"user manual"
Contents
1. sssssssseeeeennnnenen nennen 28 Scanned OS d ta onte te e de ee e tede d eR ete ern 29 LANguard Network Security Scanner Manual Contents i Scanned Vulnerabilities 2 5 i ld es es A lo 30 Types of Vulnerabilities sese 30 Downloading the latest Security Vulnerabilities sees 31 Scanhed Patches ein te aede eene ie iG Ra eth eas 31 Scanner Options DD deeoadnes 32 Network discovery Methods ooooocococccoccconnnoncncononancnnn ccoo nocnnn nar emen nennen 33 Scheduled S68ns 5 23 oda on deoa dod s inde HERE TT 34 Paramelter files 3 1 2 2 4G emp eed 36 Patch Deployment 39 Introduction to patch deployment sseeeeeeeeenene emm 39 The patch deployment agent 39 Step 1 Perform a scan of your network 39 Step 2 Select on which machines to deploy the patches sessessss 40 Step 3 Select which patches to deplOYy ooooocoocconncnnocnnocccncncnoncnanccnn conan cancion nc nnnnnnnnnnos 41 Step 4 Download the patch amp service pack files o ooonoononcnnncnoninncnnoncnccnnrcnannnnnnnos 42 Downloading the patches oococcccccncccccocononnnoncnonncnnn oran cc nono non nn eene 42 Step 5 Patch file deployment parameters ooocoocococococococcnoncnonnnnanonancnnnncnann nn cnn nnnnnon 43 Step 6 Deploy the updates Ssss aneii duaia aade riai roaa da nano nene nenes 44 Deployi2. eeee 58 Adding a CGI vulnerability check esee enne 59 Adding other vulnerability checks eene 60 Troubleshooting 65 Introduction e idea 65 Knowledgebase viril a Stee 65 Contents e ii LANguard Network Security Scanner Manual Request support via e Mail ooooonoconnnnoccccnonoccccnnnoncnnncnnnnncnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnns 65 Request support via WebChat cooococcioccconcccconoccnanannnnannnnnonn canon ee eee e ee acc nnnnnnnnnnnnanannnnnns 66 Request support via phorie euni ate ire ed e cete leads 66 Web EOUM MEE 66 Build notifications 2 2 1 nier a d i dE den 66 Index 67 LANguard Network Security Scanner Manual Contents e iii Introduction Introduction to GFI LANguard Network Security Scanner GFI LANguard Network Security Scanner GFI LANguard N S S is a tool that allows network administrators to quickly and easily perform a network security audit GFI LANguard N S S creates reports that can be used to fix security issues on a network It can also perform patch management Unlike other security scanners GFI LANguard N S S will not create a barrage of information which is virtually impossible to follow up on Rather it will help highlight the most important information It also provides hyperlinks to security sites to find out more about these vulnerabilities Using intelligent scanning GFI LANguard N S S gathers information on ma
3. F missing patches and service packs P open Ports IP Address Details Hostname Username Operating System F4 Ed X 1721613053 JARS ANA EDO ANDREMTEST2 Noone logged on El windows Server 2003 Scan target 127 0 0 1 1 computers found 1 computers meet filter conditions SP Password Policies A Mr n id P Groups and users 7 122 16 130 59 ANDREMTEST2 Windows Server 2003 F Computer properties a gt Deploy Microsoft patches f Deploy custom patches Q missing Security Patches Service Packs 1 qj Tools SOL Server 2000 Service Pack 3a Sp DNS Lookup a Ap Traceroute MS03 031 815495 amp Whois Cumulative icrosoft SOL Server 815495 Wong fik 2000 80 194 0 for file 72 15 13 Microsoft SQL ServerMSSQLbinniconsole exe should be Sp Enumerate Computers 20C S Enumerate Users ttn download microsoft com dovnload S S e 69e8DeGd fbSe 4e84 9c4f 08857917bc61 SQL2000 KB815495 8 00 0818 ENU exe i Snmp Audit Al Snmp Walk Ap SQL Server Audit medium security vulnerabilities 1 E f Configuration Scanning Profiles Registry vulnerabilities 1 Scheduled Scans B MEER Alerting Options EES Parameter Files Itis recommended to use NTLM authentification instead of LM fi Database Maintenance Options http lisupport microsoft com supportkbiarticles a1 47 7 06 asp E i General 3 Program Updates Q Low security vulnerabilities 5 J Versi dissidia D Registry vulnera
4. 31 Bulletin Info MS03 043 l security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system The flaw results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer An attacker who successfully exploited this EjlwindowsNT4ServerKB8280 Ej WindowsNT4TerminalServer Ej windows2000 KB828035 8 Sl windowsxP KB828035 x86 Ej windowsP KB828035 x86 Ej WindowsServer2003 KB828 Ej windowsNT4workstationk Eil windows2000 KB828035 x8 Extended bulletin information For more information on a particular bulletin double click on an the bulletin or right click on it and select Properties You will be presented with more details on what the bulletin checks for and what it addresses Scanner options In this tab you can configure options relating to how GFI LANguard N S S should perform a scan ES GFI LANguard N S S Currently Logged On User gt gl Scanning Profiles TCP Ports UDP Ports OS Data Vulnerabilities Patches 1 LANguard N S S Active E A Security Scanner Default GR CGI Scanning i EY Scan Filters Saved Result 3 1 Full report rutopeuopr Network Discovery Methods gt High security alerts NETBIOS queries Security issues SNMP queries BP missing patches i pem Custom TCP Discovery e g 21 25 80 DP List of shares Scann
5. Apple file protocol servers Getting the computers of GFIMALTA Servers sharing print queue El Ready Found 68 computers atea E Types Workstations Enumerate computers tool This utility will search your network for Domains and or Workgroups on it Once it has found that you will have the ability to scan those Domains for a list of computers in them Once it has performed its scan it will list whatever OS is installed on that machine and any comments that might be listed through NETBIOS Computers can be enumerated using one of the following methods e From Active Directory This method is much faster and will also enumerate computers that are currently switched off e Using the Windows Explorer interface This method is slower and will not enumerate computers that are switched off You can specify which method to use from the Information Source tab Note that you will need to perform the scan using an account that has access rights to Active Directory Launching a security scan Once the computers in the domain are enumerated you can launch a scan on selected machines by right clicking on any of the enumerated computers and selecting Scan If you want to launch the scan but continue to use the Enumerate computers tool select Scan in background Deploying Custom patches Select which machines you want to deploy updates on Right click on any selected machine Deploy Custom Patches Enabli
6. GFI LANguard Network Security Scanner 5 Manual By GFI Software Ltd GFI SOFTWARE Ltd http www gfi com E mail info gfi com Information in this document is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of GFI SOFTWARE Ltd LANguard is copyright of GFI SOFTWARE Ltd 2000 2004 GFI SOFTWARE Ltd All rights reserved Version 5 0 Last updated 01 12 04 Contents Introduction 5 Introduction to GFI LANguard Network Security Scanner sssssssuss 5 Importance of Internal Network Security ssssssseeeeeennennen enn 5 Key Features dutem inti aie Pii 6 GFI LANguard N S S components c oococcccoccconcnoncnonnonanonon cnn nc non c non nnn emen 6 AA A eai TE qe e tiat tee ed tectus 7 Installing GFI LANguard Network Security Scanner 9 System Requirements ee eseeecsseeeececeeesseeesececeeeesecesaeesseessacesaeecesessesesaseceeeeseneneeeensees 9 Installation Procedure 2 42 cece aa 9 Entering your License key after installation eee 11 Getting Started Performing an Audit 13 Introduction to Security Audits ssssssssssseseeeeeeneeen nennen 13 Performing a Scal edge io da 13 Analyzing the Scan Resu
7. Troubleshooting Introduction The troubleshooting chapter explains how you should go about resolving issues you have The main sources of information available to users are 1 The manual most issues can be solved by reading the manual 2 The GFI knowledgebase http kbase gfi com 3 The GFI support site http support gfi com 4 Contacting the GFI support department by email at support 2gfi com 5 Contacting the GFI support department using our live support service at http support gfi com livesupport asp 6 Contacting our support department by telephone Knowledgebase GFI maintains a knowledgebase which includes answers to most common problems If you have a problem please consult the knowledgebase first The knowledgebase always has the most up to date listing of support questions and patches The knowledgebase can be found on http kbase gfi com Request support via e mail If after using the knowledgebase and this manual you have any problems that you cannot solve you can contact the GFI support department The best way to do this is via e mail since you can include vital information as an attachment that will enable us to solve the issues you have more quickly The Troubleshooter included in the program group automatically generates a number of files needed for GFI to give you technical support The files would include the configuration settings etc To generate these files start the
8. network may look and be secure today that may not be the case tomorrow Make sure you run security scans from time to time This isn t something you can do once and then forget about it Something new is always out there and once again just because you were safe and secure today you never know what tomorrow s hacker will come up with LANguard Network Security Scanner Manual Getting Started Performing an Audit 21 Filtering scan results Introduction LANguard Network Security Scanner Manual After GFI LANguard N S S has performed a scan it will show the results in the Scan results pane If you have scanned a large number of machines you might want to filter that data from the Scan filters node Clicking on this node and selecting an existing filter will show the scan results based on what filter you selected GFI LANguard N S S ships with a number of default scan filters In addition you can make your own custom scan filters IE GFI LANguard N S S elx Ele Tools Configure Help T New Scan A lt a O XX v Using Currently Logged On User Liser Name Bdministrator Password lu Full report D Tools Explorer a 7 n SECURITY amp MESSAGING SOFTWARE lay LANguard N S S a E GFi Ex A Security Scanner Default Ei Mj Scan Filters Current Scan mE Filter Full report P Vulnerabilities High security Source current scan SP vulnerabilities Medium security SF Vulnerabilities AN
9. Community String that was set in the General tab If the device responds to this query GFI LANguard N S S will request the Object Identifier from the device and compares that to a database to determining what that device is Ping Sweep does an ICMP ping of each network device See Note below Custom TCP Port Discovery checks for a particular open port on the target machines Note Each of the above query types can be turned off but GFI LANguard N S S depends on all these queries to determine the type of device and the OS running on it If you choose to turn any one of these off GFI LANguard N S S may not be as reliable in its identification Note Some personal firewalls block a machine from even sending out an ICMP echo and will therefore not be detected by GFI LANguard N S S If you think there are many machines with personal firewalls on your network consider forcing a scan of each IP on your network Network discovery options The network discovery parameters allow you to tweak machine detection so that you have the most reliable machine detection in the least time possible Adjustable parameters include e Scanning Delay is the time LANguard N S S waits between TCP UDP packets it sends out The default is 100 ms Depending on your network connection and the type of network you are on LANAWAN MAN you may need to adjust these settings If it is set too low you may find your network congested with packets from GFI LANguard
10. ENU exe MS03 030 8 6 o 0832483 MDAC x86 M504 003 832483 SECURITY amp MESSAGING SOFTWARI Patch File Download Attendant This web area is part of the patch downloading system in GFI LANguard N S S Initiating patch deployment by clicking on start Deployment of the patches will now start You can monitor the patch deployment status from the deployment status tab 44 e Patch Deployment LANguard Network Security Scanner Manual gt Currently Logged On User Deploy custom patches ANguard N S S Security Scanner Default Scan Filters Saved Result 3 EY Ful report WP High security alerts Security issues Copying the patch files to the remote machine RP Missing patches lannetscan exe copy OK EF Open ports F Open TCP ports gt a NT machine Starting the GFI LANguard Patch agent service on the remote machine E SNMP information Service started F List of computers F Ip address MAC address Result comparison Establishing connection Deploy Microsoft patches L 2 Connected Deploy custom patches Connecting to the remote registry Connected Copying the patch files to the remote machine Failed to copy lannetscan exe error 5 Access is denied Failed to copy temdiB01 exe error 5 Access is denied f None of the patch files could be copied to the remote machine Database Maintenance gt gt Closing connection General v Ready V Program Updates Version Inform
11. GFI Network Server Monitor eserved GFI Depo media Ress C Deployon Ma 16 2002 Jef at 4 09pm zm Deploy Microsoft patches node By default all patches will be selected for deployment If you want certain patches not to be deployed de select them by clicking on the tick box next to the patch Patch Deployment e 41 Step 4 Download the patch amp service pack files 42 Patch Deployment After you have selected the patches service packs to be deployed the appropriate files containing the patches to be deployed need to be downloaded This is done largely automatically by GFI LANguard N S S and it also places them in the correct directories depending on the product and the language of the product being updated Patch name Bulletin Application Download directory State ES SQL2000 KB815495 8 00 0818 ENU exe MS03 031 815495 SQL Server 2000 S F lnss Repository Not downloaded E DirectXS KB819595 85 ENLI exe MS03 030 819696 Windows Server 20 F lnss Repository Not downloaded E DirectX9 KB819596 85 ENU E xe MS03 030 819696 Windows Server 20 F Inss Repository Not downloaded E ENU 0832483 MDAC x86 eXE MS04 003 832483 MDAC 2 8 Gold F lnss Repository Downloaded GFI LANguard NSS shows which patch files need to be downloaded GFI LANguard N S S will show which files need to be downloaded in the patches to be deployed list Each patch file required will be listed and will
12. L Nguard N S S attendant service handles scheduled security scans and scheduled updates of configuration files It is recommended to run the attendant service under a domain administrator account Set up the GFI LANqguard N S S attendant service to run under The local system account A domain administrative account Account domain account Password Confirm Password Ru NOTE Specify the user name in the format DOMAIN administrator lt Back Cancel Specify domain administrator credentials or use local system account 4 Setup will ask you for domain administrator credentials which are used by the LANguard N S S Attendant service which runs scheduled scans Enter the necessary credentials and click Next E GFI LANguard Network Security Scanner Setup al ES Installation Type Choose the installation type that best suits your needs Choose a database in which GFI L4N guard Network Security Scanner 5 0 will store the scan information The scan information can be stored in e Microsoft Access MS Access does NOT need to be installed Microsoft SQL Server or higher MSDE NOTE For better performance it is recommended that you use SQL Server or MSDE as a database backend for GFI L amp Nguard Network Security Scanner 5 0 MSDE is freely supplied on the Microsoft Office 2000 P CD More information is available in the user manual lt Back Cancel Choose database back end 5 Setup will
13. N S S If you set it too high a lot of time will be wasted that is not needed e Wait for Responses is the time GFI LANguard N S S will actually wait for a response from the device If you are running on a slow or busy network you may need to increase this timeout feature from 500 ms to something higher e Number of retries is the number of times that GFI LANguard N S S will do each type of scan During normal circumstances this setting should not be changed Be aware however that if you do change this setting it will run through each type of scan NETBIOS SNMP and ICMP that number of times LANguard Network Security Scanner Manual Configuring GFI LANguard N S S 33 e Include non responsive computers is an option which instructs the GFI LANguard N S S security scanner to try to scan a machine which has not replied to any network discovery method NetBIOS Query Options The effect of using a NetBIOS Scope ID is to isolate a group of computers on the network that can communicate only with other computers that are configured with the identical NetBIOS Scope ID NetBIOS programs started on a computer using NetBIOS Scope ID cannot see receive or send messages to NetBIOS programs started by a process on a computer configured with a different NetBIOS Scope ID LNSS is supporting NETBIOS Scope ID in order to be able to scan this isolated computers that otherwise would be inaccessible SNMP Query Options The option to Load S
14. Password a Result comparison NN Tools Explorer n GFI LANguard N S 5 Scan result 1 3 5 2004 8 59 17 PM 127 0 0 1 Default ARE Compare Options a al Security Scanner Default Scan result 2 3 8 2004 11 57 28 AM 127 0 0 1 Defaut Ei Mj Scan Filters Current Scan EY Ful report X a mg Ef High security alerts EGFi SECURITY amp MESSAGING SOFTWARE SIRE EE El F security issues 5 3 Wf Missing patches E Open ports Results Comparison Report BY Open TCP ports P p 1 open UDP ports ESP List of shares Host Name Host IP A SNMP information TESTSTATION 192 168 100 158 F List of computers l E BBP peers ac ce M Result comparison Group as has been removed Deploy Microsoft patches Group rt has been removed Deploy custom patches ca E Bl Teas AA p DNS Lookup New TCP port is open 80 Mni E S whois S Enumerate Computers Service started COMSysApp S Enumerate Users Service started HTTPFilter S snmp Audit Service stopped MSIServer i Smp Walk SQL Server Audit y EB Configuration Service started W3SVC E i como Protes A Scheduled Scans Service stopped NtFrs Alerting Options New share added Program Files gy Parameter Files registry Database Maint oe ge Registry entry has been changed MHz 1002 Before it was 1001 E i General Z Program Updates ui mja AAA Comparing results The result will be something similar to the above scre
15. Right click on any computer in the result tree gt Deploy Microsoft updates gt type of update gt Selected Computers 40 Patch Deployment LANguard Network Security Scanner Manual Scanned Computers Scan Results gt M 172 16 130 59 ANDREMTEST2 Windows E Missing Patches 1 Vulnerabilities Ca EQ SOL Server 2000 Service Pack 3a Potential Vul Mew ee Ms03 031 815495 3 Shares 6 Stop scan Title Cumulative Patch for Microsoft SQL Server 815495 Big Network dev Reason Wrong file version 2000 80 194 0 for file 172 G3 Password po e EUER ME is Date posted 2003 07 23 19 Security audi Enable auditing on Date revised 2003 07 23 A Registry f on this computer download 6 9 e 6 OpenTCPP Deploy custom patches on gt Patches on selected computers 4 System patct GA NETBIOS na SETIGIMeSssage to Computer GA Computer SHUE COW computer a Groups 14 Users 6 Expand all nodes Sessions 1 Collapse all nodes Sy Services 10 Customize View Indicate which machines you want to deploy the required updates on Step 3 Select which patches to deploy LANguard Network Security Scanner Manual Once you have selected the target computers to deploy Microsoft patches on you will be taken to the Deploy Microsoft patches node This node shows the details of the selected computers and which patches service pack
16. The GFI LANguard N S S licensing scheme works on the number of machines amp devices that you wish to scan For example the 100 IP license allows you to scan up to 100 machines or devices from a single workstation server on your network LANguard Network Security Scanner Manual Introduction e 7 Installing GFI LANguard Network Security Scanner System Requirements The installation of GFI LANguard Network Security Scanner requires the following Windows 2000 2003 or Windows XP Internet Explorer 5 1 or higher Client for Microsoft Networks must be installed NO Personal Firewall software or the Windows XP Internet Connection Firewall can be running while doing scans It can block functionality of GFI LANguard N S S To deploy patches on remote machines you need to have administrator privileges Installation Procedure 1 Run the LANguard Network Security Scanner setup program by double clicking on the lannetscan exe file Confirm that you wish to install GFl LANguard N S S The set up wizard will start Click Next 2 After reading the License agreement dialog box click Yes to accept the agreement and continue the installation 3 Setup will ask you for user information and License key LANguard Network Security Scanner Manual Installing GFI LANguard Network Security Scanner 9 E GFI LANguard Network Security Scanner 5 0 User Account Details al ES User Account Information Please enter requested data The GFI
17. ask you to choose the database backend for the GFI LANguard N S S database Choose between Microsoft Access or Microsoft SQL Server MSDE and click Next NOTE SQL Server MSDE must be installed in mixed mode or SQL server authentication mode NT authentication mode only is not supported 10 e Installing GFI LANguard Network Security Scanner LANguard Network Security Scanner Manual 6 If you selected Microsoft SQL Server MSDE as a database backend you will be asked for the SQL credentials to use to log on to the database Click Next to continue 7 Setup will ask you for an administrator email address and your mail server name These settings will be used for sending administrative alerts 8 Choose the destination location for GFI LANguard N S S and click Next GFI LANguard N S S will need approximately 40 MB of free hard disk space 9 After GFI LANguard N S S has been installed you can run GFI LANguard Network Security Scanner from the start menu Entering your License key after installation If you have purchased GFI LANguard N S S you can enter your License key in the General gt Licensing node If you are evaluating GFI LANguard N S S it will time out after 60 days with evaluation key If you then decide to purchase GFI LANguard N S S you can just enter the License key here without having to re install You must license GFI LANguard N S S for the number of machines that you wish to scan and for the number of mac
18. from the Internet would be able to see if when they scan your network Things that may effect this are any firewalls your company or ISP may have setup or any rules at a router along the way that may drop specific types of packets Save this scan for later comparison Comparison of on site and off site scans Now it is time to start looking at the information generated by LANguard Network Security Scanner If the NULL session scan from your internal network looks identical to that of your external scan be aware that it appears there is no firewall or filtering device on your network This is probably one of the first things that you should look into Then check to see what any user from the outside world can really see Can they see your Domain Controllers and get a list of all computer accounts What about Web servers FTP etc At this point you are on your own You may need to start checking for patches for Web Servers FTP Servers etc You may also need to verify and change settings on SMTP servers Every network is different GFI LANguard N S S tries to help you pinpoint problems and security concerns and lead you to sites that will help you fix the holes it finds If you find services running that are not needed make sure you turn them off Every service is a potential security risk that may allow someone unauthorized into your network There are new buffer overflows and exploits being released daily and even though your
19. probe Depending on the type of device and what type of queries it responds to will determine how GFI LANguard N S S identifies it and what information it can retrieve Once GFI LANguard N S S has finished its scan of the machine device network it will display the following information IP Machine name OS and Service pack Level The IP address of the machine device will be shown Then the NetBIOS DNS name will be shown depending on the type of device GFI LANguard N S S will report what OS is running on the device and if itis a Windows NT 2000 XP 2003 OS it will show the service pack level Vulnerabilities Node The vulnerabilities node displays detected security issues and informs you how to fix them These threats can include missing patches and service packs HTTP issues NETBIOS alerts configuration problems and so on Vulnerabilities are broken down into the following sections Missing Service Packs Missing Patches High security vulnerabilities Medium security vulnerabilities and Low security vulnerabilities Under each of the High Medium Low vulnerabilities sections you can find further categorization of the issues detected using the following grouping CGI Abuses FTP Vulnerabilities DNS Vulnerabilities Mail Vulnerabilities RPC Vulnerabilities Service Vulnerabilities Registry Vulnerabilities and Miscellaneous Vulnerabilities Missing patches GFI LANguard N S S checks for missing patches by comparing instal
20. sec E E General E Program Updates f Version Information Licensing B How to purchase 8 Support Center 8 Knowledge Base 4B GFI LANguard N S S Computer ites B GFI LANguard S E L M B GFI Network Server Monitor Deploy custom patches indicating which patch files to deploy on which computers Deployment options Options LI Accountnane CESSWOTA Deployment options You can configure deployment options by hovering over the options button located at the right side of the screen with the mouse Here you can e Configure the deployment agent service to run under alternative credentials LANguard Network Security Scanner Manual Patch Deployment 47 e Reboot target computer after deployment Some patches require a reboot after installing Tick this tick box if one or more patches you want to deploy need a reboot e Warn user before deployment will send a message to the target machine before deploying the updates e Stop services before deployment This option stops the ISS amp MS SQL Server services before deployment e Delete copied files on the remote machines after deployment e Configure the number of patch deployment threads to use e Configure particular filtering conditions to which to deploy the patch to computer filters NOTE In the Deploy custom patches tool the Computer filters will not apply to computers which have not been scanned by the s
21. 118 SqlServ gt SQL Services E 15 epmap gt DCE endpoint resolution Ho 138 Netbios ssn gt NETBIOS Session Service Ho 13 imap gt Intemet Message Access Protocol lg o 156 Sqlsiv gt SOL Services 9 173 BGP Border Gateway Protocol ea AppleShare gt Web Admin Bean Clearcase B o 389 LDAP gt Light Directory Access Protocol Advanced very time consuming Add Edit Remove ja If you add edit or remove a port the changes will be applied to all the profiles Configuring the ports to scan in a profile How to add edit remove ports If you want to add custom TCP UDP ports click the add button The Add port dialog will appear 28 Configuring GFI LANguard N S S LANguard Network Security Scanner Manual Properties Port 80 pas HTTP gt World Wide Web HTTP L Screenshot 1 Adding a port Simply enter a port number or a port range and enter a description of the program which is supposed to run on that port If the program associated with this port is a Trojan click on the Is a Trojan port check box If you specify it is a Trojan port the green red circle next to the port will be red Note Make sure you are inputting this port in the correct Protocol Window either TCP or UDP You can edit or remove ports by clicking on the Edit or remove buttons Scanned OS data The Scanned OS data tab specifies the kind of information you want GFI LANguard N S S to
22. 50 F GB Ping them Al amp msosoo 2004702710 Vulnerability in the Windows Intemet Naming Service WINS Could Allow Code Execution 830352 GB Share Finder E amp mso4so07 2004 02 10 ASN 1 Vulnerability Could Allow Code Execution 828028 GB Trojan Pons amp mso4soo4 2004 02 02 Cumulative Security Update for Intemet Explorer 832894 EP Slow Networks mso4 001 2004 01 13 Vulnerabiliy in H 323 Filter can Allow Remote Code Execution 816458 Elsotop 2004 0 13 Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation 832759 EGusoso0 2004 01 13 Buffer Overtun in MDAC Function Could Allow code execution 832483 Qmsoso0 2003 11 11 Cumulative Security Update for Intemet Explorer 824145 2003 11 11 Buffer Overrun in the Workstation Service Could Allow Code Execution 828749 2003711711 Vulnerabiliy in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to run 831527 e 2003711711 Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution 813360 e 2003 10 15 Vulnerability in Authenticode Verification Could Allow Remote Code Execution 823182 2003 10 15 de Execulion 826232 E 2003 10 15 Q 2003 10 15 Compromise 825119 B mss 2003 1015 Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution 824141 Qus 2003 10 15 Vulnerabilty in Exchange Server 5 5 Outlook Web Access Could Allow Cross Site Scripting Attack 828489 msoso0s 2003 10 15 Vulnerability in Exchange Se
23. B GFI LANguard S E L M 4B GFI Network Server Monitor Advanced Add Edit Remove T A Ifyou add edit or remove a vulnerability the changes will be applied to all the profiles ld il Configuring the Vulnerabilities to scan The scanned vulnerabilities tab lists all vulnerabilities that GFI LANguard N S S can scan for You can disable checking for all vulnerabilities by de selecting the Check for vulnerabilities check box By default GFI LANguard N S S will scan for all vulnerabilities it knows You can change this by removing the check box next to a particular vulnerability From the right pane you can change the options of a specific vulnerability by double clicking on it You can change the security level of a particular vulnerability check from the Security Level option Types of Vulnerabilities Vulnerabilities are broken down into the following sections Missing Patches Patches which cannot be detected CGI Abuses FTP Vulnerabilities DNS Vulnerabilities Mail Vulnerabilities RPC Vulnerabilities Service Vulnerabilities Registry Vulnerabilities and Miscellaneous Vulnerabilities Vulnerability checks advanced options Click on the advanced button to bring up these options e Internal Checks These include ftp anonymous password checks weak password check etc e CGI Probing Switch on CGI probing if you are running web servers that use CGI You can optionally specify a proxy server if you
24. C Program Filee GFI LANguard Network Securty Scant C Program Fies GFI LANguard Network Security Sd B Microsoft com Home Site Map 5 Microsoft com for Microsoft Download Center DorinioasCantentioms Windows 2000 Security Patch Flaw in SMB Signing Could Enable Group Policy to be Modified Download Categories Games Scheduled Scans DirectX Network administrators can install this update to eliminate a vulnerability that could allow an attacker to disrupt a Alerting Options Internet facility by which security settings are applied to Windows based computers in a corporate network Parameter rien Windows Security amp Bimea ee C E E General i Windows 2000 Security 2 Program Updates Windows Media File Name Q329170_W2K_SP4_X86_EN exe Patch Flaw in SMB y Drivers igni id Enable E Version Information zum Signing Coul du lice dui Ree Download Size 1167 KE Group Policy to be Applications Modified 48 How to purchase B Support Center Date Published 12 11 2002 English Mobile Devices ion 17i 4B Knowledge Base Macintosh amp Other Version Qx29170 Download B GFILANguard N S Platforms ae ees ee dB CFI LANguard SELM Server Applications Overview Change language 4B GFI Network Server Monitor system Management Ta Tools Development Resources Resources Download Center Help A security vulnerability has been identified that could allow an attacker to disrupt a facility by which security
25. N S S supports in its CGI abuse section are GET and HEAD 5 Specify URL to check This is the URL that GFI LANguard N S S should query 6 Specify the Return String This is what GFI LANguard N S S should look for in the returned information to see if the machine is vulnerable to this attack Adding other vulnerability checks You can also add other vulnerabilities without writing scripts They use the same basic format as the CGI vulnerability check however you can set more complex conditions To do this 1 Go to the GFI LANguard N S S Main Program Configuration Scanning Profiles node 2 Go to the Scanned Vulnerabilities tab and select the type of vulnerability you wish to add by clicking on the category under which the new vulnerability will fall Now click on the Add button This brings up the new vulnerability check dialog 60 Adding vulnerability checks via conditions or scripts LANguard Network Security Scanner Manual Edit Yulnerability xi Vulnerability Name ppp23 Short Description An attacker could execute commands as root Security Level liflHghSecuty BugwgDURL A Trigger condition Check type Detalles Operating System is Unix SMTP Banner is QPOP 2 3 Tip Right Click to add remove checks Creating a new Vulnerability 3 Enter the basic details such as the name short description security level URL if applicable You can also specify how lo
26. NMP enterprise numbers will allow GFI LANguard N S S to extend support in SNMP scanning If this is disabled devices discovered by SNMP that are unknown to GFI LANguard N S S will not report who the vendor is supposed to be Unless you are running into problems it is recommended to leave this option enabled By default most SNMP enabled devices use the default community string public but for security reasons most administrators will change this to something else If you have changed the default SNMP community name on your network devices you will want to add it to the list GFl LANguard N S S uses Note You can add more than one SNMP community name here For each additional community name you add the SNMP part of the scan will have to run another time If you have public and private set in the community name string the SNMP scan will run through the whole IP range you give it twice It will go through it once with the string of public and then again with the string of private Scanner activity windows options The output options allow you to configure what information will be displayed in the scanner activity pane It is useful to enable it however only enable Verbose or the Display packets for exceptional debugging purposes Scheduled Scans The scheduled scan feature allows you to configure scans which will be run automatically at a specific date time Scheduled scans can also be run
27. Patches Scanner properties o Eg Jw mw LANguard Network Security Scanner Manual Configuring GFI LANguard N S S e 27 Scanned TCP UDP ports The scanned TCP UDP ports tabs allow you to specify which TCP and UDP ports you wish to scan To enable a port simply click on the tick box next to the port CEMER File Tools Configure Help 5 x 3 New Scan lig Currently Logged On User User Mames Password i Scanning Profiles D 2x TEP Ports UDP Ports OS Data Vulnerabilties Patches Scanner Properties Specify what information is to be retrieved by the scanner when using this profile Y Enable TCP Port Scanning Active GB Ful TCP amp UDP P Notes J zi E BB Missing Patches 2 Porte Description GB Only Web O 1 65535 Full Port List 29 only SNMP E ej Daytime gt T GB Ping them All 29 Share Finder 9 Trojan Ports BA Slow Networks on Finger e 38 linuxconf Bons News Qold gt Quote of the Day Hoz FTP gt File Transfer Protocol Hoz SSH gt Remote Login Protocol 2 Telnet gt Remote Login Protocol Ho SMTP gt Simple Mail transfer Protocol e NameServer gt WINS Host Name Server 53 Domain gt Domain Name Server Mes HTTP gt World Wide Web HTTP BH e 103 Pop2 gt Post Office Protocol 2 Bono Pop3 gt Post Office Protocol 3 en SunRPC gt SUN Remote Procedure Call e 113 identd gt Authentication Service 9
28. ability check you will get too many false reports So if you decide to create your own vulnerability checks make sure you Adding vulnerability checks via conditions or scripts 63 design them very specifically and put a lot of thought and planning into them You are not limited to just one of the above things to trigger a vulnerability check it could be that you have it set to check for multiple conditions for example e Check OS e Port XYZ e Banner ABC e LANS script QRS run and checks for the vulnerability If all of the criteria above are met then and only then will the vulnerability check be triggered Note Building expressions will let you do a vulnerability check such as this one that is used to check the version of Apache running on a machine Apache 1 0 2 0 9 3 O 9 0 9 0 1 0 9 2 0 5 121 0 0 9 0 9 0 2 0 9 3 0 8 For those experienced in C or Perl the above format is much the same as what you can do in those languages There are many help pages on the Internet on how to use this In the examples below we will try to walk through and explain it but if you need more help on it see the end of this section for a hyperlink If you would like to see a sample walkthrough on creating a new Vulnerability with a script in it look at the GFI LANguard N S S scripting documentation 64 Adding vulnerability checks via conditions or scripts LANguard Network Security Scanner Manual
29. anual Getting Started Performing an Audit 19 Additional Results This section list additional nodes and results which you can look at after you have reviewed the more important scan results above NETBIOS names In this node you will find details about the services installed on the machine Computer MAC This is the Network card MAC address Username This is the username of the currently logged on user or the machine username TTL The value of Time To Live TTL is specific to each device Main values are 32 64 128 and 255 Based on these values and the actual TTL on the packet it gives you an idea of the distance number of router hops between the GFI LANguard N S S machine and the target machine that was just scanned Computer Usage Tells you whether the target machine is a Workstation or a Server Domain If the target machine is part of a domain this will give you a list of the trusted Domain s If it is not part of a Domain it will display the Workgroup the machine is part of LAN manager Gives the LAN Manager in use and OS Sessions Displays the IP address of machines that were connected to the target machine at the time of the scan In most cases this will just be the machine that is running GFI LANguard N S S and has recently made connections Note Due to the constant changing of this value this information is not saved to the report but is here for informational purposes only Networ
30. are located behind a proxy server e New vulnerabilities are enabled by default Enables Disables newly added vulnerabilities to be included in the scans of all other profiles 30 Configuring GFI LANguard N S S LANguard Network Security Scanner Manual Downloading the latest Security Vulnerabilities To update your Security Vulnerabilities select Help gt Check for updates from the GFI LANguard N S S scanner program This will download the latest security vulnerabilities from the GFI website This will also update the fingerprint files used to determine what OS is on a device NOTE On startup GFI LANguard N S S can automatically download new vulnerability checks from the GFI website You can configure this from the GFI LANguard N S S General Product Updates node Scanned Patches ES GFI LANguard N S S je x Ele Tools Configure Help New Scan Using Currently Logged On User y User Name Password E canning rome E aala x TCP Ports UDP Ports OS Data Vulnerabillies Patches Scanner Properties g Es paraa Active Specify what information is to be retrieved by the scanner when using this profile Hi EENE eb Y Delect installed and missing service packs patches El B Missing Patches Bulletins to be checked for 1 BB only Web Bulletin names Dateposted__ Tile 2 BA Only SNMP wso4 005 2004 02 10 Vulnerabilty in Virtual PC for Mac could lead to privilege elevation 8351
31. at http forums gfi com Build notifications We strongly suggest that you subscribe to our build notifications list This way you will be immediately notified about new product builds To subscribe to our build notifications go to http support gfi com 66 Troubleshooting LANguard Network Security Scanner Manual XML 6 Index D DNS lookup 51 53 54 55 56 G groups 5 19 H Hot fixes 19 HTML 6 L License 7 0 Open ports 6 Operating System 6 P Password policy 17 SE 6 R Registry 17 S security policy 5 Services 6 Shares 5 6 16 SNMP 14 53 SNMP audit 53 System requirements 9 T Traceroute 52 Trusted domains 20 U Users 5 6 5 6 19 20 19 20 57 LANguard Network Security Scanner Manual Troubleshooting 67
32. ate shares Yes SY SNMP information Enumerate local users Yes E List of computers Enumerate local groups Yes EP ip address MAC address Enumerate Network Devices and Transports Yes Result comparison Deploy Microsoft patches Enumerate disk drives No ij Deploy custom patches Request remote lime of day No m 3 Tools Request information from remote registry Yes E E Configuration Enumerate services Yes ica Enumerate sessions Yes Scheduled Scans Desi ERE s alert Options lead password policies es Parameter Files Enumerate remote processes No 8 Database Maintenance Security audit policy Yes E ii General 3 Program Updates Version Information 8 Licensing 4 How to purchase amp Support Center Knowledge Base GFI LANguard N 5 5 GFI LANguard S E L M 4B GFI Network Server Monitor Retrieves OS version P T for win3x linux and Shares security mode Acts as a fail safe for when OS Fa inl identification by Gather live PC urit fails Scanning profiles Using scanning profiles you can configure different types of scans and use these different scans to focus on particular types of information that you want to check for A scan profile is created by going to the Configuration Scanning profiles node right clicking and selecting New Scan Profile You can configure the following options for each profile Scanned TCP ports Scanned UDP ports Scanned OS data Scanned Vulnerabilities Scanned
33. ation 4 GFI LANguard N 5 5 GFI LANguard 5 E L M E GFI Network Server Monitor Monitoring the download process Deploying custom software The custom software deployment tool is very handy to quickly deploy custom patches for software network wide or even to install software network wide The custom software deployment tool is also frequently used to deploy virus signature updates network wide The process of deploying custom software is very similar to the process of patching a machine ES GFI LANguard N S S Currently Logged On User Deploy custom patches Scan Filters Current Scan Result comparison Tools Ej C Documents and Settings nickg My Doc Si DNS Lookup Sm Traceroute gt Enumerate Computers Enumerate Users Snmp Audit gt Snmp Walk i SQL Server Audit nfiguration Scanning Profiles Scheduled Scans Alerting Options Parameter Files Database Maintenance General 3 Program Updates Version Information E Licensing 8 How to purchase 4B Support Center Knowledge Base GFI LANguard N 5 5 GFI LANguard S E L M GFI Network Server Monitor 9 2 120l Deploying customer software LANguard Network Security Scanner Manual Patch Deployment 45 Step 1 Select the machines on which to install the software patches 1 Goto Deploy custom software node in the tools node 2 Click on the Add button to add a single computer or click on the select butto
34. ation IV Basic information Host information Aliases jv MX Records T NS Records DNS Server s to query Use default DNS server 7 Use alternative DNS server s 212 93 140 1 Edd DNS Lookup tool To obtain information about a domain name 1 Goto the Tools DNS lookup node 2 Specify the hostname to resolve 3 Specify the information to retrieve LANguard Network Security Scanner Manual Tools 51 e Basic Information l e host name and to what ip this resolves e Host Information Known technically as the HINFO and usually includes information such as hardware and what OS runs on the specified domain most DNS entries do not contain this information for security reasons e Aliases returns information on what A Records the Domain might have e MX Records known also as Mail exchangers records shows which mail server s and in what order are responsible for this domain e NS Records indicate which name servers are responsible for this domain In addition it is possible to specify an alternative DNS server Trace Route IE GFI LANguard N 5 5 elx Ele Tools Configure Help New Scan Using Currently Logged On User Liser Name Password a a De igi GFI LANguard N 5 5 E fil Security Scanner Default Time ms Best time Average 1 69 20 55 135 Request timed out 1000 1000 1000 00 Iteration IP Hostname E Scan Filte
35. be in one of the following states indicated by an icon in the missing patch list E Downloaded Currently being downloaded ae Waiting for user to navigate to the web page to click on the link to download the file EB Not downloaded Downloading the patches Microsoft patches listed in the mssecure xml file can be categorized in three main types 1 Patches which have a direct download URL location 2 Patches which will require some web page navigation to download the file 3 Patches for which no patch file exists To download patches for which there is a direct link For patches for which there is a direct download link right click on the patch file and select Download File The download will start and when completed the file will be placed in the correct directory for you To download patches for which there is no download link but only a source web page When GFI LANguard N S S detects a file which needs to be downloaded manually from the Microsoft web site it will load the target parent web page in the bottom area of the deployment tool You will then be able to find the appropriate download link and click on it GFI LANguard N S S will be monitoring this web session and as soon as it detects that you clicked on a direct download link it will start downloading that file for you automatically The navigation through the web page will be part of the download session Should you want to cancel the download
36. bilities 5 gt gt KEI 1 91 ont Scan filters The following scan filters are included by default Full report Shows all security related data collected in a scan Vulnerabilities High Security Shows issues which require immediate attention missing service packs missing patches high security vulnerabilities and open ports Vulnerabilities Medium Security Shows issues which may need to be addressed by the administrator medium security vulnerabilities patches which cannot be detected Vulnerabilities All Shows all vulnerabilities detected missing patches missing service packs potential information checks patches which could not be detected low amp high security vulnerabilities Filtering scan results 23 Missing patches and service packs lists all missing service packs and patch files on the machines scanned Open Ports lists all open TCP and UDP ports Open Shares lists all open shares and who has access to them Auditing Policies lists the auditing policy settings on each of the scanned computers Password Policies lists the active password policies on each of the scanned computers Groups and users lists the users and groups detected on each of the scanned computers Computer properties Shows the properties of each computer Selecting the scan results source By default the filters will work on the current scan data However it is possible to select a different sca
37. chines such as usernames and groups which may include rogue objects to allow backdoor access network shares and similar objects found on a Windows Domain Apart from this GFI LANguard N S S also identifies specific vulnerabilities such as configuration problems in FTP servers exploits in Microsoft IIS and Apache Web Servers or problems in NT security policy configuration plus many other potential security issues Importance of Internal Network Security Internal Network security is more often than not underestimated by its administrators Very often such security does not even exist allowing one user to easily access another user s machine using well known exploits trust relationships and default settings Most of these attacks require little or no skill putting the integrity of a network at stake Most employees do not need and should not have access to each other s machines administrative functions network devices and so on However because of the amount of flexibility needed for normal operation internal networks cannot afford maximum security On the other hand with no security at all internal users can be a major threat to many corporate internal networks A user within the company already has access to many internal resources and does not need to bypass firewalls or other security mechanisms which prevent non trusted sources such as Internet users to access the internal network Such internal users equipped with hac
38. collect from the operating system during the scan Currently only Windows OS data is supported however UNIX scan data is under development LANguard Network Security Scanner Manual Configuring GFI LANguard N S S 29 EOS Ele Tools Configure Help New Scan Using Currently Logged On User y User Name Scanned Vulnerabilities passwords e i5 x Scanning Profiles Tools Explorer d X TCP Ports UDP Ports OS Data Vulnerabiilies Patches Scanner Properties Bi GFT LANguard N 5 5 A Default Active Specify what information is to be retrieved by the scanner when using thie profile E al Security Scanner Default 23061 Scanning s s Mj Scan Fiters Saved Result 31 Ful TCP amp UDP P Iv Enable Vulnerabilios Scanning 4 a pare poa E4 Missing Patches E D Vulnerabilities Name Impact Description EP Securty issues BP Only Web G9 CGI Abuses ait Mail Server 3 3a An attacker could run commands as root E Missing patches i Only SNMP 169 DNS Vuinerabiities El EXPN VRFY commands enabled Possible information disclosure Read th E open ports BA Ping them All 109 FTP Vulnerabilities Imail Pop3 5 0 Execute arbitrary commands NT Syste Ef Open TCP ports hao pue Z H Hal Vuhexbities g g QPOP 22 An attacker could execute commands a 4 Open UDP ports o OU g
39. custom patches i Tools E Configuration fly Scanning Profiles Scheduled Scans J E E GFI SECURITY amp MESSAGING SOFTWARE j S Patch File Download Attendant Alerting Options This web area is part of the patch downloading system in GFI LANguard N S S E34 Parameter Files There are three main types of patches in the mssecure xml file Database Maintenance 1 Patches which have a direct download URL location E General 2 Patches which will require some web page navigation to download from a parent web page 3 Patches for which no patch file exists When GFI LANguard N S S detects a file with a direct download location itwill start downloading it instantly When GFI LANguard N S S detects a file which needs to be downloaded manually from the Microsoft web site it will load the target parentweb page in this area You will then be able to find the appropriate download link and click on it GFI LANguard N S S will be monitoring this web session and as soon as it detects that you clicked on a direct download link it will start downloading that file for you automatically The navigation through the web page will be part of the download session Should you want to cancel the download session you will need to click on the patch and select Cancel X Program Updates Version Information 8 Licensing 4B How to purchase B Support Center B Knowledge Base 8 GFI LANguard N 5 5 4B GFI LANguard S E L M 4
40. e 2 List all Sun stations with a web server To list all Sun stations running a web server on port 80 define the following queries 1 Operating system includes SunOS 2 TCP port is open 80 26 e Filtering scan results LANguard Network Security Scanner Manual Configuring GFI LANguard N S S Introduction to configuring GFI LANguard N S S You can configure GFI LANguard N S S from the configuration node Here you can configure scan options scanning profiles with different scanning options scheduled scans alerting options and more Scanning profiles EJ GFI LANguard N 5 5 181 Ele Tools Configure Help New Scan Using Currently Logged On User y User Mame Password E Scanning Profiles D ols Explorer EEES TCP Ports UDP Ports OS Data Vulnerabilties Patches Scanner Properties M GFT LANguerd N s 5 Default Active Specify what information is to be retrieved by the scanner when using this profile E E Security Scanner Default B Cal Scanning 2 Scan Fiters Saved Result 3 i 43 Full TCP amp UDP P e gt cat i GB Missing Patches I BF seartyenms Gpe wee Reques server iometon v 23 Only SNMP equest server information es gt Missing patches B Ping them All Identify PDC Primary Domain Controler Yes gt rae GB Share Finder Identify BDC Backup Domain Controler Yes Y Open UDP ports BA Trojan Ports Enumerate trusted domains Yes DP List of shares BA Slow Networks Enumer
41. e following auditing policies are recommended Auditing Policy Success Failure Account logon events Yes Yes Account management Yes Yes Directory service access Yes Yes Logon events Yes Yes Object access Yes Yes Policy change Yes Yes Privilege use No No Process tracking No No System events Yes Yes You can enable auditing directly from GFI LANguard N S S Right click on one of the computers in the left pane and select Enable auditing This will bring up a the auditing policy administration wizard LANguard Network Security Scanner Manual Getting Started Performing an Audit e 17 Specify which auditing policies to turn on There are 7 security auditing policies in Windows NT and 9 security auditing policies in windows 2000 Enable the desired auditing policies on the computers to be monitored Click on Next to turn on the auditing policies GFI LANguard N S S Administration Wizard Switch on security auditing policies Automatic turning on of security auditing policies Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events HOOP Enabling Audit Policies on remote machines If no errors are encountered the finish page will be displayed If an error has occurred then another page will be displayed indicating the comput
42. e that are issues important enough to be brought to the administrators attention but not always damaging to leave open Potential Vulnerabilities Node The potential vulnerabilities node displays potential security issues important information as well as certain checks that could not be performed For example if it could not be determined that a particular patch is installed it will be listed under the Non detectable patches node These potential vulnerabilities need to be reviewed by the administrator EB GFI LANguard N s s joy x File Tools Configure Help 4 New Scan xj E Using Currently Logged On User User Name administrator Password E Security Scanner Default BY 2d Scan Target 127 0 0 1 Profile Default al o Es Scanned Computers Scan Results sls 172 16 130 71 ANDREMDEV Windc i Non detectable patches 3 a Fi Vulnerabilities 9 E 3 MDAC 2 7 Gold Potential Vulnerabilities 8 Y Ms04 003 832483 P Shares 10 Title Buffer Overrun in MDAC Function Could Allow Code Execution 832483 GQ Password policy Reason Cannot determine if this patch is installed or not G Security audit policy On Bl Date posted 2004 01 13 43 Registry Bs Date revised 2004 01 13 Open TCP Ports 6 4 amp URL http download microsoft com download C 2 4 C245528E A1E 4 492E BC Mf System patching status E E Windows XP Professional Service Pack 1a NETBIOS
43. e to use for scanning If not specified the current active profile will be used Output Optional Full path including filename where to output the scan result xml file Report Optional Full path including filename where to generate the output scan report html file User Optional Scan the specified target using the alternative credentials specified in the User and Password parameters Password Optional Scan the specified target using the alternative credentials specified in the User and Password parameters Email Optional Send the resulting report to this alternative email address The mailserver specified in the LNSS Configuration Alerting Options node will be used DontShowStatus Optional Do not show scan progress details NOTE For full paths and profile names enclose the name in inverted commas e g Default c temp test xml LANguard Network Security Scanner Manual Configuring GFI LANguard N S S 37 Example Insscmd exe 127 0 0 1 Profile Default Output c out xml Report c result html email Inss 127 0 0 1 The above will make the command line scanner perform a security scan on the machine 127 0 0 1 output the xml file to ciout xml once the scan is complete generate the html report in c result html and send the report to the email address Inss 127 0 0 1 38 Configuring GFI LANguard N S S LANguard Network Security Scanner Manual Patch Deployment Introduction to patch deployme
44. ecurity scanner tool 48 Patch Deployment LANguard Network Security Scanner Manual Results Comparison Why Compare Results By performing audits regularly and comparing results from previous scans you will get an idea of what security holes continually pop up or are reopened by users This creates a more secure network GFI LANguard Network Security Scanner helps you do this by allowing you to compare results between scans GFI LANguard N S S will report the differences and allow you to take action You can compare results manually or through scheduled scans Performing a Results Comparison interactively Whenever GFI LANguard N S S performs a scheduled scan it saves the scan results XML file in the Data Reports directory in the GFI LANguard N S S installation directory You can also save the current scan results to an xml file by right clicking on the security scanner node and selecting Save scan results to XML file To compare two scan result XML files 1 Go to the result comparison tool under GFI LANguard N S S gt Security Scanner Result comparison 2 Select two scan result files performed with the same options and on the same set of computers but performed at different times and click Compare LANguard Network Security Scanner Manual Results Comparison 49 ES GFI LANguard N S S BoE Ele Tools Configure Help 4 New Scan Ml E Using Currently Logged On User Liser Name
45. enshot It tells you what has been enabled or disabled and any network changes since the last scan e New items will show you anything new that occurred after the first scan e Removed items will show any devices issues that were removed since the first scan e Changed items will display anything that has changed such as a service being enabled or disabled between scans Performing a Comparison with the Scheduled Scans Option Instead of manually scanning your network each day week or month you can setup a scheduled scan A Scheduled Scans will run automatically at a certain time and will emailing the differences between scheduled scans to the administrator For example the administrator can configure the Scheduled Scan feature to perform a scan every night at 23 00 The GFI LANguard N S S attendant service will launch a security scan on the selected target computer s and save the results to the central database Then it will compare the current results with the results from the night before and report the differences if any NOTE If this is the first time that a scheduled scan is performed or if there are no differences detected with the previous scan then GFI LANguard N S S will not email you a report You will only receive a report if something has changed 50 Results Comparison LANguard Network Security Scanner Manual Tools Introduction The following Tools can be found under the Tools Menu e DNS Lookup e Who
46. ers on which the application of the policies failed GFI LANguard N S S Administration Wizard Application of security auditing policies results The results of the application of the security auditing policies to all computers v TESTSTATION Success Results dialog in audit policy wizard 18 Getting Started Performing an Audit LANguard Network Security Scanner Manual Open Ports The open ports node lists all open ports found on the machine This is called a port scan GFI LANguard N S S does a selective port scan meaning it does not by default scan all 65535 TCP and 65535 UDP ports just the ports it is configured to scan for You can configure the ports it should scan for from Scan options For more information see the chapter Configuring Scan Options Configuring Ports to Scan Each open port represents a service application if one of these services can be exploited the hacker could gain access to that machine Therefore it s important to close any port that is not needed Note On Windows Networks ports 135 139 amp 445 are always open GFI LANguard N S S will show open ports and if the port is considered a known Trojan port GFI LANguard N S S will display it in RED otherwise the port will show up in GREEN You can see this in the following screen shot e 5000 UPnP gt Universal Plug and Play o 8080 Http Proxy m 12345 Netbus H 27374 Subseven Note Even if a port s
47. es and service packs for the operating system e Ability to detect missing hot fixes and service packs for supported applications e Ability to compare scans to learn about new possible entry points e Ability to patch OS English Windows Systems amp Office applications English French German Italian Spanish e Operating system identification Live host detection e HTML XSL and XML output e SNMP amp MS SQL auditing e VBscript compatible scripting language to build custom vulnerability checks GFI LANguard N S S components GFI LANguard N S S is built on an enterprise class architecture and has the following components GFI LANguard Network Security Scanner This is the main interface to the product Use this application to view the scanning results real time configuring scan options scan profiles filter reports use specialized security administration tools and more 6 e Introduction LANguard Network Security Scanner Manual GFI LANguard N S S attendant service This service runs scheduled network scans and scheduled patch deployments lt runs in the background GFI LANguard N S S Patch agent service This service is deployed on the target machines on which a patch service pack or software has to be deployed and takes care of the actual patch service pack or software installation GFI LANguard N S S Script Debugger Use this module to write debug custom scripts that you have created License Scheme
48. ese GFI LANguard N S S will assume for now that the device either does not exist at a specific IP address or that it is currently turned off Note If you want to force a scan on Imps that do not respond see the chapter Configuring scan options for information how to configure this Analyzing the Scan Results e Currently Logged On User De de 127001 Default GFI LANguard N 5 5 B puu Ej Sl Scan Filters Saved Result 7T gie 192 168 100 158 TESTSTATION Windows 5 r4 deti Vulnerabilties 8 Alerter Alerter Running Automatic a ee nase ty 8 Potential Vulnerabilities 6 Ma Application Layer Gateway Service Stopped Manual EY Missing ie riis Shares 8 Ail AppMgmt Application Management Stopped Manual E open ports li Na eea appar Remote Server Manager Running Automatic Elf open TCP ports pele nds n Bi AudioSiv Windows Audio Running Automatic Ef Open UDP ports LE Regi zd Ed Background Inteligent Transfer Service Running Manual BP List of shares z DR IER Potts 6 GB Browser Computer Browser Running Automatic _ Y SNMP information 9 System patching status Hl cisvc Indexing Service Stopped Disabled BY List of computers ES NETBIOS names 4 i Clips ClipBook Stopped Disabled RF Ip address MAC address i Computer 88 COMSysApp COM System Application Running Manual E Result comparison 6 18 3 Coptsve Cr
49. expiration Errori ci d as renal Whois tool This tool will lookup information on a domain or IP address You can select a specific Whois Server from the options area or you can use the Default option which will select a server for you SNMP Walk SNMP walk allows you to gather SNMP information The right pane contains a list of names symbolizing specific Object ID s on the device To find out more about the information provided by the SNMP walk you will have to check with the vendor Some vendors provide great details on what each piece of information means others though their devices support SNMP provide no documentation on it at all To use the utility click on Tools gt SNMP walk Enter the IP address of a machine or device which you wish to scan walk Note In most cases SNMP should be blocked at the router firewall so that Internet users cannot SNMP scan your network It is possible to provide alternative community strings Note SNMP will help malicious users learn a lot about your system making password guessing and similar attacks much easier Unless this service is required it is highly recommended that SNMP is turned off SNMP Audit LANguard Network Security Scanner Manual The SNMP Audit tool allows you to perform an SNMP audit on a device and audit for weak community strings Some network devices will have alternative or non default community strings The dictionary file contains a list of popu
50. hines that you wish to run it on If you have 3 administrators using GFI LANguard N S S then you have to buy 3 licenses Entering the License key should not be confused with the process of registering your company details on our website This is important since it allows us to give you support and notify you of important product news Register on http www gfi com pages regfrm htm Note To find out how to buy GFI LANguard N S S follow the General How to purchase node LANguard Network Security Scanner Manual Installing GFI LANguard Network Security Scanner e 11 Getting Started Performing an Audit Introduction to Security Audits An audit of network resources enables the administrator to identify possible risks within a network Doing this manually requires a lot of time because of the repetitive tasks and procedures which have to be applied to each machine on the network GFI LANguard N S S automates the process of a security audit 8 easily identifies common vulnerabilities within your network in a short time Note If your company runs any type of Intrusion Detection Software IDS then be aware that the use of LANguard Network Security Scanner will set off almost every bell and whistle in it If you are not the one in charge of the IDS system make sure that the administrator of that box or boxes is aware of the scan that is about to be run Along with the warning of IDS software be aware that a lot of the scans will sho
51. hows up in RED as a possible Trojan port that does not mean that that a backdoor program is actually installed on the machine Some valid programs will use the same ports as some known Trojans One antivirus program uses the same known port as the NetBus Backdoor So always check the banner information provided and run checks on these machines Users amp Groups These nodes show the local groups and the local users available on the computer Check for extra user accounts and verify that the Guest account is disabled Rogue users and groups can allow backdoor access Some backdoor programs will re enable the Guest account and grant it Administrative rights so check the details of the users node to see the activity of all the accounts and the rights they have Ideally the user should not be using a local account to logon but should be logging into a Domain or an Active Directory account The last main thing to check is to ensure that the password is not too old Services All the services on the machine are listed Verify that the services running need to be and disable all services that are not required Be aware that each service can potentially be a security risk and a hole into the system By closing or switching off services that are not needed security risks are automatically reduced System Patching status This node shows what patches are installed and registered on the remote machine LANguard Network Security Scanner M
52. ible from the GFI LANguard N S S program group IMPORTANT NOTE GFI cannot offer any support in the creation of scripts that are not working You can post any queries you may have about GFI LANguard N S S scripting on the GFI LANguard forums at http forums languard com where you will be able to share scripts and ideas together with other GFI LANguard N S S users Adding a vulnerability check that uses a custom script You can add vulnerability checks that use a custom script You can create these custom scripts using the GFI LANguard NSS editor debugger To do this Step 1 Create the script 1 Launch the GFI LANguard N S S Script Debugger from Start gt Programs gt GFI LANguard Network Security Scanner gt Script Debugger 2 File gt New 3 Create a script As an example you can use the following dummy script and enter it in the debugger LANguard Network Security Scanner Manual Adding vulnerability checks via conditions or scripts e 57 Function Main echo Script has run successfully Main true End Function 4 Save the file e g c myscript vbs Step 2 Add the new vulnerability check 1 Go to the GFI LANguard N S S Main Program gt Configuration gt Scanning Profiles node 2 Go to the Scanned Vulnerabilities tab and select the category under which the new vulnerability will fall Now click on the Add button This brings up the new vulnerability check dialog Add Yulnerability xi E De
53. ight permissions users can then easily copy executables into the startup folder which will be executed upon the next interactive logon by the administrator Note If you are running the scan logged in as an administrator you will also see the administrative shares for example C default share These shares will not be available to normal users With the way Klez and other new viruses are starting to spread through the use of open shares all unneeded shares should be turned off and all needed shares should have a password on them Password Policy This node allows you to check if the password policy is secure For example enable a maximum password age and password history Minimum password length should be something practical such as 8 characters If you have Windows 2000 you can enable a secure password policy network wide using a GPO Group Policy Objects in Active Directory Registry This node gives vital information about the remote registry Click on the Run node to check what programs automatically launch at startup Check that the programs that automatically launched are not Trojans or even valid programs that provide remote access into a machine if such software is not allowed on your network Any type of Remote Access software can end up being a backdoor that a potential hacker can use to gain entrance Security audit policy This node shows which security auditing policies are enabled on the remote machine Th
54. ing Delay Default 100 ms WP SNMP information Network discovery query responses timeout default 500ms BF ust of computers Number of retries Default 1 Fe UE address Include nor esponsive computers Deploy Microsoft patches Deploy custom patches als Load SNMP enterprise numbers Community Stings e g public private TCP Port scan query timeout Default 1500 ms Database Maintenance UDP Port scan query timeout Default 600 ms E i General RY Pr dates 7 ke Program Upe E Type of scanner activity progress output Version Information Display received packets f Licensi f pesa Display sent packets B GFI LANguard N 5 5 B GFI LANguard S E L M Security Scanner properties 32 Configuring GFI LANguard N S S LANguard Network Security Scanner Manual Network discovery methods This section addresses which methods GFI LANguard N S S is to use to discover machines over the network The NETBIOS queries option allows NetBIOS or SMB queries to be used If the Client for Microsoft Networks is installed on the Windows Machine or if Samba Services are installed on a Unix machine then those machines will answer the NetBIOS type query You can add a ScopelD to the NetBIOS Query This is only required in some cases in which systems have a ScopelD If your organization has a ScopelD set on NetBIOS input it here The SNMP queries option will allow SNMP packets to be sent out with the
55. ipt c myscript vbs Click Add to add vulnerability It will be run next time a computer is scanned for vulnerabilities 7 To test it out simply scan your local host machine and you should see the vulnerability warning under the miscellaneous section of the vulnerabilities node of the scan results a o Miscellaneous Alerts 1 E itj Script run test 4 Description Script has run successfully Adding a CGI vulnerability check You can also add vulnerabilities without writing scripts For example a CGI vulnerability check To do this 1 Go to the GFI LANguard N S S Main Program gt Configuration gt Scanning Profiles node 2 Go to the Scanned Vulnerabilities tab and select the CGI vulnerabilities node Now click on the Add button This brings up the new CGI vulnerability check dialog LANguard Network Security Scanner Manual Adding vulnerability checks via conditions or scripts e 59 Add CGI Abuse x Vulnerability Name A Short Description a A Security Level E Low Security mg But el Trigger condition HTTP Method GET method JH To check for the URL AA Under the Directories AAA Return string Contains any text e PEA Cancel Apply Creating a new CGI Vulnerabilities 3 Enter the basic details such as the name short description security level URL if applicable You can also specify how long it takes to execute this check 4 Specify HTTP method the 2 methods GFI LANguard
56. is Client e Trace Route e SNMP Walk e SNMP Audit e MS SQL Server Audit e Enumerate Computers DNS lookup This tool resolves the Domain Name to a corresponding IP address and in addition provides information about the domain name such as whether it has an MX record etc E9 GFI LANguard N S S File Tools Configure Help e Password New Scan Using Currently Logged On User User Marie E DNS Lookup Tools Explorer Tom EA GFI LANguard N 5 5 E ii Security Scanner Default ES Scan Filters Current Scan BF Full report F High security alerts SP security issues EY Missing patches BP Open ports 8 Open TCP ports 3 Open UDP ports 9 List of shares Y SIMP information F List of computers Performing DNS Lookup operation through DNS Server 212 93 140 1 Resolving host www gfi co Please wait Basic information results INS server3 gfi com MX Records results BF 1p address MAC addre records tourd Result comparison Deploy Microsoft patches Sj Deploy custom patches Rj Tools S DNS Lookup S Traceroute S Whois 4l Enumerate Computers A Enumerate Users 4 Snmp Audit S Snmp Walk S SQL Server Audit E E Configuration Scanning Profiles Scheduled Scans le Alerting Options gl Parameter Files E Database Maintenance E ER General Z Program Updates icensina Options a General Retrieve the Following Inform
57. k Devices Provides a list of network devices available on the target machine Remote TOD Remote Time of the Day This is the network time on the target machine which is usually set by the Domain Controller Performing On site and Off site scans We recommend that you run GFI LANguard N S S in 2 ways the so called On site scans and off site scans On Site Scan Setup a machine with LANguard Network Security Scanner installed on it Do a scan of your network with a NULL session Select Null Session from the using drop down box 20 Getting Started Performing an Audit LANguard Network Security Scanner Manual Once this first scan is done change the using drop down box value to Currently logged on user if you have administrative rights to your domain or as Alternative credentials that have administrative rights to the Domain or to Active Directory Save this second scan for comparison later on With the NULL session you can see what any user making a connection to your network via a Null connection would be able to see The scan that has administrative rights will help show you all of the hot fixes and patches that are missing on the machine Off Site Scan If you have an outside dialup account or high speed internet access that is not tied to your company you will now want to turn around and scan your network from the outside world Do a NULL session scan of your network This will let you see what anyone
58. king skills can successfully penetrate and achieve remote administrative network rights while ensuring that their abuse is hard to identify or even detect LANguard Network Security Scanner Manual Introduction e 5 In fact 80 of network attacks originate from inside the firewall ComputerWorld January 2002 Poor network security also means that should an external hacker break into a computer on your network he she can then access the rest of the internal network more easily This would enable a sophisticated attacker to read and possibly leak confidential emails and documents trash computers leading to loss of information and more Not to mention then use your network and network resources to turn around and start attacking other sites that when discovered will lead back to you and your company not the hacker Most attacks against known exploits could be easily fixed and therefore be stopped by administrators if they knew about the vulnerability in the first place The function of GFl LANguard N S S is to assist administrators in the identification of these vulnerabilities Key Features e Finds rogue services and open TCP and UDP ports e Detects known CGI DNS FTP Mail RPC and other vulnerabilities e Detects Rogue or backdoor users e Detects Open shares e Enumeration of users services etc e Can perform Scheduled Scans e Automatically updates Security vulnerability checks e Ability to detect missing hot fix
59. known MAE p All found users are processed Password pe SQL Accounts audit tool 54 e Tools LANguard Network Security Scanner Manual Enumerate Computers ES GFI LANguard N S S 0 x File Tools Configure Help i o New Scan E Using Currently Logged On User User Name administrator Password Enumerate Computers B Enumerate computers in domain E GFIMALTA y Options a 4840 dx3 soo amp r m x O S Windows 2000 Workstation F SB ALEXG Windows XP Workstation General Information Source gI ALEXZ Windows 2000 Workstation Enumerate all computers GU ANDREI DEV Windows XP Workstation C Only these GU ANDREIA4 Windows XP Workstation GB ANDREMDEY Windows XP Workstation SjOperating System S ANDREMTEST2 Windows server 2003 Server Windows 95 j 98 ME GU ANDRESB Windows XP Workstation Windows NT LJ Si ANDREWZ Windows XP Workstation Windows 2000 gl ANDREWZ2 Windows XP Workstation ES L SE ANGELICA Windows XP Workstation Windows XP S ANITA Windows XP Workstation Ravel SE AUTORESPONDER Windows XP Workstation s BACKUP Windows 2000 server Backup domain H Services SA BRIANAZ Windows XP Workstation RESTO all cctv Windows XP Workstation RHODE AGE cna ARO 221212222 Backup Domain Controllers BDC Start gathering information
60. lar community strings to check for The default file it uses for the dictionary attack is called Tools 53 snmp pass txt You can either add new community names to this file or direct the SNMP audit to use another file altogether To use the utility input the IP address of a machine running SNMP and click Retrieve MS SQL Server Audit This tool allows you to perform an audit on a Microsoft SQL server installation You can audit both the SA account as well as all SQL accounts By default it will use the dictionary file called passwords txt You can either add new passwords to this file or direct the utility to another password file To run a SQL server audit input the IP address of the machine running MS SQL If you want to password guess all SQL accounts you have to enter a user name and password to login to SQL to retrieve all user accounts E GFI LANguard N S S fx File Tools Configure Help i o New Scan i Using Currently Logged On User User Mame Password e SQL Server Audit D Audt MS SOL Server 127 0 0 1 al Options H General Dictionary Database Found 1 users Type of account audit operation to perform Audit one specific account Checking user 1 BUILTIN Administrators Username fa Usernane Password WARNING e Audit all SQL user accounts SS nn nn ooo Requires an account to log into the SQL Server to retrieve the list of available users BUILTIN A dministrators un
61. led patches with the available patches for a particular product If the machine is missing any patches you should see something like this E e Missing Patches 2 E93 Windows Server 2003 Enterprise Gold Ez e MS03 041 823182 E e MS03 043 828035 E ae Medium security vulnerabilities 1 Registry Vulnerabilities 1 e Low security vulnerabilities 5 First it tells you what product the patch is for If you expand that it will tell you the specific patch that is missing and give you a link to where you can download that specific patch CGI Abuses describe issues related to Apache Netscape IIS and other web servers LANguard Network Security Scanner Manual Getting Started Performing an Audit e 15 FTP vulnerabilities DNS vulnerabilities Mail vulnerabilities RPC vulnerabilities and Miscellaneous vulnerabilities provide links to Bugtraq or other security sites so that you can lookup more information about the problem GFI LANguard N S S found Service vulnerabilities can be a number of things Anything from actual services running on the device in question to accounts listed on a machine that have never been used Registry vulnerabilities cover information pulled from a Windows machine when GFI LANguard N S S does its initial scan It will provide a link to Microsoft s site or other security related sites that explain why these registry settings should be changed Information vulnerabilities are alerts added to the databas
62. ltS oooooconcccnncnnonononcnoncnnononononnncnnononononen nano rare nenn nro enne 14 IP Machine name OS and Service pack Level ooooocoonococnccccnoccccocccccocccconnno 15 Vulnerabilities Node dd 15 Potential Vulnerabilities Node oooooooocccnnccconnccconccccnoccccnonnconnnncnnnnncnnnnccnnrncnnnns 16 Shares HA 16 Password POMC se sce o reete erret ra ein eee e ches teh 17 A eens Aa reenter fae talon te tere 17 Security a dit Poliyen 32 2 2 3 trei ae e I ae sl e ied rete ee 17 Open POS T den 19 Users amp Groups aida 19 SetViCes 2 122 AA A ee t te mo He ARA 19 System Patching status cuina 19 Adaitiori l A aae aaae Ea aaa aa eaaa a aa EE o a EE aiee ao SEa a EeR des 20 CTN Error Bookmark n Trusted Domalris P 5 0 d ll nl Error Bookmark n COMPUTE distan en UTR eere peti eee ne radiate 20 Performing On site and Off site scans 20 OM SITCES CAN 3528 au EE Po en eed retardo A A capi Pe ent Sats 20 Off Site San E eanes 21 Comparison of on site and off site SCANS oe eect cee eeneeeeeteeeeeeeeneeeeeee 21 Filtering scan results 23 Introductions 3 5 3 ret RE edo Es 23 Selecting the scan results source nemen nere 24 Greating a custom scan Mia 24 Configuring Scan Options 27 Introduction to Scan Options 11 rd potrete edt ege in rent eh e Ree Ye ace ane 27 Scanning profiles is 27 Scarined TCP UDP pokts 2 re ed 28 How to add edit remove ports
63. n results data source file and apply the filters to this saved scan results data source file which is actually an XML file To do this 1 Go to the Scan filters node in the GFI LANguard N S S security scanner program 2 Right click and select Filter saved scan results XML file 3 Select the XML file containing the scan results data 4 All filters will now show data from this scan results file Next to the Scan Filters node the scan data source will be shown Either current scan data or the file name of the scan results you are filtering from NOTE If the data source for the scan filters is set to Current Scan there will be no results shown until a scan is made Creating a custom scan filter To create a custom scan filter 1 Right click on the GFI LANguard N S S gt Security scanner gt Scan Filters node and select New gt Filter 2 This will bring up the Scan Filter Properties dialog 24 e Filtering scan results LANguard Network Security Scanner Manual Advanced Properties Computers which are missing patch MS02 023 v Operating system is equal to Windows Scan Filters General page 3 Give the scan filter a name 4 Add any conditions that you want to filter to apply to the scan results data using the Add button You can create multiple conditions for the filter For each condition you must specify the property the condition and the value Available properties are Ope
64. n to select a range of computers on which to deploy the custom software Note You can also select which machines to deploy custom software on from Security Scanner node and the Tools gt Enumerate Computers node Step 2 Specify software to deploy Click on the Add button in the Patches section to specify the source location of the file and specify any command line parameters which need to be used for deployment of the file Add custom patch Specify the location of the file to deploy on the target machines Deploy the file at location D Mannetscan exe gt With the following parameters No parameters required Windows operating system patch Internet explorer patch e Custom Specifying the software to deploy Optionally you can schedule a time when the deployment should take place Step 3 Start the deployment process Once you have specified the software to be deployed and the computers to which it is to be deployed you can start the deployment process by clicking on the Start button 46 Patch Deployment LANguard Network Security Scanner Manual ES GFI LANguard N S S Currently Logged On User Default Scan Filters Saved Result 3 F Full report BP High security alerts WARNING Filters will nat work on this computer since it was not scanned or not properly scanned by sec WARNING Filters will not work on this computer since it was not scanned or not properly scanned by
65. names 5 1 B MS03 030 819696 Computer gt H MS02 008 317244 Ed Groups 11 4 amp 3 Information 5 Users 13 4 E Administrator account exists Sy Services 110 E Description It is recommended to rename this account E H User ASPNET never logged on 4 Description It is recommended to remove this account if not used E E User IUSR_ANDREMDEY never logged on 4 Description It is recommended to remove this account if not used E E User SQL Debugger never logged on 4 Description It is recommended to remove this account if not used Ei E User VUSR_ANDREMDEV never logged on gt Potential vulnerabilities node Shares The shares node lists all shares on a machine and who has access to a share All network shares must be properly secured Administrators should make sure that 1 No user is sharing his her whole drive with other users 2 Anonymous unauthenticated access to shares is not allowed 3 Startup folders or similar system files are not shared This could allow less privileged users to execute code on target machines 16 Getting Started Performing an Audit LANguard Network Security Scanner Manual The above is very important for all machines but especially for machines that are critical to system integrity such as the Public Domain Controller Imagine an administrator sharing the startup folder or a folder containing the startup folder on the PDC to all users Given the r
66. ne e Snmp pass txt this file contains a list of community strings that LNSS uses to identify if they are available on the target SNMP server If available these community strings will be reported by the SNMP scanning tool e telnet txt Again a file containing various telnet server banners used by LNSS to identify the OS running on the target machine e www txt A file contain web server banners used to identify what OS is running on the target machine e Enterprise numbers txt list of OID Object Identifier to enterprise vendor university relation codes If GFI LANguard N S S doesn t have the specific information on a device when it finds it information provided by the object ids txt file it will look at the vendor specific information returned and at least provide who the vendor is for the product it found This information is based on SMI Network Management Private Enterprise Codes which can be found at http www iana org assignments enterprise numbers Using GFI LANguard N S S from the command line It is possible to invoke the scanning process from the command line This allows you to call the scanner from another application or simply on a scheduled basis with your own custom options Usage Insscmd Target profile2profileName report reportPath output pathToXmIFile userzusername password password email emailAddress DontShowStatus Legend Profile Optional Profil
67. ng Auditing Policies Select which machines you want to enable auditing policies on gt Right click on any selected machine gt Enable Auditing Policies LANguard Network Security Scanner Manual Tools 55 Enumerate Users The Enumerate users function connects to Active Directory and retrieves all users and contacts in Active Directory 56 Tools LANguard Network Security Scanner Manual Adding vulnerability checks via conditions or scripts Introduction GFI LANguard N S S allows you to quickly add custom vulnerability checks This can be done in 2 ways By writing a script or by using a set of conditions Whichever method you use you will have to add the vulnerability via the Security scanner interface and specify either the script name or the conditions which must be applied Note Only Expert Users should create new Vulnerabilities as mis configuring Vulnerabilities will give false positives or provide no Vulnerabilities information at all GFI LANguard N S S VBscript language GFI LANguard N S S includes a VBscript compatible scripting language This language has been created to allow you to easily add custom checks It also allows GFI to quickly add new vulnerability checks and make them available for download GFI LANguard N S S includes an editor with syntax highlighting capabilities and a debugger For further information on how to write scripts please refer to help file Scripting documentation access
68. ng custom software esses nnnm retener 45 Step 1 Select the machines on which to install the Software patches is a 46 Step 2 Specify software to deploy sse 46 Step 3 Start the deployment process sseeee 46 Deployment optioris eorr occae terc eicere eere cett 47 Results Comparison 49 Why Gomipare Besults ein ipe ter reete r a 49 Performing a Results Comparison interactively se 49 Performing a Comparison with the Scheduled Scans Option sss 50 Tools 51 Inittod etiOn oiii hd Et Re ee Se osse itus ice 51 DNS lookup 335 iet ect t een tese EE d ore fs 51 Trace olt ood iod adn 52 Whois Clot oct deca 53 SNMP Walks 23 aede rtert teen Pe PON ote irren edge a ine ld 53 SNMP Adicciones E ERE EORR Teo dee 53 MS SQL Server Audit Dr ome et es EH e ma rrt rete 54 Enumerate Computers in 55 Launching a security scan etn 55 Deploying Custom PAtCh8S oooocoocccocococccooncoonccancnan cono corno cnn cnn nennen 55 Enabling Auditing Policies essere 55 Enumerate Users dde et tote o tate ina ted 56 Adding vulnerability checks via conditions or scripts 57 INTO reife iii AAA A A 57 GFI LANguard N S S VBscript language sse 57 Adding a vulnerability check that uses a custom script 57 Step 1 Create the script nnne 57 Step 2 Add the new vulnerability check
69. ng it takes to execute this check 4 Now you must specify what the to check for To add something to check for right click in the window Trigger condition and add a new check 5 You can specify any of the following things to base a vulnerabilities check off of e Operating System o Is o Is Not e Registry Key o Exists o Not Exists Note Only works under HKEY_LOCAL_MACHINE e Registry Path o Exists o Not Exists Note Only works under HKEY_LOCAL_MACHINE e Registry Value o Is Equal With o Is Not Equal With o Is Less Than LANguard Network Security Scanner Manual Adding vulnerability checks via conditions or scripts 61 o Is Greater Than Note Only works under HKEY_LOCAL_MACHINE e Service Pack o Is o ls Not o Is Lower Than o Is Higher Than e Hotfix o Is Installed o Is Not Installed o Is Installed o Is Not Installed e IIS Version o Is o Is Not o Is Lower Than o Is Higher Than e RPC Service o Is Installed o Is Not Installed e NT Service o Is Installed o Is Not Installed e NT Service running o Is running o Is not running e NT Service startup type o Automatic o Manual o Disabled e Port TCP o Is Open o Is Closed e UDP Port o Is Open o Is Closed e FTP banner o Is o Is Not 62 Adding vulnerability checks via conditions or scripts LANguard Network Security Scanner Manual LANguard Network Security Scanner Manual Note You can build expressions that check for Versi
70. nt Use the patch deployment tool to keep your Windows NT 2000 XP and 2003 machines up to date with the latest security patches and service packs To deploy patches and services packs you need to follow these steps Step 1 Perform a scan of your network Step 2 Select on which machines to deploy the patches Step 3 Select which patches to deploy Step 4 Download the patch amp service pack files Step 5 Patch file deployment parameters Step 6 Deploy the updates To deploy patches you must have e Administrative rights on the machine you are scanning e NETBIOS must be enabled on the remote machine The patch deployment agent GFI LANguard N S S 5 uses a patch deployment agent which is installed silently on the remote machine to deploy patches services packs and custom software The patch deployment agent consists of a service which will run the installation at a scheduled time depending on the deployment parameters indicated This architecture is much more reliable then without using a patch deployment agent The patch deployment agent is installed automatically without administrator intervention Note It is not uncommon that Microsoft retires patch files When this happens the information of that patch remains in the mssecure xml file since the patch was available at some point When this happens GFI LANguard NSS will report the patch as missing even though it can not be installed If you do not want to be informed about
71. on 1 0 through 1 4 and Version 2 0 through 2 2 but not Version 1 5 through 1 9 See the examples below e HTTP banner o Is o Is Not Note You can build expressions that check for Version 1 0 through 1 4 and Version 2 0 through 2 2 but not Version 1 5 through 1 9 See the examples below e SMTP banner o Is o Is Not Note You can build expressions that check for Version 1 0 through 1 4 and Version 2 0 through 2 2 but not Version 1 5 through 1 9 See the examples below e POPS banner o Is o Is Not Note You can build expressions that check for Version 1 0 through 1 4 and Version 2 0 through 2 2 but not Version 1 5 through 1 9 See the examples below e DNS banner o Is o Is Not Note You can build expressions that check for Version 1 0 through 1 4 and Version 2 0 through 2 2 but not Version 1 5 through 1 9 See the examples below e SSH banner o Is o Is Not Note You can build expressions that check for Version 1 0 through 1 4 and Version 2 0 through 2 2 but not Version 1 5 through 1 9 See the examples below e Telnet banner o Is o Is Not Note You can build expressions that check for Version 1 0 through 1 4 and Version 2 0 through 2 2 but not Version 1 5 through 1 9 See the examples below e Script o Returns True 1 o Returns False 0 6 Each option above has its own set of criteria as you can see that the vulnerability check can be based on If you are too general when creating a vulner
72. periodically This allows you to run a particular scan at night or early in the morning and can be used in conjunction with the results comparison feature allowing you to receive a change report automatically in your mailbox By default all scheduled scans are stored in the database Optionally you can save all scheduled scan results to an XML file one per scheduled scan This can be done by right clicking on the Scheduled 34 e Configuring GFI LANguard N S S LANguard Network Security Scanner Manual Scan node selecting properties enabling the Save Scheduled Scan option and specifying a path for the XML files E GFI LANguard N S S gt Currently Logged On User heduled Scans 3 8 2004 2 31 45 PM 1 Hours s scan the fileserver hourly 3 8 2004 2 28 22 PM 1 Day s scan sql server daily Result comparison Deploy Microsoft patches 8 Support Center 8 Knowledge Base 8 GFI LANguard N S S 8 GFI LANguard S E L M B GFI Network Server Monitor Configuring a scheduled scan To create a scheduled scan 1 In the GFI LANguard N S S security scanner program right click on the Configuration Scheduled scans New Scheduled Scan 2 This brings up the New Scheduled Scan dialog Teststation Properties 3 8 2004 y Creating a new Scheduled Scan LANguard Network Security Scanner Manual Configuring GFI LANguard N S S 35 In the New scheduled scan dialog
73. rating System hostname logged on user domain service pack share etc Add Filter Property TCP port ha Conditions dialog 5 Select which categories of information you want to see in the filter from the Report Items page LANguard Network Security Scanner Manual Filtering scan results 25 6 Click on ok to create the filter Advanced Properties xi General Report Items et Select the items that will be contained in HTML report ES NETBIOS Names amp amp B Computers SNMP Shares Groups Sessions y Trusted Domains Su sers Network Devices amp Services E Processes Local Drives Sl Remote TOD 19 Password Policy BIR egistry Y Installed Patches 59 Security Audit Policy lt lt SI SI SI S S S SI SI E S E Ex S S Cancel Apply Scan Filters Report items page This procedure will create a new permanent node under the Scan Filters node NOTE You can delete customize any filter under the Scan Filters node by right clicking on the filter and selecting Delete Properties depending on the operation you want to perform Example 1 Find computers with a particular missing patch You want to find all Windows computers missing MS03 026 patch this is the famous blaster virus patch Define the filter as follows 1 Condition 1 Operating system includes Windows 2 Condition 2 Hot fix patch is not installed MS03 026 Exampl
74. reliability of GFI LANguard N S S when determining the type of device it has found e Ethercodes txt this file contains a list of mac addresses and the associated vendor which has been assigned that particular range e ftp txt this file contains a list of ftp server banners that are used internally by LNSS to help identify what OS is running on that particular machine based on the ftp server running there e dentd txt this file contains identd banners that are also used internally by LNSS to identify the OS using banner information e Object ids txt this file has SNMP object ids and to which vendor and product they belong When GFI LANguard N S S finds a device that responds to SNMP queries it compares the Object ID information on the device to that stored in this file e Passwords txt this file has a list of passwords which are used to assert password weaknesses e Rpc txt this file contains a map between the service numbers returned by the rpc protocol and the service name associated with 36 Configuring GFI LANguard N S S LANguard Network Security Scanner Manual that particular service number When RPC services are found running on a machine normally Unix or Linux the information received back is compared to this file e Smip txt contains a list of banners and the associated OS As with the ftp and ident files these banners are used internally by LNSS to identify the OS running on the target machi
75. rm a trace route each hop has an icon next to it e v Indicates a successful hop taken within normal parameters lt A Indicates a successful hop but time required was quite long e amp indicates a successful hop but the time required was too long e X Indicates that the hop timed out i e it took longer then 1000ms LANguard Network Security Scanner Manual Whois Client PETER BEES File Tools ENE Help 4 New Scan Using Currently Logged On User Y User Name passu E Options El Query domain IP neme T gficom al 8 NOTICE AND TERMS OF USE You are not authorized to access or query our WHOIS Options a E database through the use of high volume automated electonic processes The Data in Network Solutions WHOIS database is provided by Network Solutions for information General amp purposes only and to assist persons in obtaining information about or related fto a domain name registration record Network Solutions does not guarantee its accuracy Whois server to query By submitting a WHOIS query you agree to abide by the following terms of use A You agree that you may use this Data only for lawful purposes and that under no ES circumstances will you use this Data to 1 allow enable or otherwise support C Use the following server the transmission of mass unsolicited commercial advertising or solicitations via e mail telephone or facsimile or 2 enable high vol
76. rs Current Scan p Ful report 1 212 93 140 65 10 10 1000 oat gt a 1 21253158202 1 11 00 uo o B missing patches 1 193 231 253 193 28 28 2900 7 Repeat trace every 5T seconds BP open ports 1 62231 127 130 46 46 46 00 E Open TCP ports 1 62 231 127 226 51 51 51 00 P Open UDP ports 1 62 231 127 74 63 63 63 00 Traceroute response settings P List of shares 1 195 656 224 105 141 141 141 00 Return timeout after ms 1000 E SNMP information 1 64 200 87 149 166 166 166 00 Timeout steps before stop 3 BP List of computers 1 64 200 240 46 340 340 340 00 Slow response icon after ms 250 F Ip address MAC addre 64 200 89 25 301 301 301 00 Very slow response icon after ms 600 T Result comparison 1 64 200 88 50 an an 341 00 Vj Deploy Microsoft patches 1 69 20 1 40 329 329 329 00 Vj Deploy custom patches 1 69 20 3 23 339 339 339 00 eE Tools 1 69 20 55 135 166 166 166 00 ip DNS Lookup S Traceroute Whois S Enumerate Computers S Enumerate Users Snmp Audit S Snmp Walk S SQL Server Audit E EH Configuration Scanning Profiles gis Scheduled Scans le Alerting Options gis Parameter Files i Database Maintenance E Bi General Z Program Updates Miliseconds Version Information a Ready Trace route tool This tool shows the network path that GFI LANguard N S S followed to reach the target machine When you perfo
77. rver Could Allow Arbitrary Code Execution 823436 B QMso2040 2003 10 03 Cumulalive Patch for Intemet Explorer 828750 msoao3 2003 09 10 Buffer Dverrun In RPCSS Service Could Allow Code Execution 824146 Qusosox 2003 09 03 Flaw in NetBIOS Could Lead to Information Disclosure 824105 msos035 2003 09 03 Flaw in Microsoft Word Could Enable Macros to Run Automatically 827653 M dMs03 036 2003 09 03 Buffer Overrun in WordPerfect Converter Could Allow Code Execution 18271031 i Advanced File mssecure xml Version 1 0 1 462 Last updated on 2 13 2004 372 bulletins Eind bulletin M503 043 Find You could search by entering a bulletin name e g MS02 017 or entering a ONumber e g 0311967 Configure which patches to check for when scanning with a particular profile The scanned patches tab allows you to configure whether this particular scan profile should check for missing patches and or service packs The tab lists all the patches that GFI LANguard N S S checks for You can disable checking for particular patches for this profile by un checking the tick box next to the patch bulletin The list of patches is obtained by downloading the latest patch list from the GFI website which in turn is obtained from Microsoft mssecure xml GFI obtains the list of patches of Microsoft and checks it for correctness since sometimes it contains errors LANguard Network Security Scanner Manual Configuring GFI LANguard N S S
78. s need to be deployed to those computers You have two views in which you can manage the deployment options 1 Sort by computers Select a computer and see which patches updates need to be deployed to it 2 Sort by patches Select a patch and see which computers are missing that update ES GFI LANguard N S S 91x Ele Tools Configure Help New Scan Using Currently Logged On User y User Name Password a Deploy Microsoft patches D z Configure which computers and which patch files are to be deployed Computer fiters Options Soit by computers Sort by patches Status i GFI LANguard N 5 5 E al Security Scanner Default Scan Filters Saved Result 3 BP Full report p ag Applic Download di BP High security alerts E Si 0 h a MS03 041 823182 Windows Server D Program Not downloaded EY security issues zl CQ WindowsServer2 MS03 043 828035 Windows Server D Program Not downloaded Missing patches El Q Direcix9 KB819 503 030 819696 Windows Server D Program Not downloaded F Open ports Direcix9 KB819 MS03 030 819696 Windows Server D Program Not downloaded E Open TCP ports El QENU 0832483 M504 003 832483 MDAC 28Gold D Program Not downloaded Y Open UDP ports F List of shares ESP SNMP information F List of computers ES Ip address MAC address Result comparison ES a Deploy Microsoft patches S Deploy
79. scription Vulnerability Name Short Description Security Level li ioSeuty BumqDURL A Time consumption Quick to execute ml Trigger condition _Checktype Detals Tip Right Click to add remove checks Cancel Apply Add new vulnerability check 3 Now enter the basic details such as the name short description security level URL if applicable You can also specify how long it takes to execute this check 4 Now right click in the Trigger condition list and select Add check 5 Now select Script from the Check type list 58 Adding vulnerability checks via conditions or scripts LANguard Network Security Scanner Manual Open L2 LX Look in E Scripts 0505 IS anon ftp upload vbs S oracle server vbs 9 3 anonymous ftp vbs 8 passworded sub7 vbs My Recent SS bugbear vbs simple whois vbs Documents 5 check For ms sql vbs S smtp_relay vbs E 5 citrix vbs amp solaris finger vbs sS crob ftp Format string vbs squid vbs Desktop S dtspcd vbs tomcat vbs IS fep_full_path_expose vbs 8 webmin_running vbs Kes s ie version vbs 3 jetdirect vbs S list_modems vbs gt 3 mail_exp_verify vbs r Bi mysql_version vbs ied E 3 old_squid vbs E open x vbs My Documents y MITOS Filename Open Places Files of type Script Files vbs y Cancel Select script containing the vulnerability checking code 6 Specify the location of the scr
80. session you will need to click on the patch and select Cancel Download Once the download completes the file will be placed in the correct directory for you LANguard Network Security Scanner Manual EY GFI LANguard 4S s BEE Ele Tools Configure Help 5 a New Scan Using Alternative Credentials User Name sandro test administrator Password ni Deploy Microsoft patches a Specify updates to apply and select Start to tart the deployment of updates Options Security Scanner Default E S Scan Filters Current Scan BP Ful report a 3 Vuinerabiities High securit gt Vulnerabiities Medium sec E ED 9323414 mdac EP Vunerabites AI E ES 610030 wk P missing patches and servic iae 0328170 W2K E Open Ports Ed Eb 0810833 wa Wf Open Shares BP Auditing Polides P Password Polices P Groups and users F Computer properties Result comparison Deploy Microsoft patches Deploy custom patches Tools ERI Configuration Scanning Profiles Sart by computers Sort by patches Status Scanned computers Language ication TZ SANDRO TEST Engish MS02 064 327522 Windows 200 MS02 065 329414 Windows 200 MS02 069 810030 Windows 200 M502 070 329170 Windows 200 M503 001 810833 _ Windows 200 Download directory a i Progam Fies GFINLANguard Netmork Securiy Sara E C Program Fies GFI LANguard Network Security Scan C Program Fies GFI LANguard Network Security Scan
81. settings are applied to Windows based computers in a corporate network This could allow the attacker to loosen settings on his or her own computer or impose tighter ones on someone else s Network administrators can help eliminate this issue by installing this update Deploy immediately Reset Stat r m Deon ves 16 2002 fa sor m I Downloading a patch from a web page with the download assistant Step 5 Patch file deployment parameters Optionally you can configure alternative deployment parameters on a patch by patch basis To do this 1 Right click on the patch file and select Properties 2 Optionally specify an alternative download source URL 3 Optionally specify command line parameters to use during deployment You can check to which bulletin a patch applies by right clicking on the patch file and selecting Bulletin Info LANguard Network Security Scanner Manual Patch Deployment 43 Patch properties F Program FilestGFIALA4N guard Network Security Scanner 5 0 Repo fz q Patch file properties Step 6 Deploy the updates After you have selected the computers to deploy the patches on and downloaded the patches you are ready for deployment Click Start at the bottom right to start deployment CETERA gt Alternative Credentials GFIMALTA nicka remises ILI Deploy Microsoft patches MS02 008 317244 Windows XP 9 KB819696 85
82. ssing service pack patch GFI LANguard N S S reports a link from where you can download the patch file as well as other information related to that bulletin Patches which are definitely missing are reported in the Missing patches and service packs nodes of the scan results Patches which cannot be confirmed whether they are installed or not due to lack of detection information are reported in the Potential vulnerabilities node of the scan results E e Non detectable patches 3 H E3 Windows Server 2003 Enterprise Gold EQ MDAC 2 8 Gold H 3 Information 3 Non detectable patches sample output in scan results tree Step 2 Select on which machines to deploy the patches After scanning the network the list of missing service packs amp patches will be listed in the scan results window To deploy the missing updates you have to select which computers you want to update Patches can be deployed on one machine all machines or on selected machines To deploy missing patches on one computer Right click on the computer you want to update Deploy Microsoft updates gt type of update gt This computer To deploy missing patches on all computers Right click on any computer in the result tree Deploy Microsoft updates gt type of update gt All computers To deploy missing patches on selected machines Use the check boxes on the left hand side of the scan results to select which machines you want to update
83. t is ok shares A Slow Networks IC Regist Vulnerabilties 4 QPOP 24 An attacker could execute commands a FSP SNMP information H Pre vura 2 QPOP 2 4betat An altacker could execute commands a EP Ust of computers EMO Poen dede 8 Qualcomm QPopper Bulletin Nam A local user can cause a buffer overflow BF 1p address MAC address IGA Information Remote Buffer Overflow in Send Sendmail versions from 5 79 to 8 127 a S Result comparison 9 Sendmail 8 5 An attacker is able to execute comman Vj Deploy Microsoft patches Sendmail 8 6 An attacker is able to execute comman S Deploy custom patches E 8 Sendmail 86 9 ident vulnerability An attacker could run commands as root E 8 Tools Sendmail 8 8 4 An attacker could run arbitrary code til configuration E Sendmailis older than 812 3 Various buffer overflows can be found i AA f Sendmail privil Jation 1 A local id s ma t privilege excalation 1 A local user could gain root access E Alerting Options Sendmail privilege excalation 2 A local user could gain root access Paneer Hs Sendmail privilege excalation 3 A local user could gain root access 2 Database Mantenarce 8 Sendmail privilege excalation 4 A local user could gain root access amp Bi General E SMTP server allows relaying Your mail server allow remote users to s 2 Program Updates Version Information Licensing E How to purchase Support Center Knowledge Base amp GFI LANguardN 5 S 4
84. these missing patches you will need to disable checking for that particular bulletin from GFI LANguard N S S gt Configuration gt Scanning Profiles gt Patches Step 1 Perform a scan of your network GFI LANguard N S S discovers missing patches and service packs as part of the security scan It does this by comparing registry settings file date time stamps and version information on the remote machine using information provided by Microsoft in the mssecure xml file LANguard Network Security Scanner Manual Patch Deployment 39 First GFI LANguard N S S detects which products for which it has patch information are installed on the target machine for example Microsoft Office After it has done that it checks what patches and service packs are available for that product and posts the missing patch information in the Missing patches node of the high security vulnerabilities node Missing Patches 2 E E Windows Server 2003 Enterprise Gold amp 3 MS03 041 823182 Title Vulnerability in Authenticode Verification Could Allow Remote Code Executic Reason Wrong file version 5 131 3790 0 for file 192 168 100 158 D WINC 35 Date posted 2003 10 15 Date revised 2003 10 15 amp URL http download microsoft com dovwnload 0 1 2 0126e70b 7872 404c 97t 3 M503 043 828035 m e Medium security vulnerabilities 1 E e Low security vulnerabilities 5 Missing patch sample output in scan results tree For each mi
85. troubleshooter and follow the instructions in the application In addition to collecting all the information it also asks you a number of questions Please take your time to answer these questions accurately Without the proper information it will not be possible to diagnose your problem Then go to the support directory located under the main program directory ZIP the files and send the generated files to support gfi com LANguard Network Security Scanner Manual Troubleshooting 65 Ensure that you have registered your product on our website first at http www gfi com pages regfrm htm We will answer your query within 24 hours or less depending on your time zone Request support via web chat You may also request support via Live support web chat You can contact the GFI support department using our live support service at http support gfi com livesupport asp Ensure that you have registered your product on our website first at http www gfi com pages regfrm htm Request support via phone You can also contact GFI by phone for technical support Please check our support website for the correct numbers to call depending on where you are located and for our opening times Support website http support gfi com Ensure that you have registered your product on our website first at http www gfi com pages regfrm him Web Forum User to user support is available via the web forum The forum can be found
86. ume automated electronic processes that apply to Network Solutions or ts computer systems The compilation repackaging dissemination or other use of this Data is expressly prohibited without the prior written consent of Network Solutions You agree not to use high volume automated electronic processes to access or query the WHOIS database Network Solutions reserves the right to terminate your access to the WHOIS database in its sole discretion including without limitation for excessive querying of the WHOIS database or for failure to otherwise abide by this policy Network Solutions reserves the right to modify these terms at any time Whois Server Version 1 3 Domain names in the com and net domains can now be registered with many different competing registrars Go to http www intemic net for detailed information Po Domain Name GFI COM Registrar THE NAME IT CORPORATION DBA NAMESERVICES NET vois Server whois aitdomains com Referral URL http www aitdomains com Name Server SERVER1 GFI COM Name Server SERVER3 GFI COM Status Updated Date 22 aug 2003 Creation Date 03 aug 1995 Expiration Date 02 aug 2005 gt gt gt Last update of whois database Sun 7 Mar 2004 19 13 53 EST lt lt lt NOTICE The expiration date displayed in this record is the date the registrar s sponsorship of the domain name registration in the registry is currently set to expire This date does not necessarily reflect the
87. w up in log files across the board Unix logs web servers etc will all show the attempt from the machine running LANguard Network Security Scanner If you are not the sole administrator at your site make sure that the other administrators are aware of the scans you are about to run Performing a Scan The first step in beginning an audit of a network is to perform a scan of current network machines and devices To begin a new network scan 1 Click on File New 2 Select what to scan You can select the following a Scan one Computer This will scan a single machine b Scan Range of Computers This will scan a specific range of IP s c Scan List of Computers This scans a custom list of computers Computers can be added to the list by selecting them from a list of enumerated computers by entering them one by one or by importing the list from a text file d Scan a Domain This scans an entire windows domain 3 Depending on what you want to scan input the starting and ending range of the network to be scanned 4 Select Start Scan LANguard Network Security Scanner Manual Getting Started Performing an Audit e 13 a Range of computers v Performing a scan LANguard Network Security Scanner will now perform a scan It will first detect which hosts computers are on and only scan those This is done using NETBIOS probes ICMP ping and SNMP queries If a device does not answer to one of th
88. you can configure 1 Scan target Specify the computer names or IP range that you wish to scan You can specify the scan target as follows i Host name e g ANDREMDEV ii IP address e g 192 168 100 9 iii Range of IP s e g 192 168 100 1 192 168 100 255 iv A text file with a list of computers e g file c test txt complete path to the file Each line contained in the file can take any of the formats or targets specified in 1 2 or 3 2 Scanning Profile Select the scanning profile to be used for this scheduled scan 3 Next scan Specify at what date and time you wish the scan to start 4 Perform a scan every Specify if you wish the scan to be run once or periodically 5 Description This will show up in the scheduled scan list Click OK to create the scheduled scan To analyze view the scan results of a scheduled scan you must specify the scan results XML file of that scheduled scan in the scan filters node To do this 1 Right click on the Scan Filters main node and select Filter saved scan results XML file 2 Specify the Scan results XML file of the scheduled scan 3 The filter nodes will now display data from the scheduled scan results file Parameter files The parameter files node provides a direct interface to edit various text based parameter files that GFI LANguard N S S uses Only advanced users should modify these files If these files are edited wrongly it will affect the
89. yptographic Services Running Automatic Deploy Microsoft patches Users 14 PIS Distributed File System Running Automatic cay Deploy custom patches essions 1 dil Dhcp DHCP Client Running Automatio ES Tools es 118 dil dnadmin Logical Disk Manager Administrative Running Manual E Configurati 3 Hii Configuration dmserver Logical Disk Manager Running Automatic wangii i Dnscache DNS Client Run Automatic pisi nsca ien unning utomal F os B elementmar Web Element Manager Running Automatic n gig Parameter Files i Database Maintenance E General X Program Updates Version Information 8 Licensing 8 How to purchase ompleted securi gt Support Center Scan time 48 seconds B Knowledge Base pe aonana ISP manasasnannn 4B GFI LANguard N 5 5 8 GFI LANguard 5 E L M Bh GFI Network Server Monitor parias OMPLETED SECURITY SCAN FOR MACHINE RANGE 127 0 0 1 Analyzing the results 14 Getting Started Performing an Audit LANguard Network Security Scanner Manual After a scan nodes will appear under each machine that GFI LANguard N S S finds The left pane will list all the machines and network devices Expanding one of these will list a series of nodes with the information found for that machine or network device Clicking on a particular node will display the scanned information in the right pane GFI LANguard N S S will find any network device that is currently turned on when doing a network
Download Pdf Manuals
Related Search