unless otherwise not
WSUS and GFI LANguard What is GFI LANguard? GFI LANguard is a security scanner that checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. Its powerful reporting allows you to easily lock down your network .
GFI LANguard 9.0 default reports The GFI LANguard 9.0 default reports are a collection of specialized pre-configured reports which plug into the GFI ReportCenter framework. These reports present the results of network security scans performed by GFI LANguard and allow for the generation of
10 Installing GFI LANguard 9 Getting started guide 1. Launch the GFI LANguard management console from Start Programs GFI LANguard 9.0 LANguard. 2. Click on Quick Scan. 3. Select Scan this computer and click Next. 4. Select
GFI LANguard 9 Manuale Introduzione i Indice 1 Introduzione 1 1.1 Introduzione a GFI LANguard 1 1.2 Componenti di GFI LANguard 1 1.3 Strategia di gestione delle vulnerabilità 2 2 Fase 1: Esecuzione di un controllo 3 2
About GFI LanGuard GFI LanGuard is an award-winning network security and vulnerability scanner used by tens of thousands of customers. GFI LanGuard provides a complete network security overview with minimal administrative effort, while also providing remedial action through its patch management features. Easy to set up and
Adolf Hitler Translated into English by James Murphy . Author's Introduction ON APRIL 1st, 1924, I began to serve my sentence of detention in the Fortress of Landsberg am Lech, following the verdict of the Munich People's Court of that time. After years of uninterrupted labour it was now possible for the first time to begin a work which many had asked for and which I myself felt would be .
