GFI LanGuard uses the SNMP (Simple Network Management Protocol) to query for vulnerabilities present in network switches, firewalls, and other network devices. This article describes two methods to find vulnerabilities on these devices.
There are two methods to find vulnerabilities on devices:
Method 1 - Scanning the Devices Using a Vulnerability Scan
GFI LanGuard allows administrators to run a pre-configured scan in the network to search for vulnerabilities. The scan uses a profile where the administrator can see the details of checks performed and make adjustments if necessary.
To run a successful scan:
- Ensure that the devices are configured to respond to SNMP requests from the LanGuard machine:
- SNMP agent must be running on the target device and accepting SNMP queries.
- The agent must be listening on UDP Port 161.
- Set a community string that is not easy to guess.
- Open the GFI Languard console.
- If needed, adjust the Scanning Profile.
- Access the Scan tab. Adjust the settings and click Scan.
Method 2: Using SNMP Utilities
GFI LanGuard provides administrators with two SNMP Utilities that can be used to troubleshoot issues when the scans are not giving proper results or to perform some custom test.
SNMP testing utilities can be found under Utilities tab:
- SNMP Audit - Checks for weak community strings.
- SNMP Walk - Queries for the current value of specific Object IDs. It could be used to verify if the target device is replying to SNMP requests. It could also be used to walk down the SNMP Object ID Tree from a specific point, or to check a specific Object ID, specified in the check properties.
- GFI LanGuard supports SNMPv1 and SNMPv2c.
- SNMPv3 and SNMP over TLS/DTLS (Transport Layer Security/Datagram Transport Layer Security) are not supported.