Detailed scan results: Analyzing Vulnerabilities

Screenshot 29 - The Vulnerabilities node

Click on the Vulnerabilities sub-node to view the security vulnerabilities identified on the target computer. Discovered vulnerabilities are grouped by type and severity into five main categories:

•	Missing service packs

•	Missing patches

•	High security vulnerabilities

•	Medium security vulnerabilities

•	Low security vulnerabilities.

Vulnerabilities > Missing service packs

A Service Pack (SP) is a software program that corrects a set of known bugs or adds new features to operating systems and applications. GFI LANguard N.S.S. checks for missing Microsoft software updates by comparing the version of the service packs currently installed on the scanned target(s) with the ones made currently available by the Microsoft Corporation.

Screenshot 30 - Missing Service Packs results tree

NOTE: GFI LANguard N.S.S. can identify missing patches and service packs on various Microsoft products. For a complete list of supported products visit: http://kbase.gfi.com/showarticle.asp?id=KBID001820.

Details listed under the results tree of the ‘Missing Service Packs’ category include the:

•	‘Product name’ and ‘Service Pack Number’.

•	‘URL:’ - The URL link to support articles related to the missing service pack.

•	‘Release date:’ - The date when the reported service pack was released.

Bulletin information

To access bulletin information, right-click on the respective service pack and select More details > Bulletin Info.

Screenshot 31 - Missing Service pack: Bulletin info dialog

This will bring up the ‘Bulletin Info’ dialog of the respective service pack. The information shown in this bulletin includes:

•	The QNumber. This is a unique ID number that is assigned by Microsoft to each software update for identification purposes.

•	The release date of the bulletin/service pack.

•	A long description of the service pack and its contents.

•	The list of OS/Application(s) to which the service pack applies.

•	The URL link to more information about the respective service pack.

•	The name of the service pack file and the relative file size.

•	The URL from where you can manually download this service pack.

Vulnerabilities > Missing patches

A patch is an update that is released by a software company to address a technical/security issue. It is very common for attackers to exploit these known vulnerabilities in order to gain access to a network. Failure to install missing patches on network computers makes you vulnerable to an attack resulting in either loss of business time and/or data. GFI LANguard N.S.S. scans target computers to ensure that all relevant security updates released by Microsoft are installed.

Screenshot 32 - Missing patches detected during target scanning

Missing patches discovered during target scanning are listed and grouped under the ‘Missing Patches’ category. Details shown in results tree of this category include:

•	‘Patch ID’ and ‘Product name’.

•	‘ID/URL:’ – The ID and URL of the respective Microsoft Knowledge Base article.

•	‘Severity:’ - The effect that the patch has on the security level of a network device.

•	‘Date Posted:’ - The release date of the missing patch.

To access bulletin information right-click on the respective patch and select More details > Bulletin Info.

Vulnerabilities > High, medium, low security vulnerabilities

Screenshot 33 - High, medium, low security vulnerabilities

The ‘High’, ‘Medium’ and ‘Low security vulnerabilities’ sub-nodes contain information on weaknesses discovered while probing a target device. These vulnerabilities are organized into 10 groups:

•

Mail

•

FTP

•

Web

•

Registry

•

Services

•

RPC

•

DNS

•

Software

•

Rootkit

•	Miscellaneous

The content of each group is described below:

Mail, FTP, RPC, DNS and Miscellaneous – These groups contains the vulnerabilities discovered on FTP servers, DNS servers, and SMTP/POP3/IMAP mail servers. The information shown in these sections includes links to Microsoft Knowledge Base articles or other support documentation.

Web – This group contains the vulnerabilities discovered on web servers (such as misconfiguration issues). Supported web servers include Apache, Netscape, and Microsoft I.I.S. The information listed in this section includes:

o	‘Vulnerability check name’ (for example, Imported_IIS: FrontPage Check)

o	‘Description:’ – A short description of the respective vulnerability.

o	‘ID/URL:’ – The ID of the relevant Microsoft Knowledge Base article(s) and the URL to more detailed information on the vulnerability.

Services – This group contains vulnerabilities discovered in active services as well as the list of unused accounts that are still active and accessible on scanned targets.

Registry – This group contains vulnerabilities discovered in the registry settings of a scanned network device. The details shown in this category include links to support documentation as well as a short description of the respective vulnerability.

Software – This group contains vulnerabilities found in software installed on the scanned network device(s). The details shown in this category include links to supporting documentation as well as a short description of the vulnerability.

Rootkit – This group includes details of vulnerabilities discovered as a result of having a rootkit installed on the scanned network device(s). The details shown in this category include links to supporting documentation as well as a short description of the vulnerability.

Reporting unauthorized devices as high security vulnerabilities

Screenshot 34 - Dangerous USB device listed as a High Security Vulnerability

GFI LANguard N.S.S. can be configured to distinguish between authorized and unauthorized USB devices. For more information, refer to the ‘Compiling a list of unauthorized network devices’ section in the 'Scanning Profiles' chapter in this manual.