Table of ContentsPreviousNextIndex

Computer Profiles

Use the Configuration } Computer Profiles sub-node to specify and store the logon credentials of your network computers.

When working in both large and smaller-sized networks, you always find that for some computers, you have to log in with one set of credentials and for some other computers you have to log in with a different set of credentials. Particular systems such as Linux based systems often make use of special authentication methods such as Public key authentication. Such authentication methods generally require special/custom logon credentials such as private key files instead of the conventional password strings.

Through computer profiles, you can specify a different set of logon credentials for each target computer. The scanning engine can then refer to the logon credentials stored in these computer profiles when authenticating to target computers. This in turn obsoletes the need to specify a default set of logon credentials prior to starting a network scan as well as makes it possible to scan in the same (single) session target computers which require different logon credentials and authentication methods.

For example, you can run vulnerability checks on Windows targets which require username/password credential strings and Linux based targets which require username/SSH private key files, in a single scanning session.

About SSH Private Key file authentication

GFI LANguard N.S.S. connects to Linux based target computers through SSH connections. In Public Key cryptography, 2 keys (in the form of text files) are used to verify the authenticity of an SSH connection request. These keys are identified as the `SSH Private Key' and `SSH Public Key'.

The SSH Private Key is the half of the key pair that the scanning engine will use to authenticate to a remote Linux based target. This means that the SSH Private Key is used instead of the conventional password string and hence must be stored on the computer which is running GFI LANguard N.S.S.

The SSH Public Key is the part which the remote target computer will use to challenge the authentication of GFI LANguard N.S.S. and is stored on the remote target computer(s).

The SSH Key pair (i.e. Public and Private Keys) are manually generated using a third party tool such as SSH-KeyGen (generally included by default in the Linux SSH package).

Creating a new computer profile

Screenshot 52 - Computer Profile properties dialog

To create a new computer profile:

1. Right click on the Configuration } Computer Profiles sub-node and select New } Computer(s) Profile... This will bring up the Computer Profile properties dialog.

2. In the General tab which opens by default, specify the target computer name.

3. Click on the Logon Credentials tab.

4. Select the required authentication method and specify the respective logon credentials.

5. Click on OK to save your settings.

Changing the properties of a computer profile

Screenshot 53 - List of existing computer profiles

To change the properties of an existing computer profile:

1. Click on the Configuration } Computer Profiles sub-node.

2. Right click on the computer profile that you wish to configure and select Properties.

3. Make the required changes and click on OK to save your settings.

Using computer profiles in a scan

Screenshot 54 - The 'Use data from computer profiles' button

To use the credentials specified in the Computer Profiles node in a scan, click on the (`Use data from computer profiles' button) included in the GFI LANguard N.S.S. tool bar.


Table of ContentsPreviousNextIndex