Table of Contents 1. Introduction 1.1 Introduction to GFI LANguard 1.2 GFI LANguard components 1.3 Vulnerability management strategy 2. Step 1: Performing an audit 2.1 Introduction 2.2 Network Scanning options 2.3 Quick Scan 2.3.1 How to launch a Quick Scan 2.4 Full Scan 2.4.1 How to launch a Full Scan 2.5 Custom scan 2.5.1 How to launch a Custom Scan 2.6 Setting up a scheduled scan When to use Scheduled Scans? 2.6.1 How to setup a Scheduled Scan 3. Step 2: Analyzing the security scan results 3.1 Introduction 3.2 Scan summary 3.3 Vulnerability level rating 3.4 Detailed scan results 3.5 Detailed scan results: Vulnerability assessment 3.5.1 High/Med/Low Security vulnerabilities 3.5.2 Potential vulnerabilities 3.5.3 Missing Service Packs/Patches 3.6 Detailed scan results: Network & Software Audit 3.6.1 System patching status 3.6.2 Ports 3.6.3 Hardware 3.6.4 Software 3.6.5 System Information Security audit policy Groups/users Sessions Services Remote time of day 3.7 Displaying and sorting scan categories 3.7.1 Loading saved scan results from database 3.8 Saving scan results 3.8.1 Saving scan results to XML file 3.8.2 Loading saved scan results from XML 3.9 Scan filters 3.9.1 Filtering scan results 3.9.2 Creating a custom scan filter 3.10 Results comparison 3.10.1 Configuring what scan results changes will be reported 3.10.2 Generating a results comparison report 3.10.3 The Results Comparison Report 3.11 Reporting 3.11.1 Access/download/install reporting 4. Step 3: Fixing vulnerabilities 4.1 Introduction 4.1.1 Deployment options 4.2 Patch management 4.3 Deploying missing updates 4.3.1 Identifying the download queue status 4.3.2 Monitor the patch deployment process 4.3.3 Stopping active downloads 4.3.4 (Optional) Configure alternative patch-file deployment parameters 4.3.5 Uninstall patches already deployed on targets 4.3.6 Monitoring the patch uninstall process 4.4 Deploying custom software 4.4.1 Enumerating the software to be deployed 4.5 Uninstall applications 4.6 Remote remediation 4.7 Automatic Remediation Important notes 4.7.1 Automatically deploy missing Microsoft updates Step 1: Approve the patches to deploy automatically. Step 2: Set up a scheduled scan. Step 3: Review scheduled scan status 4.7.2 Automatically uninstall unauthorized applications Step 1: Define unauthorized applications list. Step 2: Validate the applications to remotely uninstall. Step 3: Set up a scheduled scan. Step 4: Review scheduled scan status 5. GFI LANguard dashboard 5.1 Introduction 5.2 Viewing the global security threat level 5.3 Monitoring scheduled activity Scheduled Security Scans Microsoft Updates Downloads Remediation Operations Product Updates Activity 6. Configuring GFI LANguard 6.1 Introduction 6.2 Scheduled Scans 6.2.1 Reviewing, editing or deleting scan schedules 6.2.2 Scheduled scan properties 6.3 Computer profiles 6.3.1 About SSH private key authentication 6.3.2 Creating a new computer profile 6.3.3 Configuring computer profile parameters 6.3.4 Enabling/Disabling Profiles 6.4 Applications inventory Adding a new unauthorized application 6.5 Application auto-uninstall 6.5.1 Application auto-uninstall validation 6.5.2 Managing scheduled scans 6.6 Configuring Microsoft updates 6.6.1 Auto-deployment settings 6.6.2 Advanced Options 6.6.3 Manage applicable scheduled scans 6.6.4 Auto-download settings 6.7 Configuring alerting options 6.8 Database maintenance options 6.8.1 Selecting a database backend 6.8.2 Storing scan results in a MS Access database backend 6.8.3 Storing scan results in an MS SQL Server database 6.8.4 Database maintenance: Managing saved scan results 6.8.5 Database maintenance: List of scanned computers 6.8.6 Database maintenance: Advanced options 6.9 Importing and Exporting Settings 6.9.1 Exporting Configurations 6.9.2 Importing Configurations 6.10 Program updates 6.10.1 GFI LANguard updates 6.10.2 Configure GFI LANguard Proxy settings 6.10.3 Enable/Disable GFI LANguard auto updates on startup 6.10.4 Enable GFI scheduled updates 6.10.5 Starting program updates manually 6.10.6 Product Updates Activity 7. Scanning Profiles 7.1 Introduction 7.2 Scanning profile description 7.2.1 Complete/Combination scans 7.2.2 Vulnerability Assessment 7.2.3 Network & Software Audit 7.2.4 Which scanning profile shall I use? 7.3 Creating a new scanning profile 7.4 Configuring vulnerabilities 7.4.1 Enabling/disabling vulnerability scanning 7.4.2 Customizing the list of vulnerabilities to be scanned 7.4.3 Customizing the properties of vulnerability checks 7.4.4 Vulnerability check conditions setup 7.5 Configuring patches 7.5.1 Enabling/disabling missing patch detection checks 7.5.2 Customizing the list of software patches to be scanned 7.5.3 Searching for bulletin information 7.6 Configuring TCP port scanning options 7.6.1 Enabling/disabling TCP Port scanning 7.6.2 Configuring the list of TCP ports to be scanned 7.6.3 Customizing the list TCP ports 7.7 Configuring UDP port scanning options 7.7.1 Enabling/disabling UDP Port scanning 7.7.2 Configuring the list of UDP ports to be scanned 7.7.3 Customizing the list UDP ports 7.8 Configuring system information retrieval options 7.9 Configuring the attached devices scanning options 7.9.1 Enabling/disabling checks for all installed network devices 7.9.2 Scanning for network devices Compiling a network device blacklist/whitelist 7.9.3 Configuring advanced network device scanning options 7.10 Scanning for USB devices 7.10.1 Compiling a USB devices blacklist/whitelist 7.11 Configuring applications scanning options 7.11.1 Scanning installed applications Enabling/disabling checks for installed applications Compiling installed applications blacklist/whitelist 7.11.2 Scanning security applications Enabling/disabling checks for security applications Customizing the list of security application for scanning Configuring security applications - advanced options 7.12 Configuring the security scanning options 8. Utilities 8.1 Introduction 8.2 DNS lookup 8.3 Traceroute 8.4 Whois 8.5 Enumerate computers 8.5.1 Starting a security scan 8.5.2 Deploying custom patches 8.5.3 Enabling auditing policies 8.6 Enumerate users 8.7 SNMP Auditing 8.8 SNMP Walk 8.9 SQL Server Audit 9. Using GFI LANguard from the command line 9.1 Introduction 9.2 Using ‘lnsscmd.exe’ - the command line scanning tool 9.3 Using ‘deploycmd.exe’ - the command line patch deployment tool 9.4 Using ‘impex.exe’ - the command line import and export tool 10. Adding vulnerability checks via custom conditions or scripts 10.1 Introduction 10.2 GFI LANguard VBscript language 10.2.1 Adding a vulnerability check that uses a custom VB (.vbs) script Step 1 : Create the script Step 2: Add the new vulnerability check Testing the vulnerability check/script used in example 10.3 GFI LANguard SSH Module 10.3.1 Keywords 10.3.2 Adding a vulnerability check that uses a custom shell script Step 1 : Create the script Step 2: Add the new vulnerability check 10.4 Python scripting 11. Miscellaneous 11.1 Introduction 11.2 Enabling NetBIOS on a network computer 11.3 Installing the Client for Microsoft Networks component on Windows 2000 or higher 11.4 Configuring Password Policy Settings in an Active Directory-Based Domain 11.5 Viewing the Password Policy Settings of an Active Directory-Based Domain 12. GFI LANguard certifications 12.1 Introduction 12.2 About OVAL 12.2.1 GFI LANguard 9.0 OVAL Support 12.2.2 About OVAL Compatibility 12.2.3 Submitting OVAL listing error reports 12.3 About CVE 12.3.1 About CVE Compatibility 12.3.2 About CVE and CAN 12.3.3 Searching for CVE entries in GFI LANguard 12.3.4 Obtaining CVE names 12.3.5 Importing and exporting CVE Data 13. Troubleshooting 13.1 Introduction 13.2 The Troubleshooting wizard 13.3 Knowledge Base 13.4 Web Forum 13.5 Request technical support 13.6 Build notifications
