Table of Contents
Introduction
Introduction to GFI LANguard Network Security Scanner
Importance of internal network security
Key features
GFI LANguard N.S.S. components
GFI LANguard N.S.S. configuration/user interface
GFI LANguard N.S.S. attendant service
GFI LANguard N.S.S. patch agent service
GFI LANguard N.S.S. Script Debugger
GFI LANguard N.S.S. Status Monitor
License scheme
Installing GFI LANguard Network Security Scanner
System requirements
Firewall considerations
Installation procedure
Entering your license key after installation
Getting started: Performing an audit
Introduction
About scanning profiles (list of vulnerability checks/tests)
Logon credentials to access the target computer(s)
Important considerations
Performing a security scan using default settings
About the scanning process
Performing a scan using different (default) scanning profiles
Performing a scan using alternative target logon credentials
Starting security scans directly from the toolbar
Getting started: Analyzing the security scan results
Introduction
Analyzing the scan results
Vulnerabilities
Vulnerabilities Missing service packs
Vulnerabilities Missing patches
Vulnerabilities High, medium, low security vulnerabilities
· CGI abuses
· FTP, DNS, Mail, RPC and Misc/Linux/UNIX vulnerabilities
· Service vulnerabilities
· Registry vulnerabilities
Potential vulnerabilities
Open shares
Password policy settings
Registry settings
Security audit policy settings
Open ports
Users and groups
Logged on users
Running services
Remote running processes
Installed applications
Network devices
USB devices
Reporting unauthorized devices as high security vulnerabilities
System hot fixes patching status
NETBIOS names
Scanned target computer details
Active sessions
Remote time of day
Local drives
Saving and loading scan results
Introduction
Saving scan results to an external (XML) file
Loading saved scan results
Loading saved scans from database backend
Loading saved scan results from an external (XML) file
Filtering scan results
Introduction
Running a filter on a scan
Creating a custom scan filter
Configuring GFI LANguard N.S.S.
Introduction
Scanning Profiles
Scheduled scans
Creating a scheduled scan
Configuring the scan results saving options
Configuring result notification options
Computer Profiles
About SSH Private Key file authentication
Creating a new computer profile
Changing the properties of a computer profile
Using computer profiles in a scan
Parameter files
Database Maintenance Options
Introduction
Configuring your database backend
Selecting your database backend
Storing scan results in an Microsoft Access database backend
Storing scan results in an Microsoft SQL Server database backend
Database maintenance - manage saved scan results
Database maintenance - advanced options
Scanning Profiles
Introduction
Scanning profiles in action
Scanning your local computer with the 'Default Scanning Profile'
Scanning your local computer with the 'Applications Scanning Profile'
Creating a new scanning profile
Customizing a scanning profile
Configuring TCP/UDP ports scanning options
Enabling/disabling TCP Port scanning
Enabling/disabling UDP Port scanning
Customizing the list of TCP/UDP ports to be scanned
Adding a new TCP/UDP port to the list
How to edit or remove a port
Configuring OS data retrieval options
Customizing OS Data Retrieval parameters
Configuring vulnerabilities scanning options
Enabling/disabling vulnerability scanning
Customizing the list of vulnerabilities to be scanned
Customizing the properties of vulnerability checks
Vulnerability checks - advanced options
Configuring patch scanning options
Customizing the missing patch scanning profile options
Enabling/disabling missing patch detection checks
Customizing the list of software patches to be scanned
Using the search bulletin information facility
Configuring the security scanning options
Configuring the attached devices scanning options
Scanning for attached network devices
Enabling/disabling checks for installed network devices
Compiling a list of unauthorized network devices
Compiling a list of safe network devices
Configuring advanced network device scanning options
Scanning for USB devices
Enabling/disabling checks for attached USB devices
Compiling a list of unauthorized USB devices
Compiling a list of safe USB devices
Configuring the applications scanning options
Enabling/disabling checks for installed applications
Scanning for installed applications
Compiling a list of unauthorized applications
Compiling a list of safe applications
Scanning for security applications
Enabling/disabling checks for security applications
Customizing the list of security application for scanning
Configuring security applications - advanced options
GFI LANguard N.S.S. program updates
Introduction
Checking the version of current installed updates
Downloading software updates from Microsoft in different languages
Starting program updates manually
Checking the availability of software updates at program startup
Configuring which updates to check on program startup
Patch management: Deploying Microsoft Updates
Introduction
About the patch deployment agent
About recalled patches
Multilingual patch management
Selecting the target computers where patches will be deployed
Deploying missing updates on one computer
Deploying missing updates on a range of computers
Deploying missing updates on all computers
Selecting which patches to deploy
Sorting results
Selecting the patches to be deployed
Download the patch and service pack files
Starting patch and service pack downloads
Downloads which require user intervention
Stopping active downloads
(Optional) Configure alternative patch file deployment parameters
Deploy the updates
Starting the patch deployment process
Monitoring the patch deployment process
Patch management: Deploying custom software
Introduction
Selecting targets for custom software/patch deployment
Enumerating the software to be deployed
Start the deployment process
Scheduling patch deployment
Deployment options
General deployment options
Before deployment options
After deployment options
Advanced deployment options
Results comparison
Introduction
Comparing scan results interactively
Configuring what information will be reported
Generating a Results Comparison Report
The Results Comparison Report
GFI LANguard N.S.S. Status Monitor
Viewing scheduled operations
Viewing the progress of scheduled scans
Viewing the progress of scheduled deployments
Tools
Introduction
DNS lookup
Trace Route
Whois Client
SNMP Walk
SNMP Auditing tool
Microsoft SQL Server Audit tool
Enumerate computers tool
Starting a security scan
Deploying custom patches
Enabling auditing policies
Enumerate users tool
Using GFI LANguard N.S.S. from the command line
Using `lnsscmd.exe' - the command line scanning tool
Switches:
Example: How to launch target computer scanning from the command line tool.
Using `deploycmd.exe' - the command line patch deployment tool
Switches:
Example: How to launch a patch deployment process from the command line tool.
Adding vulnerability checks via custom conditions or scripts
Introduction
GFI LANguard N.S.S. VBscript language
GFI LANguard N.S.S. SSH Module
Keywords:
Adding a vulnerability check that uses a custom VB (.vbs) script
Step 1 : Create the script
Step 2: Add the new vulnerability check:
Testing the vulnerability check/script used in our example
Adding a vulnerability check that uses a custom shell script
Step 1 : Create the script
Step 2: Add the new vulnerability check:
Testing the vulnerability check/script used in our example
Adding a CGI vulnerability check
Adding other vulnerability checks
Miscellaneous
Enabling NetBIOS on a network computer
Installing the Client for Microsoft Networks component on Windows 2000 or higher
Configuring Password Policy Settings in an Active Directory-Based Domain
Viewing the Password Policy Settings of an Active Directory-Based Domain
Troubleshooting
Introduction
Knowledge Base
Request support via email
Request support via web chat
Request support via phone
Web Forum
Build notifications
