Scanning Profiles

Introduction

Scanning profiles are configurable templates which determine the vulnerability tests that will be run against the target computers as well as the data that will be retrieved from scanned targets during a security audit.

GFI LANguard N.S.S. ships with a default list of scanning profiles which you can use to perform different scans on your network and retrieve various information without having to make configuration changes. The number of tests performed by each scanning profile varies according to the network vulnerability area which must be checked for weaknesses.

For example, you can have scanning profiles that run a number of vulnerability checks which cover various/extensive areas of your network (for example, the `Default' scanning profile) as well as `specialized' scanning profiles which run vulnerability checks and report only weaknesses related to a specific area of your network (for example, such as the Trojan Ports scanning profile which scans only for open ports which are commonly exploited by hackers and Trojan applications).

The list of default scanning profiles is accessible by expanding the Configuration } Scanning profiles node. Out of the box, GFI LANguard N.S.S. includes an extensive list of different scanning profiles, some of which are listed below:

Default: Use this scanning profile to retrieve various pieces of information as well as perform a balanced varied set of security vulnerability tests on your target computer(s). The information retrieved from the target(s) includes: Commonly exploited open ports, installed applications, installed security applications and status of signature files, OS data, users and groups, network devices, missing patch and service packs, USB devices, shares, time of day, sessions, audit policies and running services.
CGI scanning: Use this scanning profile to retrieve OS information and perform security tests which are directly relevant to Web Servers.
Full TCP and UDP port scan: Use this scanning profile to perform a full TCP and UDP open port scan on the target(s). All ports from 0-65535 are checked and queried during the scanning process.
Missing patches: Use this scanning profile to check the target(s) for missing security updates and service packs.
Ping them all: Use this scanning profile to check which target(s) in the specified range are turned on.
Share finder: Use this scanning profile to check which shares are open on the target(s) as well as retrieve any properties related to these shares.
Removable media protection: Use this scanning profile to check which removable media devices are connected to the target computer(s).
Applications: Use this scanning profile to check which applications are installed on the target computer(s).
Other options are also available.

The selection of a scanning profile for a security scan is generally dictated by the:

1. Type of tests to be performed and the data retrieval operations you want to run against your target(s).

2. Time you have to generate these reports.

WARNING: The more vulnerability checks you want to run, the more time will be consumed to complete the security audit scan.

Screenshot 61 - The Scanning Profiles node

The default set of scanning profiles is fully customizable. You can also create new custom scanning profiles which suite your network layout as well as your scanning needs. For example, you may want to create a scanning profile that is set to be used when scanning the computers in your DMZ as opposed to your internal network.

Through the use of multiple scanning profiles you can perform various network security audits without having to go through a reconfiguration process for every type of security scan required. This is possible by creating different preconfigured scanning profiles which suite specifically the security scanning needs of your IT infrastructure and which can be individually utilized in different network scanning sessions.

Use scanning profiles to your advantage as they allow you to perform specialized tests and queries (for example, enumerate only the installed applications) on your networks saving you time when less more specialized information is needed while at the same time allowing you to perform tests which take lots of time under different conditions (for example, full TCP/UDP port scans).