Table of Contents 1. Introduction Introduction to GFI LANguard Network Security Scanner How is this manual structured Key features GFI LANguard N.S.S. components GFI LANguard N.S.S. management console GFI LANguard N.S.S. attendant service GFI LANguard N.S.S. patch agent service GFI LANguard N.S.S. script debugger GFI LANguard N.S.S. status monitor License scheme 2. Installing GFI LANguard Network Security Scanner System requirements Firewall considerations Installation procedure Upgrading earlier versions of GFI LANguard N.S.S. Entering your license key after installation 3. Navigating the management console Introduction Navigating the GFI LANguard N.S.S. management console 4. Getting started: Performing an audit Introduction About authentication credentials About the scanning process Performing the first security scans Performing a security scan using default settings Configuring scan ranges Scan ranges Scan range exclusions Quick-start scans using currently logged on user credentials Quick-start scans using alternative logon credentials Quick start scans using SSH Private Key Quick-start scans using a null session 5. Getting started: Analyzing the security scan results Introduction Scan results Analyzing the summary scan results for the scanned network Analyzing the target computer scan summary What to do after a scan Analyzing the detailed scan results Detailed scan results: Analyzing Vulnerabilities Vulnerabilities > Missing service packs Bulletin information Vulnerabilities > Missing patches Vulnerabilities > High, medium, low security vulnerabilities Web – This group contains the vulnerabilities discovered on web servers (such as misconfiguration issues). Supported web servers include Apache, Netscape, and Microsoft I.I.S. The information listed in this section includes: Reporting unauthorized devices as high security vulnerabilities Detailed scan results: Analyzing potential vulnerabilities Detailed scan results: Analyzing shares Handling open shares Handling administrative shares Detailed scan results: Analyzing password policy Detailed scan results: Analyzing registry settings Detailed scan results: Analyzing security audit policy settings Detailed scan results: Analyzing open TCP ports Important considerations Service fingerprinting Dangerous port reporting Detailed scan results: Analyzing users and groups Detailed scan results: Analyzing logged on users Detailed scan results: Analyzing services Detailed scan results: Analyzing Processes Detailed scan results: Analyzing installed applications Anti-virus and Anti-spyware applications groups General applications group Detailed scan results: Analyzing network devices Detailed scan results: Analyzing USB devices Detailed scan results: Analyzing system hot fixes patching status Detailed scan results: Analyzing NETBIOS names Detailed scan results: Analyzing scanned target computer details Detailed scan results: Analyzing sessions Detailed scan results: Analyzing remote time of day Detailed scan results: Analyzing local drives Displaying and sorting scan categories 6. Saving and loading scan results Introduction Saving scan results to an external (XML) file Loading saved scan results Loading saved scans from database backend Loading saved scan results from an XML file 7. Filtering scan results Introduction About default scan results filters Running a filter on a scan Creating a custom scan filter 8. Configuring GFI LANguard N.S.S. Introduction Creating and configuring scheduled scans Creating a scheduled scan Scheduled scan: Configuring scan targets Scheduled scan: Configuring logon credentials Scheduled scans: Configuring advanced options Scheduled scan: Configuring the scan results saving options Scheduled scan: Configuring results notifications Configuring alerting options Computer profiles About SSH private key authentication Creating a new computer profile Configuring computer profile parameters Enabling/Disabling Profiles Using computer profiles in a scan Configuring Patch Autodownload Parameter files Database maintenance Selecting a database backend Storing scan results in an MS Access database backend Storing scan results in an MS SQL Server database Database maintenance: Managing saved scan results Database maintenance: List of scanned computers Database maintenance: Advanced options 9. Scanning Profiles Introduction About OVAL GFI LANguard N.S.S. OVAL Support About OVAL Compatibility Submitting OVAL listing error reports Scanning profile description Which scanning profile shall I use? Scanning profiles in action Important consideration Creating a new scanning profile Customizing a scanning profile Configuring TCP/UDP ports scanning options Enabling/disabling TCP/UDP Port scanning Configuring the list of TCP/UDP ports to be scanned Customizing the list TCP/UDP ports Configuring OS data retrieval options Configuring vulnerabilities scanning options Enabling/disabling vulnerability scanning Customizing the list of vulnerabilities to be scanned Customizing the properties of vulnerability checks Vulnerability check conditions setup Vulnerability checks - advanced options Configuring patch scanning options Enabling/disabling missing patch detection checks Customizing the list of software patches to be scanned Searching for bulletin information Configuring the security scanning options Configuring the attached devices scanning options Scanning for attached network devices Enabling/disabling checks for installed network devices Compiling a network device blacklist/whitelist Configuring advanced network device scanning options Scanning for USB devices Enabling/disabling checks for attached USB devices Compiling a USB devices blacklist/whitelist Configuring applications scanning options Scanning installed applications Enabling/disabling checks for installed applications Compiling an installed applications blacklist/whitelist Scanning security applications Enabling/disabling checks for security applications Customizing the list of security application for scanning Configuring security applications - advanced options 10. GFI LANguard N.S.S. updates Introduction Checking the version of current installed updates Downloading Microsoft product updates in different languages Starting program updates manually Check for software updates at program startup Configure which updates to check on program startup 11. Patch management: Deploying Microsoft Updates Introduction Selecting target computers for patch deployment To deploy missing updates on one computer Deploying missing updates on a range of computers Deploying missing updates on all computers Selecting which patches to deploy Sorting the list of pending software updates Download patches and service pack files Identifying the download queue status Stopping active downloads (Optional) Configure alternative patch-file deployment parameters Deploy downloaded patches on selected targets Monitor the patch deployment process Uninstall patches already deployed on targets Monitoring the patch uninstall process 12. Patch management: Deploying custom software Introduction Enumerating the software to be deployed Selecting target computers for file deployment Deployment options General deployment options Configuring pre-deployment options Configuring post-deployment options Configuring advanced deployment options Start the deployment process 13. Results comparison Introduction Configuring what scan results changes will be reported Generating a Results Comparison Report The Results Comparison Report 14. GFI LANguard N.S.S. Status Monitor Introduction Viewing the global security threat level Viewing the progress of scheduled scans Viewing the progress of scheduled deployments Viewing the autodownload queue 15. Tools Introduction DNS lookup Traceroute Whois Enumerate computers Starting a security scan Deploying custom patches Enabling auditing policies Enumerate users SNMP Auditing SNMP Walk Microsoft SQL Server Audit 16. Using GFI LANguard N.S.S. from the command line Introduction Using ‘lnsscmd.exe’ - the command line scanning tool Using ‘deploycmd.exe’ - the command line patch deployment tool Switches: 17. Adding vulnerability checks via custom conditions or scripts Introduction GFI LANguard N.S.S. VBscript language GFI LANguard N.S.S. SSH Module Keywords: Adding a vulnerability check that uses a custom VB (.vbs) script Step 1 : Create the script Step 2: Add the new vulnerability check: Testing the vulnerability check/script used in example Adding a vulnerability check that uses a custom shell script Step 1 : Create the script Step 2: Add the new vulnerability check: Testing the vulnerability check/script used in our example Testing the vulnerability check/script used in our example Adding a CGI vulnerability check 18. Miscellaneous Introduction Enabling NetBIOS on a network computer Installing the Client for Microsoft Networks component on Windows 2000 or higher Configuring Password Policy Settings in an Active Directory-Based Domain Viewing the Password Policy Settings of an Active Directory-Based Domain 19. Troubleshooting Introduction Knowledge Base Request support via email Request support via phone Web Forum Build notifications
