GFI LANguard Network Security Scanner 7 Manual

2y ago
19 Views
3 Downloads
3.12 MB
172 Pages
Last View : 1m ago
Last Download : 2m ago
Upload by : Xander Jaffe
Transcription

GFI LANguard Network Security Scanner 7ManualBy GFI Software Ltd.

http://www.gfi.comEmail: info@gfi.comInformation in this document is subject to change without notice.Companies, names, and data used in examples herein are fictitiousunless otherwise noted. No part of this document may be reproducedor transmitted in any form or by any means, electronic or mechanical,for any purpose, without the express written permission of GFISOFTWARE Ltd.LANguard is copyright of GFI SOFTWARE Ltd. 2000-2006 GFISOFTWARE Ltd. All rights reserved.Version 7.0 – Last updated May 17, 2006

ContentsIntroduction1Introduction to GFI LANguard Network Security Scanner . 1Importance of internal network security . 1Key features .2GFI LANguard N.S.S. components. 4License scheme . 6Installing GFI LANguard Network Security Scanner7System requirements . 7Firewall considerations . 7Installation procedure. 7Entering your license key after installation . 11Getting started: Performing an audit13Introduction . 13About scanning profiles (list of vulnerability checks/tests). 13Logon credentials to access the target computer(s). 14Important considerations. 14Performing a security scan using default settings . 15Performing a scan using different (default) scanning profiles. 17Performing a scan using alternative target logon credentials. 18Starting security scans directly from the toolbar . 19Getting started: Analyzing the security scan results21Introduction . 21Analyzing the scan results . 21Vulnerabilities. 23Potential vulnerabilities . 27Open shares. 28Password policy settings. 29Registry settings. 29Security audit policy settings. 30Open ports . 32Users and groups. 34Logged on users . 34Running services. 35Remote running processes . 35Installed applications. 36Network devices. 37USB devices. 38Reporting unauthorized devices as high securityvulnerabilities . 39System hot fixes patching status . 39NETBIOS names. 39Scanned target computer details . 40Active sessions . 41Remote time of day. 41Local drives . 42GFI LANguard Network Security ScannerContents i

Saving and loading scan results43Introduction . 43Saving scan results to an external (XML) file . 43Loading saved scan results . 44Loading saved scans from database backend . 44Loading saved scan results from an external (XML) file. 45Filtering scan results47Introduction . 47Running a filter on a scan . 48Creating a custom scan filter . 49Configuring GFI LANguard N.S.S.55Introduction . 55Scanning Profiles . 55Scheduled scans. 56Creating a scheduled scan . 57Configuring result notification options. 59Computer Profiles . 60About SSH Private Key file authentication. 60Creating a new computer profile . 61Changing the properties of a computer profile. 61Using computer profiles in a scan. 62Parameter files . 62Database Maintenance Options. 64Introduction . 64Configuring your database backend . 64Storing scan results in an Microsoft Access databasebackend. 65Database maintenance - manage saved scan results. 67Database maintenance - advanced options . 68Scanning Profiles71Introduction . 71Scanning profiles in action . 73Scanning your local computer with the 'Default ScanningProfile' . 73Scanning your local computer with the 'ApplicationsScanning Profile' . 73Creating a new scanning profile. 74Customizing a scanning profile . 76Configuring TCP/UDP ports scanning options. 76Enabling/disabling TCP Port scanning . 76Enabling/disabling UDP Port scanning . 76Customizing the list of TCP/UDP ports to be scanned . 77Adding a new TCP/UDP port to the list. 77How to edit or remove a port. 78Configuring OS data retrieval options . 78Customizing OS Data Retrieval parameters. 78Configuring vulnerabilities scanning options. 79Enabling/disabling vulnerability scanning . 79Customizing the list of vulnerabilities to be scanned . 80Customizing the properties of vulnerability checks. 80Vulnerability checks - advanced options. 82Configuring patch scanning options. 83Enabling/disabling missing patch detection checks. 83Customizing the list of software patches to be scanned. 84Using the search bulletin information facility. 84ii ContentsGFI LANguard Network Security Scanner

Configuring the security scanning options . 85Configuring the attached devices scanning options . 86Enabling/disabling checks for installed network devices . 88Compiling a list of unauthorized network devices. 89Compiling a list of safe network devices. 89Configuring advanced network device scanning options. 90Enabling/disabling checks for attached USB devices. 91Compiling a list of unauthorized USB devices . 91Compiling a list of safe USB devices . 92Configuring the applications scanning options . 92Enabling/disabling checks for installed applications . 93Compiling a list of unauthorized applications. 94Compiling a list of safe applications. 95Enabling/disabling checks for security applications. 95Customizing the list of security application for scanning . 96Configuring security applications - advanced options. 96GFI LANguard N.S.S. program updates99Introduction . 99Checking the version of current installed updates . 99Downloading software updates from Microsoft in different languages .100Starting program updates manually .101Checking the availability of software updates at program startup .102Configuring which updates to check on program startup.103Patch management: Deploying Microsoft Updates105Introduction .105About the patch deployment agent .105About recalled patches .105Multilingual patch management .107Selecting the target computers where patches will be deployed.107Deploying missing updates on one computer.108Deploying missing updates on a range of computers.108Deploying missing updates on all computers .108Selecting which patches to deploy.109Download the patch and service pack files.110Stopping active downloads .111(Optional) Configure alternative patch file deployment parameters .112Deploy the updates .113Starting the patch deployment process .113Patch management: Deploying custom software115Introduction .115Selecting targets for custom software/patch deployment .115Enumerating the software to be deployed .116Start the deployment process .117Scheduling patch deployment.117Deployment options .118Before deployment options .118After deployment options .119Advanced deployment options.120Results comparison121Introduction .121Comparing scan results interactively .121Configuring what information will be reported.121Generating a Results Comparison Report.123GFI LANguard Network Security ScannerContents iii

GFI LANguard N.S.S. Status Monitor125Viewing scheduled operations .125Viewing the progress of scheduled scans .125Viewing the progress of scheduled deployments .126Tools127Introduction .127DNS lookup .127Trace Route .128Whois Client .129SNMP Walk.130SNMP Auditing tool .131Microsoft SQL Server Audit tool.131Enumerate computers tool.132Starting a security scan.133Deploying custom patches.133Enabling auditing policies .133Enumerate users tool .134Using GFI LANguard N.S.S. from the command line135Using ‘lnsscmd.exe’ - the command line scanning tool .135Example: How to launch target computer scanning from thecommand line tool.136Using ‘deploycmd.exe’ - the command line patch deployment tool.136Example: How to launch a patch deployment process fromthe command line tool.138Adding vulnerability checks via custom conditions or scripts139Introduction .139GFI LANguard N.S.S. VBscript language .139GFI LANguard N.S.S. SSH Module .140Keywords: .140Adding a vulnerability check that uses a custom VB (.vbs) script .141Step 1 : Create the script .141Step 2: Add the new vulnerability check: .141Adding a vulnerability check that uses a custom shell script.143Step 1 : Create the script .143Step 2: Add the new vulnerability check: .144Adding a CGI vulnerability check .145Adding other vulnerability checks .147Miscellaneous153Enabling NetBIOS on a network computer .153Installing the Client for Microsoft Networks component on Windows2000 or higher .154Configuring Password Policy Settings in an Active Directory-BasedDomain.155Viewing the Password Policy Settings of an Active ction .161Knowledge Base .161Request support via email .161Request support via web chat.162Request support via phone .162iv ContentsGFI LANguard Network Security Scanner

Web Forum .162Build notifications .162IndexGFI LANguard Network Security Scanner163Contents v

IntroductionIntroduction to GFI LANguard Network Security ScannerGFI LANguard Network Security Scanner (GFI LANguard N.S.S.) is asecurity auditing tool, which proactively reports, and supports fixing ofnetwork vulnerabilities in a timely fashion.During a security audit, GFI LANguard N.S.S. scans your entirenetwork, IP by IP, and alerts you about weaknesses discovered onyour network(s). Using a combination of operating system functionstogether with the features offered by GFI LANguard N.S.S., you canproactively deal with the security issues detected. For example,security issues can be proactively detected by shutting downunnecessary ports, closing shares as well as installing service packsand hot-fixes before malicious persons can exploit them.By default, GFI LANguard N.S.S. allows you to perform security auditson both Windows and Linux-based target computers. During an audit,the scanning engine collects various hardware and softwareinformation from the scanned targets. This includes the service packlevel of each target computer, potentially vulnerable devices such aswireless access points and USB devices, installed applications, aswell as open shares and open ports. The scanner also enumeratesspecific OS configuration settings such as Windows registry settingsand password policy configuration details aiding in the identification ofcommon security issues related to an improperly configured operatingsystem (such as an OS running on default settings).GFI LANguard N.S.S. is also equipped with algorithms that check forthe presence of particular security software (i.e. anti-virus and antispyware applications) as well as ensure that they are running with thelatest definition files released by their parent company. Whereapplicable, the scanning engine will also check that important securityfeatures such as real time scanning are enabled on anti-virus and antispyware applications allowing you to ensure that the security solutionsdeployed on your network are running effectively.Out of the box, GFI LANguard N.S.S. also supports patchmanagement for non-English operating systems. This means that youcan automatically download missing Microsoft updates in a variety oflanguages and deploy them network-wide. You can also use the patchdeployment engine to remotely install custom software as well as thirdparty (non-Microsoft) patches network-wide (for instance anti-virusdefinition updates).Importance of internal network securityInternal network security is very often underestimated by itsadministrators. In fact, in certain environments such security does noteven exist, allowing one user to easily access another user’sGFI LANguard Network Security ScannerIntroduction 1

computer using well-known exploits, trust relationships and defaultsettings. Most of these attacks require little or no skill, putting theintegrity of a network at stake.Due to the amount of flexibility needed for normal operation, internalnetworks cannot afford maximum security. On the other hand, with nosecurity at all, internal users can be a major threat to many corporateinternal networks.According to the CERT Co-ordination Centre at Carnegie MellonUniversity in the US:“An ‘insider intrusion’ is any compromise of a network, systemor database that is committed by someone who has (or usedto have) legitimate access to the network, system or data.Such ‘insiders’ can include current and former employees,part-time employees, business partners, consultants andcontractors.” - Computer Weekly.A user within the company already has access to many internalresources without needing to bypass firewalls or other securitymechanisms. In fact, these security measures are generally used toprevent non-trusted external sources, such as Internet users, fromaccessing the internal network. However, most threats come frominternal users. An internal user, equipped with hacking skills, cansuccessfully penetrate and achieve administrative network rights whileensuring that their abuse is hard to identify or even detect. TheComputer Crime and Security Survey compiled in 2003 by theComputer Security Institute and the FBI discovered that approximately65% of respondents reported at least one security incident involvingan insider.Poor network security may also allow malicious users that break into anetwork system to access the rest of the internal network more easily.This would enable a sophisticated attacker to read and possibly leakconfidential emails and documents, delete data and damagecomputers - leading to loss of important information and more. Spitefulintruders may also use your network and network resources to turnaround and attack (or spy!) other sites (i.e. attack relaying). In thisway, all evidence of the attack will lead back to you and yourcompany, without exposing the hacker’s own identity.Most vulnerabilities can be easily patched and attacks against knownexploits can be easily stopped by administrators if they get to knowabout them in time. GFI LANguard N.S.S. assists administrators in theidentification of these vulnerabilities!Key features2 Introduction Finds rogue services and open TCP and UDP ports. Detects knownvulnerabilities. Detects rogue or backdoor users. Detects open shares and enumerates who has access to theseshares including their respective permissions. Enumerates groups, including group members during targetcomputer scanning.CGI,DNS,FTP,Mail,RPCandotherGFI LANguard Network Security Scanner

Enumerates USB devices attached to target computers (forexample, Apple iPod, and other portable storage devices). Enumerates network devices and identifies if these devices areWired, Wireless or Virtual. Enumerates services and their respective state. Enumerates remote running processes. Enumerates installed applications. Checks that the signature files of supported installed securityapplications (anti-virus and anti-spyware) are updated. Whereapplicable the security scanner will also examine the runningconfiguration settings of particular security software (for example,BitDefender anti-virus) to verify that key features such as real-timescanning are enabled. Scheduling of network security scans and email reporting oncompletion. Security scanning and OS data collection for Windows operatingsystems. Security scanning and OS data collection for Linux operatingsystems through SSH. Logon to remote Linux targets through conventional logoncredentials strings as well as through Public Key authentication(i.e. using SSH Public/Private Key files). Self-updating – Automatically downloads definition files for thelatest vulnerability checks, missing patches information onprogram startup. Patch management support for Windows 2000/XP/2003 operatingsystems, Microsoft Office XP or later, Microsoft Exchange 2000and Microsoft SQL Server 2000 or later. Patch management support for multilingual operating systems. Allows you to save security scan results in Microsoft Access orMicrosoft SQL Server database backend and XML files. Reports to administrator on completion of a scheduled scan withdetailed full scan results and/or detected changes identifiedbetween successive scans. Live host detection and Operating system identification. SNMP Auditing. Microsoft SQL Auditing. Script debugger that you can use to create and debug customvulnerability checks. Checks are created using a VBscriptcompatible scripting language. Supports multithreading (i.e.computers at the same time). Includes command line tools that allow you to scan and deploysoftware updates/patches and third party applications withoutbringing up the GFI LANguard N.S.S. user interface. Thesecommand line tools can be used directly from the command lineprompt, through third party applications as well as through customscripts and batch files.GFI LANguard Network Security ScannerallowsscanningofmultipleIntroduction 3

GFI LANguard N.S.S. componentsGFI LANguard N.S.S. is built on an architecture that allows for highreliability and scalability catering for both medium to larger sizednetworks.GFI LANguard N.S.S. consists of five main components which are: GFI LANguard N.S.S configuration/user interface GFI LANguard N.S.S. Attendant service GFI LANguard N.S.S. Status Monitor. GFI LANguard N.S.S. Patch Agent service GFI LANguard N.S.S. Script Debugger.GFI LANguard N.S.S. configuration/user interfaceScreenshot 1 - GFI LANguard N.S.S. configuration interfaceLaunch GFI LANguard N.S.S. from Start Programs GFILANguard Network Security Scanner

GFI LANguard Network Security Scanner Introduction 1 Introduction Introduction to GFI LANguard Network Security Scanner GFI LANguard Network Security Scanner (GFI LANguard N.S.S.) is a security auditing tool, which proactively reports, and suppor

Related Documents:

GFI LANguard N.S.S. will need approximately 40 MB of free hard disk space. 9. After GFI LANguard N.S.S. has been installed, you can run GFI LANguard Network Security Scanner from the start menu. Entering your License key after installation If you have purchased GFI LANguard N.S.S., you can e

220 220 s sss 3 lcfp s s gfi gfi gfi gfi wp gfi 60x30 free standing ss 3 ss 3 gfi 24" ut s s s ref gfi gfi gfi gfi gfi gfi 2 r & 2 s 1. all dimensions are to the rough frame of studs 2. center all openings unless otherwise not

WSUS and GFI LANguard What is GFI LANguard? GFI LANguard is a security scanner that checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. Its powerful reporting allows you to easily lock down your network .

GFI LANguard 9.0 default reports The GFI LANguard 9.0 default reports are a collection of specialized pre-configured reports which plug into the GFI ReportCenter framework. These reports present the results of network security scans performed by GFI LANguard and allow for the generation of

10 Installing GFI LANguard 9 Getting started guide 1. Launch the GFI LANguard management console from Start Programs GFI LANguard 9.0 LANguard. 2. Click on Quick Scan. 3. Select Scan this computer and click Next. 4. Select

GFI LANguard 9 Manuale Introduzione i Indice 1 Introduzione 1 1.1 Introduzione a GFI LANguard 1 1.2 Componenti di GFI LANguard 1 1.3 Strategia di gestione delle vulnerabilità 2 2 Fase 1: Esecuzione di un controllo 3 2

About GFI LanGuard GFI LanGuard is an award-winning network security and vulnerability scanner used by tens of thousands of customers. GFI LanGuard provides a complete network security overview with minimal administrative effort, while also providing remedial action through its patch management features. Easy to set up and

on top of it, including the ASP.NET MVC, Entity Framework, and Enterprise Library. Since it has been around for a long time, most legacy and existing .NET applications are developed for the .NET Framework, and it also has the richest set of libraries, assemblies, and an ecosystem of packages. One of the key challenges for .NET Framework applications is that backward- compatibility can be .