Detailed scan results: Vulnerability assessment

3. Step 2: Analyzing the security scan results : 3.5 Detailed scan results: Vulnerability assessment

3.5 Detailed scan results: Vulnerability assessment

Screenshot 16 - The Vulnerability Assessment node

Click on any Vulnerability Assessment node to view the security vulnerabilities identified on the target computer grouped by type and severity as follows:

•

High Security Vulnerabilities

•

Low Security Vulnerabilities

•

Potential vulnerabilities

•

Missing Service Packs

•

Missing Patches

3.5.1 High/Med/Low Security vulnerabilities

Click on the High Security Vulnerabilities or Low Security Vulnerabilities sub-nodes for a list of weaknesses discovered while probing a target device. These vulnerabilities are organized into the following groups:

Group

Description

Mail, FTP, RPC, DNS and Miscellaneous

Lists vulnerabilities discovered on FTP servers, DNS servers, and SMTP/POP3/IMAP mail servers. Links to Microsoft Knowledge Base articles or other support documentation are provided.

Web

Lists vulnerabilities discovered on web servers (such as misconfiguration issues). Supported web servers include Apache, Netscape, and Microsoft I.I.S.

Services

Lists vulnerabilities discovered in active services as well as the list of unused accounts that are still active and accessible on scanned targets.

Registry

Lists vulnerabilities discovered in the registry settings of a scanned network device. Links to support documentation and short vulnerability descriptions are provided.

Software

Lists vulnerabilities found in software installed on the scanned network device(s). Links to supporting documentation and short vulnerability descriptions are provided.

Rootkit

Lists vulnerabilities discovered because of having a rootkit installed on the scanned network device(s). Links to supporting documentation and short vulnerability descriptions are provided.

3.5.2 Potential vulnerabilities

Click on the Potential vulnerabilities sub-node to view scan result items that were classified as possible network weaknesses. Although not classified as vulnerabilities, these scan result entries still require meticulous attention since malicious users can exploit them during malicious activity.

E.g. during vulnerability scanning GFI LANguard will enumerate all of the modems that are installed and configured on the target computer. If unused these modems are of no threat to your network, however if connected to a telephone line these modems can be used to gain unauthorized and unmonitored access to the Internet. This means that users can bypass corporate perimeter security including firewalls, anti-virus, website rating and web content blocking exposing the corporate IT infrastructure to a multitude of threats including hacker attacks. GFI LANguard considers installed modems as possible threats and enumerates them in the Potential Vulnerabilities sub-node.

3.5.3 Missing Service Packs/Patches

Click on the Missing Service Packs or Missing Patches sub-node respectively to check which Microsoft software updates or patches are missing.

NOTE: GFI LANguard can identify missing service packs and patches on various Microsoft products. For a complete list of supported products visit: http://kbase.gfi.com/showarticle.asp?id=KBID001820.

Bulletin information

To access bulletin information, right-click on the respective service pack and select More details ► Bulletin Info.

Screenshot 17 - Missing Service pack: Bulletin info dialog