GFI LANSSMCREN2000-2999-1Y network monitoring software
Contents
1. GFI LANguard 9 0 ReportPack Manual By GFI Software Ltd http www gfi com E mail info gfi com Information in this document is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of GFI SOFTWARE Ltd Last updated A September 2009 Version LANSSRP RP EN 01 00 00 Contents 1 Introduction 1 1 1 About GFI ReportCenter 1 1 2 About the GFI LANguard 9 0 ReportPack 2 1 3 Components of the GFI LANguard 9 0 ReportPack 2 1 4 Key features 4 2 Installation 7 2 1 System requirements 7 2 2 Installation procedure 7 2 3 Launching the GFI LANguard reports for GFI ReportCenter 8 2 4 Selecting a product 8 3 Getting started Default reports H 3 1 Introduction 9 3 2 Generating a default report 9 3 3 Analyzing the generated report 13 3 4 Adding default reports to the list of favorite reports 14 4 Custom reports 15 4 1 Introduction 15 4 2 Creating a new custom report 15 4 3 Configuring data filter conditions 18 4 4 Run a custom report 23 4 5 Editing a custom report 23 4 6 Deleting a custom report 24 4 7 Adding custom reports to the list of favorite reports 24 5 Scheduling reports 25 5 1 Introduction 25 5 2 Scheduling a report 25 5 3 Configuring advanced settings 27 5 4 Viewing the list of schedul2. When more than one product ReportPack is installed use the Product Selection drop down list to select the GFI product ReportPack to be used Product Selection Lat LANguard GFI LANgua Screenshot 2 Product Selection drop down list For example to run the reports provided in the GFI LANguard ReportPack 1 Launch GFI ReportCenter from Start gt Program Files gt GFI ReportCenter 2 Select GFI LANguard 9 0 from the Product Selection drop down list NOTE Select the ALL PRODUCTS option to display and navigate all the ReportPacks that are currently installed in GFI ReportCenter 8 e Installation GFI ReportCenter 3 Getting started Default reports 3 1 Introduction After installing the GFI LANguard ReportPack a number of specialized pre configured reports can immediately be generated on the data stored in the database backend of GFI LANguard These default reports are organized into the following categories e Vulnerabilities Assessment reports Use the reports in this category to identify vulnerabilities detected on the network as well information on network patches and service packs installed or awaiting deployment The reports include vulnerability details such as host machines operating systems affected and severity e Network and software audit reports Use the reports in this category to display detailed information on hardware and software present on the network These reports help management in analyzing
3. 18 e Custom reports GFI ReportCenter GFI ReportCenter Custom Report Wizard Add Filter Properties Data Alters Specify any filters that sh US Filter Condition Properties Fitter Property Information Filter condition to add Property Hostname Filters a Operating system Equal Conditions Equal to M Value Mark Filter property condition when added and Summary Determine if hostname is equal to Mark lt Back Ad Il Cancel Screenshot 13 Filter conditions configuration dialog For more specific reports you can limit the range of information to be displayed by tightening your conditions search criteria This is achieved by configuring and applying multiple data filters against the selected data source When more than one filter is used specify how these filters will be logically linked This is achieved by selecting a logical grouping condition from Filter property condition drop down list e Select And to include ALL the scan data information that satisfies ALL of the conditions specified in the filters e Select Or to include ALL the scan data information that matches at least one of the specified filter conditions Custom reports e 19 Example Using multiple filters Consider the situation where a custom report has 2 filters configured as follows Add Filter Properties Add Filter Properties CFS Filter Condition Properties CFS Filter Condition Properties Filter Property Informati
4. D Hame Remark ADMIN Remote Admin G share CF Defaultshare CO Drive F HA D share CF Defaultshare E share EF Defaultshare IFC Remote IFC AP Frot SP2 VAPGE AA Open Ports D TOP Got 4 593 Full Port Lisi 2 707 Full Port Lisi 2 105 Full Port Lisi 2 1703 Full Port List 1 807 Full Port List 139 Netbios ssn gt NETBIOS Session Gendcel IDF Forts 40001 Full Port List 4 942 Full Port List ASR DF ull Port l ist Screenshot 83 Sample report showing system information List showing USB devices blacklisted USB devices network cards and black listed wireless devices D Share folder details for each host machine including name and remarks D Open port details for each host machine including port number and name GFI ReportCenter Appendix GFI LANguard default reports e 69 Binstalled Applications ENEE Ses Secs Publisher YWersian Ad Aware SE Personal Edition Lavasoft 1 06 Adobe Flash Players Actes Adobe Systeme J Adobe Reader OD Adobe Systems Incorporated 70S ATI Display Driver CCleanertremovwe onhi F Prot Antivirus tor Wind ove Gadwin PrintScreen Gadwin Systems Inc 3 5 Fl Eventshanager Report Pack GEI Sotware Ltd TU 2000 LL FI LANguard Network Security Scanners 0 FI 5 0 Fl Report Center Framework GEI Sothware 35 Inauthorized A Application Hame Publisher Ad Aware SE Personal Edition Lavasott 1 06 Adobe Flash Players Acthes Adobe Systems H ATI Display Driv
5. Operating System Service Pack Windows XP 2 Total Space Free Space File System Type C 14 65 GB 9 20 GB NTFS D 23 62 GB 312 30 MB NIFS Screenshot 87 Sample report showing disk utilization o Host machine IP and name Appendix GFI LANguard default reports e 71 Disk utilization details for each host machine including drive name file system type total storage space and free storage space Use this report to e List disk utilization information for each host machine including file system type total space and free space 8 2 7 Groups and users Operating 4 tiem Sarebte Face a Ainda e Adminlik ere EE onder dome Membe RCS havi AS Adds Gio HS 24 SS j Bacup Opry Beck Cerio cer erie senmi ee cio rte oe pupas Cd cing ees iori es Gu rit ess hae Ge ee es eee od te Line Ip Fe dete ocept forthe Gusin coan whch E baer maii Heta ee Hon Dorai Members nis gmap can hare some admins ee pe Powar Uwt Power as Goes os Cd ess eee poes w STE m r Tees PowerUsess can nmi legacy anplis in additiontocetifed Sreksbre Foros Derkiop Ut kembes nis growo ane gariad Replika ones e mpila ha dorea Uram Ukan ae perea im meking Scchiezbsi orhi ride channe Ths Users canna cri aed icons tieren a a Filigi age scm Hee SCSET RSA ACCOUNT CATT Ballin eoooene kor eins being the compuiestiovs Les on 5dan SO CS Fas cere 4 das amp Fam 17 moles 10 seco Login SE Bad Fess ace
6. e To 5 11 2009 12 59 59 PM NOTE Date and time format are based on the regional settings configured on your computer 4 Click Next to generate the report 12 e Getting started Default reports GFI ReportCenter 3 3 Analyzing the generated report GFI ReportCenter OFI ReportCenter 3 6 D fame File Tools Help gt S OROeI OBE Panes Product Selection GFI LANguard 3 0 Reno Pack MN A KN Se L Gi 7 Vulnerability Assessment E Network Vulnerability Trend i E Vulnerability Distribution by Host Se Vulnerability Distribution by Operating Syster Sei Security Scans History Vulnerability Listing by Category En Vulnerability Listing by Host 9 Vulnerability Listing by Product Current Page No 2 Total Page No 16 Screenshot 6 Generated reports are displayed in the right pane of the management console Generated reports are shown in the right pane of the GFI ReportCenter Use the toolbar at the top of the report pane to access common report related functions Report browsing options dd Browse the generated report page by page A Zoom in Zoom out A Search the report for particular text or characters Go directly to a specific page s Breakdown the report into a group tree e g by date time fe Print report Report storage and distribution options T Export the generated report to a specific file format PL Distribute the generated report via email NOTE For information
7. 2 e Introduction GFI ReportCenter GFI ReportCenter GFI Report Center framework The GFI Report Center framework is the management console through which you can generate the specialized product reports which are shipped with a product ReportPack The GFI Report Center framework offers a common application interface through which you can navigate generate customize and schedule reports GFI ReportCenter 3 6 File Tools Help d Panes Product Selection Default Reports 2 8 GFI LANguard 9 0 ReportPack a E Vulnerability Assessment Network Vulnerability Summary E Network Vulnerability Trend Vulnerability Distribution by Hos Vulnerability Distribution by Ope E Security Scans History 8 Vulnerability Listing by Categon t Current Page No 2 Total Page No 25 Zoom Factor Page width Screenshot 1 The GFI ReportCenter management console The GFI ReportCenter management console is organized as follows Navigation Pane Use this pane to access the navigation buttons configuration options provided with GFI ReportCenter Product Selection drop down list Use this drop down list to select the GFI product for which to generate reports The Product Selection drop down list displays all the products for which you have installed a ReportPack Favorite Reports Use this navigation button to access your favorite most used reports For more information on how to add reports to this list r
8. 30 2008 2 07 54PM Dates Scan reference 80 143 32 1 24 Scan profile Full Scan Andrew i 2 NetBIOS alerts Service vulnerability OVAL 1079 MS CIFS Spoofed Browse Frame Request Vulnerability has been removed service vulnerability OVAL 999 Hyperlink Object Buffer Overflow Vulnerability has been removed service vulnerability SNMP service is enabled on this host has been removed Screenshot 101 Sample report showing network security log by date o Network security scans to be compared o Host machine on which the comparison was made List of differences found between comparisons for each host machine Differences are grouped by category including backdoors missing hot fixes password policy USB devices and applications Use this report to e Compare results of consecutive scans that have a common profile and target grouped by scan date GFI ReportCenter Appendix GFI LANguard default reports e 81 8 3 2 Network security log by host Compare Scans from 10 24 2008 2 07 54PM and 10 27 2008 2 07 54PM Dates Scan reference 80 143 327 1 24 Scan profile Full Scan 2 General Host Host only exists in second scan skipped Compare Scans from 10 27 2008 2 07 54PM and 10 28 2008 2 07 54PM Dates Scan reference 80 143 37 1 34 Scan profile Full Scan Automatic Remediation Automatic remediation performed Patch Installation MS08 06 955644 KB958644 Automatic remediation
9. 32 233 Andy Windows XP 1 Vulnerability of for Security Update Windows Media Player for AP Product Windows Timestamp 2004 01 12 Affected Hosts Operating System Windows lt P 1 Screenshot 59 Sample report showing vulnerability listing by category o Vulnerability details including name description and severity GFI ReportCenter Appendix GFI LANguard default reports e 55 List of host machines affected by each vulnerability detected Use this report to e List detected vulnerabilities grouped by category and the host machines affected by each vulnerability 8 1 7 Vulnerability listing by host 00 143 32 140 Jane Operating System Windows XP Service Pack 2 23 67 Total Host Vulnerabilities I Total Network Vulnerabilities 300 Total Host Total Network 23 67 HK Category Missing Updates Product Windows Timestamp 2006 12 12 Severity Critical Cumulative Security Update for Internet Explorer for Windows XP KB925454 Category Missing Updates Product Windows Timestamp 2006 12 12 Severity Important Cumulative Security Update for Outlook Express for Windows XP KB923694 Screenshot 60 Sample report showing vulnerability listing by host od Host machine details on which vulnerabilities were detected O Vulnerability count for each host also shown as a percentage of total vulnerabilities detected on the network List of vulnerability details for each host in
10. 79 Sample report showing software audit o List showing the top 10 host machines with unauthorized applications List showing the top 10 unauthorized applications GFI ReportCenter Appendix GFI LANguard default reports e 65 Chart displaying the status of security applications on host machines List showing the top 20 installed applications Use this report to e Identify unauthorized applications installed on host machines detected during network security scans e Identify the top 10 host machines with unauthorized applications e Identify the top 10 unauthorized applications with highest number of installations e Identify the top 20 installed applications e Graphically represent the number of host machines without security applications or with security applications not updated 8 2 2 Operating system and service pack distribution Operating System Distribution Windows XP x64 Windows 2000 E Windows 2000 14 3 E Windows XP 14 E Windows XPx64 14 3 Total 100 0 Number of Hosts L gt Windows 2000 Windows AP Windows XP x64 0 tins l Service Pack Number of Hosts Windows 2000 4 1 Windows XP 1 1 Windows XP 2 3 Windows XP Gold L Windows XP x64 L O Screenshot 80 Sample report showing operating system and service pack distribution 66 e Appendix GFI LANguard default reports GFI ReportCenter Chart displaying distribution percentage of each operating system
11. Files GFI LANguard9 Data scanresult mdb 5 Click on OK to finalize your configuration settings GFI ReportCenter Configuring default options e 41 6 4 Viewing the current database source settings GFI ReportCenter 3 6 He Tools Help 4 gt 2il pats GFILANguard GEI LANgquard 9 0 ReportPack z OF LANguard 9 0 ReportPack Options sg g Copyright jo 2008 GFI Software Ltd at GFI LANguard 9 0 ReportPack H Database Source Database Type M5 Access wire Database Path C Program FilesvGFILAN guard 9 0 ER Import Export Configuration ZES ai ad Database Source Selection inf T Version Information Ee P Licensing NOTE To change the database backend between different database types right click on Database Source and select Set Database Source 2008 All rights reserved GFI Software Ltd Screenshot 40 Database source configuration settings After configuration you can view the current database source settings by clicking on the Database Source node 6 5 Configuring default scheduling settings To configure the default settings to be used by scheduled reports ell GF ReportCenter 3 6 file Tools Help Panes v LANguard 9 ReportPack Screenshot 41 Default scheduling options node 1 From the pull down menu click on the Tools gt Default Scheduling Options 2 Configure the required parameter as described in the Configuring Advanced Settings section of the Scheduling Re
12. Mark for January 2009 This report will be based on scans e Related to a host named Mark e Corresponding to operating system Windows XP e Performed during the month of January 2009 20 e Custom reports GFI ReportCenter GFI ReportCenter To create this report 1 Click on the Default Reports navigation button 2 Right click on the report to be customized and select New gt Custom Report This will bring up the Custom Reports Wizard 3 As soon as the welcome dialog is displayed click Next Custom Report Wizard Scan or date time range Specify the scan or date time range on which to base the report GC Reports are based on the secunty scan results collected during past network security scans Select the scan results on which this report will be based Last Scan Use this option to generate reports based on data collected during the latest network Secunty Scan C 7 Particular Scan Use this option to generate reports based on data collected during a particular network secunty scan Scans over a date time range Use this option to generate reports based on the scan results data collected during a specific date time period Screenshot 15 Selecting the data source to use 4 Select the Scans over a date month range option and click Next Custom Report Wizard Date Time Select the date time period on which to base the report GC Reports based on date and time will gather all sca
13. PM A 192 168 3 66 Full scan 5 8 2009 12 39 42 PM A 192 168 3 66 Full scan 5 8 2009 12 33 08 PM A localhost Full scan 5 8 2009 11 00 14 AM d Screenshot 9 Selecting the scan data source to use 4 lf using the Particular Scan option select the required scan s from the list of network security scans carried out on the corporate network Click Next to continue Custom Report Wizard Add Filter Properties x Data Alters Specify any fiters that shy LH Filter Condition Properties Fitter Property Information Filter condition to add Property Hostname Filters a Operating system Equal Conditions Equal to Value Mak SS Filter property condition when added Summary Determine if hostname is egual to Mark Screenshot 10 Specifying data filter conditions 5 Configure the data filter conditions that will be applied against the selected data source Click Next to continue 16 e Custom reports GFI ReportCenter GFI ReportCenter Custom Report Wizard Date Time Select the datetime period on which to base the report Q Reports based on date and time will gather all scans made during the selected time period and will generate results based on information found during these scans Relative Today m E Day Monday ay 11 2005 Month May 2009 Date range 5 11 2005 4 21 37 F 5 11 2009 4 71 37 PM Screenshot 11 Configuring custom date time period 6 If using the Scans over a date time range
14. Report Name The names of the default or custom report s that will be generate e Last Generation Indicates the date time when the report was last generated e Next Generation Indicate the date time when the report is to be next generated e Description The description that you have entered for each schedule e Report Pack The GFI LANguard version that created the report 30 e Scheduling reports GFI ReportCenter 5 5 Viewing the scheduled reports activity OF ReportCenter 3 6 He Tools Help 4 gt jE Panes A Scheduled reports activity list Product Selection Date Product Name GFI LANguard 9 0 ReportPack 5 12 2009 8 56 04 AM GEI LANguard 9 0 ReportPack LO 5 12 2009 8 56 04 AM GEI LANguard 9 0 ReportPack Scheduled Reports Eis 12 2009 8 55 59 AM GFI LANguard 9 0 ReportPack gege 5 12 2009 8 55 59 AM GEI LANguard 9 0 ReportPack G GFI LANguard 9 0 ReportPack Ge gie P berg Bes geg LU 5 12 2009 8 55 51 AN GEI LANguard 9 0 ReportPack W F Scheduled Lee 95 12 2009 8 55 51 AN GFI LANguard 9 0 ReportPack GORY 12 2009 8 55 45 AM GFI LANguard 9 0 ReportPack i 5 12 2009 8 55 45 AM i 5 12 2009 8 55 38 AM 7 5 12 2009 8 55 38 AM 95 12 2009 8 55 33 AM i 5 12 2009 8 55 33 AM 7 5 12 2009 8 55 26 AM i 5 12 2009 8 55 26 AM 95 12 2009 8 55 20 AM 75 12 2009 8 55 20 AM G 5 12 2009 8 55 14 AM UD 5 12 2009 8 55 14 AM 5 12 2009 8 55 09 AM GEI LANquard 9 0 ReportPack GFI LANguard 9 0 ReportPack GFI
15. Server 3 Select MS SQL Server as the database type from the provided list of supported databases 4 Specify the name or IP address of your MSDE MS SQL Server database backend 5 To use the credentials of an SQL Server account select the Use SQL Server authentication option and specify the user name and password in the provided fields NOTE By default the GFI LANguard ReportPack uses Windows logon credentials to authenticate to the SQL Server 40 e Configuring default options GFI ReportCenter 6 Click on OK to finalize your configuration settings 6 3 Configuring database source Microsoft Access To configure Microsoft Access as your database source 1 Click on the Options navigation button 2 Right click on the Database Source node and select Set Database Source This will bring up the database source configuration dialog Database Source Database Source Database settings T Database Type MS Access nad Please specify the full path including filename of the database backend C Program Files GFI LANQuard 9 0 Data scanrest Browse Screenshot 39 Database source configuration dialog MS Access 3 Select MS Access as the database type from the provided list of supported databases 4 Specify the complete path to the database backend If the database source is not stored locally specify the complete path using Universal Naming Convention UNC e g Security_Server Program
16. XP 0 0 0 3 1 0 0 0 0 0 1 0 0 0 0 A SP Gold Windows XP 0 0 0 10 1 0 0 0 0 0 4 0 H 3 2 SP 2 Windows XP 0 H H 3 1 1 H H H 0 0 0 0 0 o at SP 1 Windows XP x64 0 H H 5 H H 0 0 o 0 H H 0 H o H SP 1 Screenshot 56 Sample report showing vulnerability distribution by operating system List of operating systems and service packs affected by one or more vulnerabilities 2 The number of low medium and high severity vulnerabilities detected on each operating system The number of vulnerabilities detected on each operating system distributed by vulnerability category Use this report to e Generate statistics showing vulnerability counts for each operating system 8 1 5 Security scans history Most Scanned Systems Least Scanned Systems IP address Host Name ol IP address Host Name 60 143 32 233 Andy 6 62 160 102 176 steve 4 00 143 32 226 GamesPG 62 168 102 175 Julia 060 143 3222 Jo 60 143 32 226 GamesPc 60 143 32 211 Andrew 80 143 32 221 Joe 80 143 32 140 Jane 60 143 32 211 Andrey 2 165 102 176 Steve 0 143 342 140 Jane 62 160 102 175 Julia 60 143 32 233 Andy Most Used Profiles Profile Count Full Scan 4 Ping them All 2 Screenshot 57 Sample report showing security scans history List showing the host machines with the highest number of scans and the respective scan count List showing the host machines with the lowest number of scans and the 54 e Appendix GFI LANguard default reports GFI Repor
17. can be downloaded as an add on to the GFI product GFI ReportCenter Introduction e 1 GFI Product 2 ReportPack GFI Product 1 ReportPack GFI Product 3 ReportPack REPORT CENTER FRAMEWORK GFI Product X ReportPack Figure 2 Several Report Packs plugged into the GFI Report Center framework A ReportPack plugs into the GFI Report Center framework allowing you to generate analyze export and print the information generated through these reports 1 2 About the GFI LANguard 9 0 ReportPack The GFI LANguard ReportPack is a full fledged reporting companion to GFI LANguard GFI LANguard It allows you to generate graphical IT level technical and management reports based on the network security audits carried out by GFI LANguard From trend reports for management ROI to daily drill down reports for technical staff the GFI LANguard ReportPack provides you with the easy to view information required to fully identify any vulnerability on your corporate network The GFI LANguard ReportPack allows for the creation of various graphical and text based reports related to e Vulnerability assessment reports e Network and software auditing reports e Results comparison reports 1 3 Components of the GFI LANguard 9 0 ReportPack When you install the GFI LANguard 9 0 ReportPack the following components are installed e GFI Report Center framework e GFILANguard 9 0 default reports e Report scheduling service
18. conformance with corporate security policy e Results comparison reports Use the reports in this category to compare results of consecutive network scans that have a common profile and target and of computer scans against a computer used as benchmark GFI LANguard default reports are accessed by clicking on the Default Reports navigation button provided in the navigation pane 3 2 Generating a default report GFI ReportCenter To generate a default report 1 Click on the Default Reports navigation button to bring up the list of default reports available Getting started Default reports e 9 Default Reports Hosts Severity Level Distributon ve E Netw Run lt For Last Scan BR Wes Arid To Favart lek For Last 7 Days en Gell WUINE Secu For Last 30 Days ES Vulne Ne ee a E mee For Custom Date ma Vulnerability Listing by Host _ High E Vulnerability Listing by Product Ei Vulnerability Listing by Severity Seng i Open Trojan Ports by Host l us i Top SANS Vulnerabilities Statu E Vulnerable Hosts Based on Vu en fl Vulnerable Hosts Based on Op Hosts Vulnerability Level Distribution E Open Trojan Ports E Network Patching Status 8 Missing Patches Grouped by H gt i Missing Patches Grouped by C jg Missing Patches Grouped by gy Installed Patches Grouped by r mt j Screenshot 3 Selecting the data set 2 Right click on the report to be generated selec
19. navigation button you can configure the following parameter Database source Use this node to specify the database backend from where the ReportPack will extract the required reporting data Through the Tools menu you can configure the following parameters GFI ReportCenter Configuring default options e 39 e Default scheduling settings Use this menu option to configure the default export to file parameters and report emailing parameters of scheduled reports You can also backup your configuration settings for the ReportPack through the Import Export Configuration node in the Options section Exported configurations may be imported into a separate GFI ReportCenter instance provided that the same ReportPacks are installed on both instances 6 2 Configuring database source Microsoft SQL Server To configure MS SQL Server your database source 1 Click on the Options navigation button 2 Right click on the Database Source node and select Set Database Source This will bring up the database source configuration dialog Database Source PS Database Source Database settings ge Database Type J MS SQL Server 4 Please specify the name or F of the machine containing the SQL Server MSDE database to use Server SQL Server L dl Use SQL Server Authentication User sa Password OK Cancel Jl Apply Screenshot 38 Database source configuration dialog SQL
20. on how to configure report storage and distribution options refer to the Configuring Advanced Settings section in this manual Getting started Default reports e 13 3 4 Adding default reports to the list of favorite reports Default Reports El yH Vulnerability Assessment Add To Favorites List Mew E ue aomy US Dy Caregury E Vulnerability Listing by Host SS Vulnerability Listing by Product Screenshot 7 Favorite Reports navigation button You can group and access frequently used reports through the Favorite Reports navigation button To add a default report to the list of favorite reports 1 Click on the Default Reports navigation button to bring up the list of available reports 2 Right click on the default report that you to be added to favorites and select Add to favorites list 3 Click Yes to confirm 14 e Getting started Default reports GFI ReportCenter 4 Custom reports 4 1 Introduction GFI ReportCenter allows you to create custom reports which are tailored to your reporting requirements This is achieved by building up custom data filters which will analyze the data source and filter out the information that matches the specified criteria 4 2 Creating a new custom report GFI ReportCenter To create a custom report 1 Click on the Default Reports navigation button 2 Right click on the default report to be used as template and select New gt Custom Report This will bring up the Cu
21. perfomed Patch Installation M306 065 9571071 KB951071 Automatic remediation perfomed Patch Installation MS06 062 953155 KB953155 Automatic remediation performed Patch Installation Not Available 956391 Activex Kullbits for Windows 2000 KB956391 Automatic remediation performed Patch Installation MS08 063 95 095 KB95 7095 Automatic remediation perfomed Patch Installation Not Available 890630 Removal Tool October 2008 KB890830 Y Screenshot 102 Sample report showing network security log by host o Host machine on which the comparison was made Network security scans which were compared List of differences found between comparisons for each host machine E Differences are grouped by category including backdoors missing hot fixes password policy USB devices and applications Use this report to e Compare results of consecutive scans that have a common profile and target grouped by host machine 82 e Appendix GFI LANguard default reports GFI ReportCenter 8 3 3 Baseline changes comparison Scan date amp time 10 30 2008 2 07 54PM Scan reference 80 143 32 1 24 Scan profile Full Scan Operating System Windows XP Service Pack 2 Comparing benchmark computer with hosts from scan session Scan date amp time 10 24 2008 2 07 54PM Scan reference 80 143 32 1 24 Scan profile Full Scan 2 60 143 32 211 Andrew Operating System Service Pack W
22. the time schedule to be used to automatically generate the report GC Scheduled reports can be generated either once using a specific date and time or else re generated using a time frame starting from a specific time O Generate this report once on the following day time 6 19 56 Ph i in Ier DH in l l LOD in Generate this report every tenai Start date time 5 11 2009 le 5 19 56 PM lt Back Next gt Screenshot 20 Report Scheduling Wizard Time schedule dialogue 4 Specify the report scheduling parameters date time frequency Click on Next to continue Schedule Report Wizard Advanced Settings t distribution and storage options S You can send the generated report by email to a target recipient list or save the generated report in a folder on your file system Click on the Settings button of the relevant section in the dialog to further configure report sending saving options Customize rena Export to file 00 Click on the Settings button to customize the report storage options and specify the file format and destination folder where this report will be stored settings Send by mail Click on the Settings button to customize and configure the email settings which will be j used for report distribution Settings E Screenshot 21 Report Scheduling Wizard Advanced Settings dialog 5 To export the generated report to file select the Export to fil
23. 0 Jane Operating System Windows XP Service Pack 2 Open Port Count 4 1 Err r32 Eclipse 2000 Sanctuary Exploiter Freddyk Kid Terror Schwindler Sensive Winsp00fer 2 Duckto Screenshot 63 Sample report showing open Trojan ports by cost Details of host machines having open ports associated with Trojans List of open ports for each host and the names of Trojans targeting each port Use this report to e List open ports grouped by host machine which could potentially serve as a backdoor for Trojans 8 1 11 Open Trojan ports Top 20 most common backdoors scription Exploiter FreddykK Kid Terror Schwindler Sensive Winsp0O0fer Ducktoy 1 Eclipse 2000 Sanctuary 1 Err0r3 1 CH Screenshot 64 Sample report showing open Trojan ports List showing the most common open Trojan ports detected on the network Use this report to e List the 20 most common open ports found on the network which could potentially serve as a backdoor for Trojans 58 e Appendix GFI LANguard default reports GFI ReportCenter GFI ReportCenter 8 1 12 Top SANS vulnerabilities status 2 168 102 175 Julia Operating System Service Pack 1 Windows XP J SANS Report Year 2006 SANS ReportChapter W1 Vulnerabilities Name Auto Logon Product HA Description Automatic logon uses the domain user name and password stored in the registry to log users on to the computer when the system start
24. 0 most vulnerable host machines based on the number of open Trojan ports found 8 1 14 Vulnerable hosts based on vulnerability level Top 20 hosts based on Vulnerability Level Operating System Service Vulnerabilities Missing Patches IP address Host Name In Pack tal High Medium Low Total Critic I Imprt Mo Low Windows XP en 27 22 8 3 E 43 32 221 Windows XP i 41 31 7 3 0 re aa Windows XP 3 a 30 11 2 EEN Windows 2000 mm 3 34 s H GamesPC A ans EE Windows XP 1 0 0 1 0 EE Windows XP x64 0 0 o 0 D Screenshot 67 Sample report showing vulnerable hosts based on vulnerability level Appendix GFI LANguard default reports e 59 Host machine details showing the number of vulnerabilities and missing patches detected according to criticality Use this report to e List the 20 most vulnerable host machines for each network security scan based on vulnerability level 8 1 15 Network patching status Missing And Installed Service Packs B installed 3 E Missing 2 Total 5 E Installed E Missing Severity Critical Important Moderate Low Installed Missing Totals Screenshot 68 Sample report showing network patching status o Chart displaying the number of installed and missing service packs Chart displaying the number of installed and missing patches grouped by severity 60 e Appendix GFI LANguard default reports GFI ReportCenter Top 10 missing security updates Bulletin ID Descr
25. 09 Back Cancel Screenshot 4 Configuring custom date time period 3 Select the Day option and expand the provided drop down This will bring up the date selection calendar 4 Navigate to the required month i e May and select the required day i e 11 5 Click Next to generate the report Example 3 Generating a Network Vulnerability Summary report based on data collected over a specific date time period This example demonstrates how to generate a network vulnerability summary report based on network security scans carried out between May 1 2009 and May 11 2009 1 Click on the Default Reports navigation button to bring up the list of available reports 2 Right click on Network Vulnerability Summary and select Run gt For Custom Date GFI ReportCenter Getting started Default reports e 11 Specify Custom Date Date Time Select the date time period on which to base the report A Reports based on date and time will gather all scans made during the selected time period and will generate results based on information found during these scans 0 Relative Today 0 Day ha Ra rere Fo oe as zo E Ll ar i yy onda dek 11 al Lie DI NW Date range From 5 1 2009 Er 12 00 00 AM L To 5 11 2009 Il 12 59 59PM 4 Screenshot 5 Configuring custom date time period 3 Select the Date range option and specify the required parameters e From 5 1 2009 12 00 00 AM
26. 5 Sample report showing open ports o Host machine IP and name Open port details for each host machine including port number and name Use this report to e List open ports detected for each host on the network including port number and name 8 2 14 Installed applications by Host 80 143 32 140 Jane Operating ystem Service Pack Windows XP J 1 Installed Applications Adobe Flash Player 9 Publisher Adobe Systems Inc Version 9 Authorized Yes AVG AntiVirus Publisher AVG Technologies Version T 1428 Authorized Yes GFI LANguard Network Security Scanner 6 0 Publisher GFI a Version 6 0 Authonzed Yes Screenshot 96 Sample report showing installed applications o Host machine IP and name Installed application details for each host machine including name publisher and version Use this report to e List installed applications detected for each network host scanned including publisher and version details 78 e Appendix GFI LANguard default reports GFI ReportCenter 8 2 15 Application Inventory Adobe Flash Player 9 Installed on 1 computer s Application Publisher Adobe systems Inc Version Number 5 Authorized IP address 80 143 32 140 Jane WindowsXP 2 Application Publisher Adobe Systems Version Number 9 Authorized Yes IP address a Syste 62 1766 102 175 Julia Windows XP d Screenshot 97 Sample report showing applications inventory o In
27. Ap D y Screenshot 23 Advanced Settings Export to file options 2 Select the option Override the default folder options for this report 3 Specify the complete path where the exported report will be saved 4 Specify the file format in which the exported report will be saved 5 Click OK to finalize your configuration settings NOTE For information on how to configure the default export to file settings refers to the Configuring default scheduling options section in this manual 5 3 2 Configuring report emailing options To configure the report emailing options of a scheduled report do as follows g Click on the Settings used for report distrib Screenshot 24 Advanced Settings dialog Send by email settings button 1 From the Advanced Settings dialog click on the Settings button underneath the Send by email option 28 e Scheduling reports GFI ReportCenter GFI ReportCenter Email Alerts Options Email Options P You can ovenide the default email options for this scheduled report Override the default email options for this report To RC_Admin qfi com CC From IT manager server 120 11 140 11 29 C SMTP Server requires login lt r Screenshot 25 Report distribution options 2 Select the option Override the default email options for this report 3 Specify the following parameters To CC Specify the email address es where the generated report wi
28. Center to load up with the imported items Screenshot 47 Import configuration success restart notification 5 Close and restart GFI ReportCenter to activate the imported items GFI ReportCenter Configuring default options e 47 7 General options 7 1 Viewing the product ReportPack version details To view the version information of your product ReportPacks 1 Select the product ReportPack from the Product Selection drop down list 2 Click on the Options navigation button and select the Version Information node The version details will be displayed in the right pane of the management console 7 2 Checking the web for newer builds Periodically GFI releases product and ReportPack updates which can be automatically downloaded from the GFI website To check if a newer built is available for download Genera i Version Information GFI LANguard 9 0 ReportPack Copyright c 2008 GFI Software Ltd GF LANguard 9 0 ReportPack Checking for newer builds Version 9 0 Build 20090508 Build Updates Check for newer builds on startup Cancel Screenshot 48 Version Properties Check for newer builds dialog 1 Select the respective product for example GFI LANguard 9 0 Reports from the Product Selection drop down list 48 e General options GFI ReportCenter 2 Click on the Options navigation button 3 Right click on the Version Information node and select Checking for newer b
29. LANguard 9 0 ReportPack GH LANguard 0 ReportPack Fl LANgquard 9 0 ReportPack GFI LANguard 9 0 ReportPack Fl LANgquard 9 0 ReportPack GEI LANguard 9 0 ReportPack GEI LANguard 9 0 ReportPack GFI LANguard 9 0 ReportPack GFI LANguard 9 0 ReportPack GH LANguard 3 D ReportPack LU 5 12 2009 8 55 09 AN GE LANguard 9 0 ReportPack i 5 12 2009 8 55 02 AM GFI LANguard 9 0 ReportPack on k Screenshot 27 Schedule activity monitor GFI ReportCenter also includes a schedule activity monitor through which you can view events related to all scheduled reports that have been executed To open the schedule activity monitor click on the Scheduled Reports navigation button and select the Scheduled Reports Activity node This will bring up the activity information in the right pane of the GFI ReportCenter management console The activity monitor displays the following events A Information The scheduled report was successfully executed and sent by email and or saved to disk A Warning The scheduled report was not executed because product license is invalid or has expired AN Error The scheduled report was not executed due to a particular condition event Typical conditions include e Errors when attempting to save the generated report to a specific folder for example out of disk space e Errors when attempting to send the generated report via email for example the SMTP server configured in the GFI ReportCenter settings is
30. XP 2 E Screenshot 61 Sample report showing vulnerability listing by product o Name of product for which vulnerabilities were detected eo Vulnerability details for each product including name description and severity List of host machines affected by each product vulnerability detected Use this report to e List detected vulnerabilities grouped by product and the host machines affected by each vulnerability 8 1 9 Vulnerability listing by severity SEVERITY High Vulnerability 814078 Security Update Microsoft Jscript version 5 6 Windows 2000 Windows XF Category Missing Updates Product Windows Timestamp 2003 11 21 Affected Hosts 60 143 32 221 Joe2 Windows XP Gold Vulnerability 016093 Security Update Microsoft Virtual Machine Microsoft VM Category Missing Updates Product Windows Timestamp 2004 06 06 Affected Hosts g Syst 80 143 32 211 Andrew Windows 2000 4 50 143 324 233 Windows XP 1 Screenshot 62 Sample report showing vulnerability listing by severity o Severity level o Vulnerability details for each severity level including name and description List of host machines affected by vulnerabilities detected for each security level Appendix GFI LANguard default reports e 57 Use this report to e List detected vulnerabilities grouped by severity and the host machines affected by each vulnerability 8 1 10 Open Trojan ports by host 00 143 32 14
31. a the web forum The forum can be found at http forums gfi com 9 4 Request technical support If you have referred to this manual and our Knowledge Base articles and you still cannot solve issues with the software contact the GFI Technical Support team by filling in an online support request form or by phone e Online Fill out the support request form on http support gfi com supportrequestform asp Follow the instructions on this page closely to submit your support request e Phone To obtain the correct technical support phone number for your region please visit http Awww qfi com company contact htm NOTE Before you contact our Technical Support team please have your Customer ID available Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at htip customers gfi com We will answer your query within 24 hours or less depending on your time zone GFI ReportCenter Troubleshooting e 85 9 5 Build notifications We strongly suggest that you subscribe to our build notifications list This way you will be immediately notified about new product builds To subscribe to our build notifications visit http www gfi com pages productmailing htm 86 e Troubleshooting GFI ReportCenter scheduled reports 3 5 30 32 security scan 18 f n d ex System requirements 7 T Troubleshooting 85 U C user interface 3 30 31 39 configuration s
32. ackgroaund Intelligent Transter Semic Stopped Manual Local System Service Hame Status Startup Type Account Name Somputer Browser Running Automate Local System FPID 1043 User Name LOCAL SERVICE Domain HT AUTHORITY Handle Count 107 Thread Count 5 Priority amp PID 2236 PPID 2072 User Hame Administrator Path CIN GOW Syste msatiptas exe Domain MARE Command Line CAIN D OW Syste ms ati ptas ed Handle Count 53 Thread Count 1 Priority CG Screenshot 82 Sample report showing system information SNMP details for each host machine including name and description Q Service details for each host machine including name description status startup type and account name name Process details for each host machine including process ID and account 68 e Appendix GFI LANguard default reports GFI ReportCenter d SB Dewices USE Root Hub Descnptior USB Root Hub hianutacturen Standard USB Host Controller USB Root Hub Descnption USB Root Hub hianutacturer Standard USB Host Controlle USE Root Hub Descnptior USB Root Hub hianutacturen Standard USB Host Controller There were no Blacklisted USB Devices wulnerabilities detected WAN Miniport L2TF DHCP Set F alse WAN Miniport PFPTP MAC Address 20 50 54 50 S00 DHCP Set False WAN Minipot PPPOE MAC Address 33 50 GF A S050 DHCP Set F alse There were no Blacklisted Wireless Devices vulnerabilities detected
33. anufacturer Standard USB Hest Controller USB Root Hub Descipilon USB Root Hub Manufacturer Standard USB Host Controller USE Root Hub Description USB Root Huib Manufacturer Standard USB Hoer Controller USE Root Hub Description USB Root Hui Manufacturer Standard USB Host Controller USB Root Hub Description USB Root Hub Manufacturer Standard USB Hest Controller Network Devices Zhyeboal Chev licen Marvell Yukan SEESOO S00S 8010 PCI Gigabit Ethernet Controller Vendor hlarwel MAC Address 7 00 171 08 80 80 F2 IP Addressies 182 168 100 27 Hostname chm DHCP Set False DNS Serveris 182 166 100 268 212 93 140 1 Gateways 122 188 100 1 Status Plugged in 1354 Net Adapter Vendor Mucrosob MAC Address rale eet DHCP Set True Status Unpiugged Windows Mobllie based Device DHCP Set True Status Unplugged WAN Miniport L2TP Vendor Mucrosob DHCP Set False Status Unipougged WAN Miniport IP Vendor Microsoft DHCP Set False Stabus Unplugged WAN Miniport PPPOE Vendor Microsoft MAC Address SOF 45 30 30 DHCP Set False D Status Unpeuggqed Blacklisted Network Devices Other Devices ACP Flxed Feature Button gt Description AGP Fined Feature Bution Manufacturer Standard system Oe ces Device Class System Devices Programmable interrupt controller Description Programmabee miemupt controller Manufacturer Standard system devices S
34. ble host machines and products as well as the most common vulnerabilities detected on the network You will be asked to select which secunty scan data source to use and which filters to apply to this new custom report Click next to continue Screenshot 18 Custom Report Wizard Welcome dialog 2 Right click on the custom report to be modified and select Edit This will bring up the Custom Reports Wizard through which you can make the required changes NOTE For more information on how to configure the parameters of a custom report refer to the Creating a custom report section in this chapter Custom reports e 23 4 6 Deleting a custom report To delete a custom report 1 Click on the Custom Reports navigation button 2 Right click on the custom report to be permanently removed from the list and select Delete 3 Click Yes to confirm 4 7 Adding custom reports to the list of favorite reports Custom Reports D ReportPack Run Edit Delete Add To Favorites List KR New Screenshot 19 Favorite reports navigation button You can group and access frequently used reports through the Favorite Reports navigation button To add a custom report to the list of favorite reports 1 Click on the Custom Reports navigation button to bring up the list of available reports 2 Right click on the custom report to be added to favorites and select Add to Favorites List 3 Click Yes to conf
35. cified intervals For example you can schedule lengthy reports to be generated after office hours This allows you to maximize the availability of your system resources during working hours and avoid any possible disruptions to workflow Distribution of reports via email GFI ReportCenter allows you to automatically distribute generated reports via email In scheduled reports this can be achieved automatically after the successful generation of a scheduled report 4 e Introduction GFI ReportCenter Report export to various formats By default GFI ReportCenter allows you to export reports to various formats Supported formats include HTML PDF XLS DOC and RTF When scheduling reports you can optionally configure the preferred report output format Different scheduled reports can also be configured to output generated reports to different file formats Default reports The GFI LANguard ReportPack ships with a default set of graphical and tabular reports These reports can be generated without any further configuration effort immediately after the installation The default reports in this ReportPack are organized into three different report type categories e Vulnerability assessment reports e Network and software auditing reports e Results comparison reports Report customization The default reports that ship with every ReportPack can serve as the base template for the creation of customized reports Report customization is achie
36. cluding name description and severity O Chart displaying percentage of vulnerabilities detected on each host compared to total vulnerabilities detected on the network Use this report to e List the vulnerabilities detected for each host machine on the network 56 e Appendix GFI LANguard default reports GFI ReportCenter GFI ReportCenter 8 1 8 Vulnerability listing by product PRODUCT N A Vulnerability A connection could be opened using account Administrator without password You MUST seta password forthe administrator account and or disable quest logons Category Services Severity High Timestamp NWA Affected Hosts G 80 143 32 221 Joe Windows XP Gold 30 143 32 233 Windows XP 1 Vd Vulnerability Auto Logon Automatic logon uses the domain user name and password stored in the registry to log users on to the computerwhen the system starts The problem with automatic logon is the fact that any user can start yourcomputer and log on using your account Automatic logon proceeds differently from authenticated logon and can cause timing conflicts For example if one is loading several network transport protocols automatic logon might cause Windows 2000 to attemptto connectto some network resources before the protocols network transports are completely Category Registry Severity High Timestamp 2002 01 01 Affected Hosts Pe ee Eee e 143 32 226 GamesPC Dese XP 862 168 102 175 Julia Windows
37. e option To customize the report export configuration settings click on the Settings button underneath this option NOTE For information on how to configure export to file settings refer to the Configuring report export to file options section in this chapter 26 e Scheduling reports GFI ReportCenter 6 To automatically distribute generated reports via email select the Send by mail option To customize the email settings used for report distribution click on the Settings button underneath this option NOTE For information on how to configure email settings refer to the Configuring report emailing options in this chapter 7 Specify a name and description for this scheduled report Click Next to continue 8 Click Finish to finalize your settings 5 3 Configuring advanced settings GFI LANguard ReportPack allows you to export scheduled reports to a specific file format as well as to automatically distribute these reports via email This is achieved using either a set of parameters e g recipient s email addresses which are specified on the fly during scheduled report configuration or using the default set of report export and distribution parameters configured during the MReportPack installation NOTE The Report Scheduling Wizard is by default configured to use the default set of report export and distribution parameters Report export formats Scheduled reports can be exported in a variety of formats Supported file f
38. ed reports 30 5 5 Viewing the scheduled reports activity 31 5 6 Enable disable a scheduled report 32 5 7 Editing a scheduled report 32 5 8 Example Scheduling a report 33 6 Configuring default options 39 6 1 Introduction 39 6 2 Configuring database source Microsoft SQL Server 40 6 3 Configuring database source Microsoft Access 41 6 4 Viewing the current database source settings 42 6 5 Configuring default scheduling settings 42 6 6 Importing Exporting the configuration 43 7 General options 48 GFI ReportCenter Introduction e i index ii e Introduction 7 1 7 2 Viewing the product ReportPack version details Checking the web for newer builds Appendix GFI LANguard default reports 8 1 8 2 8 3 Vulnerability assessment reports Network and software audit reports Results comparison Troubleshooting 9 1 9 2 9 3 9 4 9 5 Introduction Knowledge Base Web Forum Request technical support Build notifications 48 48 50 50 65 81 GFI ReportCenter 1 Introduction 1 1 About GFI ReportCenter report Print generated report AA AA Email generated GFI Product3 report Figure 1 Centralized reporting framework GFI ReportCenter is a centralized reporting framework that allows you to generate various reports using data collected by different GFI products GFI releases specialized reports for each of its products referred to as a ReportPack for example the GFI LANguard ReportPack A ReportPack
39. efer to the Adding default reports to the list of favorite reports and Adding custom reports to the list of favorite reports sections in this manual Default Reports Use this navigation button to access the default list of reports which can be generated for the selected product For more information on default reports refer to the GFI LANguard default reports section in this manual Custom Reports Use this navigation button to access the list of customized reports which can be generated for the selected product For more information on how to create custom reports refer to the Custom reports chapter in this manual Scheduled Reports Use this navigation button to access the list of scheduled reports for automatic generation and distribution For more information on how to create scheduled reports refer to the Scheduling reports chapter in this manual Options Use this navigation button to access the general configuration settings for the GFI product selected in the Product Selection drop down list O O o Introduction e 3 Help Use this navigation button to show this Quick Reference Guide in the Report Pane of the GFI ReportCenter management console Report Pane Use this multi functional pane to View and analyze generated reports Maintain the scheduled reports list Explore samples and descriptions of default reports Export Use this button to export generated reports to vari
40. er CCleanertremovwe on hi Gadwin PrintScreen Gadwin Systems Inc a5 f Policies 13 EE ele Folic O chars 42 days 22 hours 47 no delay newer force no history minutes 31seconds E Security Audit Policy Audit accountlogon ewent True True Audit account management True True Audit director zenice access F alze F alse Audithogon event True True Audit object acces F alze F alse Audit policy change True True Audit privilege use True True Audit process tracking True True Audit em events True True mg Registry Information Mode Name Registry Entry schdHlz 2793 CSD Verion Sewice Pack CurrentBuildNumber 2600 CurentT ype Multiprocessor Free CurentVersian 23 Default 0408 DriverDese Media Control Devices Driverbese gt RAGE XL PC Identifier x86 Family 15 Model 4 Stepping 3 Run ATIPTA attptav ed Run FRISE FP Scheduler CAbrogram FilesiF SME ProthF Schedexe STARTUP Hun F Stop C Program Files F SI F ProtyF Sto pi ESE Run Intel Sewer Manager C Aprogram filesinte MS emerik anage S ermwetbimnem exe Run ISUSF M C Program Files Common FileslinstallShieldiUp date S emic SUSFh exe scheduler Rur Mamoalnt ert re gsvraz 6 mort dl Hun PROMoh griired C Program FilesIntehPROSetivired Wt St PROSetPRONohor exe Screenshot 84 Sample report showing system information 12 Installed application details for each host machine including name publisher and version List showing password polic
41. erate results based on infomation found during these scans Relative EN Today Yesterday Last seven days This month TEE eae May 2009 Date range 5 12 7005 9 02 05 AM Screenshot 30 Select date time of network scan 4 Select the option Relative and from the provided drop down list select Last month Click on Next to proceed to the next dialog 34 e Scheduling reports GFI ReportCenter Schedule Report Wizard Time Schedule Specify the time schedule to be used to automatically generate the report GC Scheduled reports can be generated either once using a specific date and time or else re generated using a time frame starting from a specific time 0 Generate this report once on the following dayAime Hai CO Generate this report every Interval 30 Start date time 5 12 2009 le 8 00 00 PM lt Back Next gt Screenshot 31 Specifying the scheduling options 5 To generate this report on a monthly basis select the option Generate this report every and set the interval to 30 Days 6 Set the start date to 5 12 2009 and time to 8 00 00 PM Click Next to continue Schedule Report Wizard Advanced Settings Customize report distribution and storage options CA You can send the generated report by email to a target recipient list or save the generated report in a folder on your file system Click on the Settings button of the relevant sect
42. erences Type Severity Count Windows 2006 01 05 NVA Missing Update High 2 Product Timestamp References Type seventy Count Windows 2006 02 14 NA Missing Update High Top 10 Most Vulnerable Products Severity Distribution Total High Med Windows 262 225 32 5 O Microsoft Windows NT 1 0 0 1 Screenshot 53 Sample report showing network vulnerability summary Chart displaying the 10 most common vulnerabilities Chart displaying the 10 most vulnerable products Use this report to e Display vulnerability counts for different categories 52 e Appendix GFI LANguard default reports GFI ReportCenter GFI ReportCenter e Identify the 10 most vulnerable host machines e ldentify the 10 most vulnerable products e Identify the 10 most common vulnerabilities 8 1 2 Network vulnerability trend Vulnerability detections over time Vulnerability Count E High E Medium E Low E Tots This trend report was generated from data in the following scans ON can date amp time Scan Profile Scan targetreference 10 24 2008 2 07 54PM Full Scan 80 143 32 1 24 10 27 2008 2 07 54PM Full Scan 80 143 32 1 24 10 28 2008 2 07 54PM Full Scan 80 143 32 1 24 10 30 2008 2 07 54PM Full Scan 80 143 32 1 24 Screenshot 54 Sample report showing network vulnerability trend Chart displaying past scans and vulnerability totals for each scan 2 List of past scans and respective scan profiles Use this report to e Graphically ill
43. ers of the Users group by defaut except forthe Guest account which is further restricted Screenshot 81 Sample report showing system information o Host machine IP and name O Host machine details including MAC address and domain LJ Uptime details for each host machine including time of day and uptime value Disk utilization details for each host machine including drive name file system type total storage space and free storage space GFI ReportCenter Appendix GFI LANguard default reports e 67 Group and user details for each host machine including group name group members user privileges and user bad password count ZHMP Information Hamme Description Object_Ib 1 3 6 1 9 1 311 1 1 3 1 3 HT Domain Controller sysD escr Hardware x86 Family 15 Model 4 Stepping 1 ATAT COMPA sch am e PROJECT sysUp Time 15 minutes 46 seconds Wendor Microsoft semice Name Status Startup Type Account Name Alerter Running Automate HT AUTHORIT Local Se nice Service Name Status Startup Type Account Name Application Layer S ateway Semice Running Manual NT AUTHORITY Local S enice Service Hame Status Startup Type Account Name Application Management Stopped Manual Local System Sewice Name Status Startup Type Account Name ASP NET State Service Stopped Manual NT AUTHORITY eto rks eni Service Mame Status Startup Type Account Name Wind ous Audi Running Automate Local System Service Hame Status Startup Type Account Name J
44. ettings 42 W custom reports 3 5 15 24 25 wizard 7 33 D data filters 5 15 database source 40 41 42 default reports 3 9 14 distribution of reports 4 E export reports 5 F favorite reports 3 14 24 filter conditions 17 framework 1 2 3 4 7 I installation 5 7 8 39 L license 31 N navigation button 3 9 10 11 14 15 21 23 24 27 28 30 31 32 33 35 36 39 40 41 48 49 P product ReportPack 3 Product Selection drop down list 8 48 R Report scheduling 2 4 S schedule activity monitor 31 GFI ReportCenter Troubleshooting e 87
45. ftware Audit e Report Title Software Audit Executive reports e Report Description This report is generated on a monthly basis and shows an executive summary of software installed on the network 16 Click Next to proceed to the final dialog 17 Click Finish to finalize your custom report configuration settings 38 e Scheduling reports GFI ReportCenter 6 Configuring default options 6 1 Introduction The GFI LANguard ReportPack allows you to configure a default set of parameters which can be used when generating reports These parameters are first set during installation However you can still reconfigure any of these parameters via the Options navigation button and the Tools menu provided in the GFI ReportCenter management console GFI ReportCenter 3 6 File Tools Help 4 gt Zip Ge GFILANguard Product Selection 4A GFI LANguard 9 0 ReportPack Database Source Selection OF LANguard 9 0 ReportPack Copyright oO 2008 GFI Software Ltd GFI LANguard 9 0 ReportPack Jee Kee ee feig s Z re Database Path C Program Files GFI LANquard 9 0 a Import Export Configuration Eas aan ied g Version Information on P Licensing NOTE To change the database backend between different database types right click on Database Source and select Set Database Source Err 7006 All rights reserved GFI Software Ltd Screenshot 37 Options navigation button and Tools menu Through the Options
46. iguration options Export configuration options Specify which configuration options to import export ReportCenter options ReportPacks custom scheduled and favorite reports options Specify the path and filename of the file to import export Screenshot 43 Import Export configuration dialog 1 From the pull down menu click on the File gt Import Export Configuration This will bring up the configuration dialog 2 Select the option Export configurations options 3 Specify which configuration options to export 4 Specify the path and filename of the XML file to export Click on OK to proceed with the export 44 e Configuring default options GFI ReportCenter a Exporting RO Scheduling settings Se S Exporting settings for GFI oe 9 0 ReportPack E SE favorite reports GE Exporting connection string Screenshot 44 Export configuration success GFI ReportCenter Configuring default options e 45 Importing the configuration To import the GFI LANguard configuration Import Export Configuration ES A Import Export ReportCenter and ReportPacks configurations The import export configuration functionalities can be used to perform of scheduled reports custom reports favorite reports and other options The exported configurations can also be imported into a separate Reportlenter instance provided that the same ReportPacks exist on both instances Specify the action to perform Import c
47. igured and select Properties This will bring up the Scheduled Reports Wizard 32 e Scheduling reports GFI ReportCenter Schedule Report Wizard Welcome to the LANguard Schedule Report Wizard This wizard will help generate a new scheduled report based on the following report Schedule for report Network Vulnerability Summary This report is an executive summary showing vulnerability counts for diferent categones The report also identifies the top most vulnerable host machines and products as well as the most common vulnerabilities detected on the network Click next to continue Screenshot 28 Scheduled Reports wizard 3 Click on Next and perform the required changes For information on how to configure the parameters of a scheduled report refer to the Creating a scheduled report section in this chapter Deleting a scheduled report To delete a scheduled report 1 Click on the Scheduled Reports navigation button 2 Right click on the scheduled report to be permanently removed from the list and select Delete 5 8 Example Scheduling a report This example demonstrates how to schedule a software audit report which will e Generate the first report on 5 12 2009 at 8 00 00 PM e Continue generating the same report on a monthly basis e Export the generated report s to folder C Monthly Reports in PDF format e Email the generated report using the following custom parameters e Send f
48. indows 2000 4 General Host Screenshot 103 Sample report showing security settings comparison Details of the computer used as comparison standard including scan date and scan profile List showing host machines with which the standard computer was compared List of differences found when comparing the host machines with the standard computer Differences are grouped by category including backdoors missing hot fixes password policy USB devices and applications Use this report to compare results between a chosen computer used as benchmark and host machines scanned with the same profile and having the same target GFI ReportCenter Appendix GFI LANguard default reports e 83 9 Troubleshooting 9 1 Introduction The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter The main sources of information available to users are e The manual most issues can be solved by reading this manual e GFI Knowledge Base articles e Web forum e Contacting GFI Technical Support 9 2 Knowledge Base GFI maintains a Knowledge Base which includes answers to the most common problems If you have a problem please consult the Knowledge Base first The Knowledge Base always has the most up to date listing of technical support questions and patches To access the Knowledge Base visit http kbase gfi com 9 3 Web Forum User to user technical support is available vi
49. ion in the dialog to further configure report sending saving options Export to file ga Click on the Settings button to customize the report storage options and specify the file format and destination folder where this report will be stored Settings Send by mail Click on the Settings button to customize and configure the email settings which will be l used for report distribution E Screenshot 32 Advanced Settings dialog 7 From the Advanced Settings dialog click on the Settings button underneath the Export to file option GFI ReportCenter Scheduling reports e 35 Report Storage Options Ex Folder Options 2 You can overide the default folder options for this scheduled Say report Lvemde the default folder options for this report cc monthly reports Adobe 4crohay Adobe Acrobat pdf Microsoft Excel ve Microsoft Word doc Rich Text Format rtf Screenshot 33 Advanced Settings Export to file options 8 Select the option Override the default folder options for this report 9 Specify the complete path where this report will be saved Le C Monthly Reports 10 From the report format drop down select PDF and click OK Send by mail ES Click on the Settings button to customize and configure the email settings which will be i used for report distribution Screenshot 34 Advanced Settings dialog Send by email settings button 11 From the Advanced Settings dialog click o
50. iption NotAvailable Windows Malicious Software Removal Tool January 2007 KB890830 2007 01 09 MS04 003 Security Update for Microsoft Data Access Components KB832463 2005 02 17 M303 034 Security Update for Microsoft Windows KB824105 2003 09 09 MS06 006 Secunty Update for Windows Media PlayerPlug in KB911564 2006 02 14 MS06 053 Security Update for Windows XP KB920665 2006 09 12 MS03 011 816093 Security Update Microsoft Virtual Machine Microsoft VM 2004 06 06 MS03 018 08611114 Security Update Windows XP or Windows XP Service Pack 1 2005 03 25 MS03 041 Securty Update for Microsoft Windows KB623162 2003 10 13 MS03 043 Security Update for Microsoft Windows XP KB626035 2003 11 20 MS06 076 Security Update for Windows MediaPlayer 6 4 KB925396 2006 12 12 Top 20 most vulnerable hosts by missing Patches and Service Packs IP address Host Name Severity Critical Important Moderate 80 143 32 233 Andy 38 30 11 2 80 143 32 211 Andrew 35 34 9 0 DU 141 23 231 Joe 31 D 3 0 80 143 32 140 Jane 2T 2 H 3 80 143 32 226 GamesPC 1 0 0 0 Bz 165 102 175 Julia 0 0 1 0 62 166 102 176 Steve 0 U 0 0 Screenshot 69 Sample report showing network patching status List showing the top 10 missing security updates List showing the top 20 most vulnerable host machines as a result of missing patches and service packs The number of vulnerabilities detected is split according to severity Use this report to e illustrate the status of
51. irm 24 e Custom reports GFI ReportCenter 5 Scheduling reports 5 1 Introduction GFI ReportCenter allows you to generate reports on a pre defined schedule as well as at specified intervals This way you can automate the generation of reports that are required on regular basis periodically Further to this GFI ReportCenter can also be configured to automatically distribute scheduled reports via email For every scheduled report you can configure custom emailing parameters including the list of report recipients and the file format e g PDF in which the report will be attached to the email Use the report scheduling feature to automate your report generation requirements For example you can schedule lengthy reports after office working hours and automatically email them to the intended recipients This way you maximize the availability of your system resources during working hours and avoid any possible disruptions to workflow Both default and custom reports can be scheduled for automatic generation 5 2 Scheduling a report To schedule a report 1 Click on the Default Custom Reports option pane 2 Right click on the report to be scheduled and select New gt Scheduled report This will bring up the Scheduled Report Wizard Click on Next to continue 3 Select the network security scan s data to be covered by this report GFI ReportCenter Scheduling reports e 25 Schedule Report Wizard Time Schedule Specify
52. ity Update for Windows 2000 KB953155 p Target Date Started Date Ended Completed Status Is Scheduled Jane 10292008 12 142 7PM 10 29 2008 12 15 27PM Successfully Yes MS08 063 957095 Security Update for Windows 2000 KB95 095 Ve Target Date Started Date Ended Completed Status Is Scheduled Jane 10 29 2008 12 14 2 7PM 10 29 2008 12 15 27PM Successtully Yes Screenshot 78 Sample report showing deployment history by patch 64 e Appendix GFI LANguard default reports GFI ReportCenter o Name of patch deployed 2 List of host machines on which the patch was deployed and deployment details including deployment status Use this report to e Display patch deployment information grouped by patch applied including details such as host machine names for each deployment 8 2 Network and software audit reports 8 2 1 Software audit op 10 Systems with Unauthorized Applications IP address Host Name Unauthorized Applications 80 143 32 140 Jane 3 op 10 Unauthorized Applications Application Name l Nera Suite L Winamp remove only 1 Yahoo Toolbar 1 Systems with Security Applications systems With Updated security Applications systems Without Any Security Application Category of Systems iV systems Without Any Secunty Application 6 Systems With Updated Securty Applications op 20 Most Installed Applications Publisher VMware Inc Ka Version 3 1 0000 Occurrence 4 Screenshot
53. izard will automatically download the latest one for you e Automatically install all the required components distributed including the GFI ReportCenter framework the GFI LANguard default reports and the Report Scheduling service To start the installation 1 Double click LANguard9rp exe 2 Select the required language 3 Setup will next list all the missing prerequisites if any Install any missing prerequisites by selecting the prerequisite and choosing Next NOTE If the current version of your GFI ReportCenter framework is not compatible with the GFI LANguard ReportPack you will be prompted to download and install an updated version 4 From the welcome screen click Next 5 Read the End User License Agreement check the I accept the license agreement radio button and click Next 6 If prompted enter your registration details and license key Click Next to continue setup GFI ReportCenter Installation e 7 NOTE If GFI LANguard is already installed GFI ReportPack automatically registers the license key of GFI LANguard 7 Select installation path or leave it as default and click Next 8 Select Launch GFI LANguard 9 0 ReportPack to launch ReportPack on setup completion 2 3 Launching the GFI LANguard reports for GFI ReportCenter Following the installation launch the GFI LANguard Reports for GFI ReportCenter from Start gt Programs gt GFI ReportCenter gt GFI LANguard 9 ReportPack 2 4 Selecting a product
54. ll be sent From Specify the email account that will be used to send the report Server Specify the name IP of your SMTP outbound email server If the specified server requires authentication select the option SMTP Server requires login and specify the logon credentials in the User name and Password fields Report format Reports are sent via email as attachments Select the file format in which to send out your report Click OK to finalize your configuration settings Scheduling reports e 29 5 4 Viewing the list of scheduled reports OH ReportCenter 3 6 File Tools Help 4 gt jali Panes Scheduled reports list Product Selection Schedule Name Repot Name GFI L Nguard 9 0 Depot back m Schedule for report Network Vulnerability Summary Network Vulnerability Summary m Schedule for report Network Vulnerability Summary 1 Network Vulnerability Summary Scheduled Reports G GFI LANguard 9 0 ReportPack OA Scheduled Reports List if Scheduled Reports Activity 4 o Favorite Reports w Default Reports Screenshot 26 List of Scheduled reports Click on the Scheduled Reports navigation button to show the list of scheduled reports which are currently configured for automatic generation This information is displayed in the right pane of the management console and includes the following details e Schedule Name The custom name that was specified during the creation of the new scheduled report e
55. ls for each host machine including minimum password length and password history List showing security audit policy details for each host machine Use this report to e List password and security audit policy settings for each network host scanned 8 2 18 Registry information 192 166 3 85 ESM DEMO Operating System Service Pack Windows Vista 1 OR Node Name Registry Entry MHz 6 CSDVersion Service Pack 1 CurrentBuildNumber 6001 CurrentType Multiprocessor Free CurrentVersion 6 0 Default 0409 DenyTerminalServerConnections 1 DriverDesc VM Additions 33 Tno32 b4 Identifier x66 Family 6 Model 15 Stepping 13 InstallLlanguage 0409 PathName C Windows Productld 89576 009 0000025 71122 ProductName Windows Vista TM Business RegisteredOrganization RegisteredOwner Admin Software Type System systemRoot C Windows Vendorldentifier Genuinelntel Run VPCUserServices C Windows VMADDWMUSrvc exe Run Windows Defender ProgramFiles o Windows A DefendeiMSASCuLexe hide Screenshot 100 Sample report showing registry information 80 e Appendix GFI LANguard default reports GFI ReportCenter o Host machine IP and name List of registry entry details for each host machine Use this report to e List system related registry information for each network host scanned 8 3 Results comparison 8 3 1 Network security log by date Compare Scans from 10 28 2008 2 07 54PM and 10
56. missing Use this report to e List missing patches grouped by severity including the host machine names for each missing patch 8 1 19 Installed patches grouped by host 60 143 32 140 Jane Operating System Service Pack Patch Count Windows XP 2 3 oO Bulletin ID Description Posted Date Severity Uninstallable NotAvailable Windows XP Service Pack 2 2006 04 25 Critical No MS06 009 security Update for Windows XP KB901190 2006 02 14 Important No NotAvailable MDAC 2 8 Service Pack 1 2006 02 01 Critical No Screenshot 73 Sample report showing installed patches grouped by host 62 e Appendix GFI LANguard default reports GFI ReportCenter GFI ReportCenter List of installed patch details for each host including severity URL link for further information and indication if the patch can be uninstalled o Host machine details on which installed patches were detected Use this report to e List installed patches grouped by host machine including URL links providing further information on each installed patch 8 1 20 Installed patches grouped by operating system Windows 2000 Patch 911565 Bulletin ID MS06 005 Posted Date 2006 02 14 Severity Critical Uninstallable No Description Secunty Update for Windows MediaPlayer 9 KB911565 oO Host Name Service Pack 80 143 32 211 Andrew 4 Patch 330994 Bulletin ID MS03 014 Posted Date 2004 04 09 Severity Critical Uninstallable No Descripti
57. n the Settings button underneath the Send by email option 36 e Scheduling reports GFI ReportCenter Email Alerts Options eal i Email Options P You can ovenide the default email options for this scheduled repot Overide the default email options for this report To RC_Admin afi Com CC From IT manager Com Server 120 11 1240 11 SMTP Server requires login Screenshot 35 Report distribution options 12 Select the option Override the default email options for this report 13 Specify the following parameters e To RC_Admin gfi com e From IT _manager gfi com e Server 120 11 120 11 14 From the report format drop down select PDF and click OK to finalize your email settings GFI ReportCenter Scheduling reports e 37 Schedule Report Wizard Name and Description Specify the name and description for this custom report GC The name title and description of a custom report will be used to uniquely identify the report through the set of custom reports The custom report name must be unique Report name Monthly Report Software Audit Report title Software Audit Executive Reports Report description This report is generated on monthly basis and shows an executive summary of softwere installed on the network PTE e Screenshot 36 Custom report name and description 15 Click Next and specify the following parameters e Report Name Monthly report So
58. ndows 2000 KB953155 MS06 063 957095 Security Update for Windows 2000 KB95 095 MS08 065 951071 Security Update for Windows 2000 KB951071 MS06 067 956644 Securty Update for Windows 2000 KB956644 Not Available 890830 Windows Malicious Software Removal Tool October 2008 KB690830 Not Available 956391 Cumulative Security Update for Activex Killbits for Windows 2000 KB956391 Screenshot 76 Sample report showing deployment history by host Host machine on which ne were made List of enemies ore meee eee details for each host including file names deployed and deployment status Use this report to e Display patches deployment information grouped by host machine including deployment details such as date and status 8 1 23 Remediation history by date Date Started 10 20 2008 6 20 23PM Service Pack install Target Date Ended Completed Status ls Scheduled Jane 10 20 2008 6 20 25PM Successfully Yes Installed Service Packs MDAC 2 8 Service Pack 1 2 Screenshot 77 Sample report showing deployment history by date o Deployment starting date List of deployment details grouped by host including file names deployed and deployment status Use this report to e Display patches deployment information by date and time including details such as host machine names for each deployment 8 1 24 Remediation history by patch application iS Patch install MS 03 062 953155 Secur
59. not reachable GFI ReportCenter Scheduling reports e 31 The activity monitor records and enumerates the following information e Date The date and time when the scheduled report was executed e Product name The name of the GFI product to which the report belongs e Type The event classification error information or warning e Description Information related to the state of a scheduled report that has been executed The format and contents of the activity description vary depending on the event type NOTE The description is often the most useful piece of information indicating what happened during the execution of a scheduled report or the significance of the event 5 6 Enable disable a scheduled report Scheduled reports can be enabled or disabled as required Use the Scheduled Reports navigation button to view the list of scheduled reports as well as to identify their current status The status of scheduled reports is shown through the icon included on the left hand side of each schedule P Indicates that the scheduled report is disabled ol Indicates that the scheduled report is enabled pending To enable or disable a scheduled report right click on the respective report and select Enable Disable accordingly 5 Editing a scheduled report To make changes to the configuration settings of a scheduled report 1 Click on the Scheduled Reports navigation button 2 Right click on the scheduled report to be re conf
60. ns made during the selected time period and will generate results based on information found during these scans Relative Today Day Monday lay 11 2009 Month Date range 5 11 2005 4 75 05 PM 5 11 2009 4 35 05 PM Screenshot 16 Selecting the date time period 5 Select the Month option and specify the following parameters Custom reports e 21 e Month January e Year 2009 6 Click on Next to proceed to the data filters dialog Custom Report Wizard Data Alters Specify any fiters that should be applied on the report A Ba Hostname Equal to Mark An Be and Operating system Equal to Windows Vista Add Filter Properties Add Filter Properties TES Filter Condition Properties TES Filter Condition Properties Filter Property Information Filter Property Information Filter condition to add Filter condition to add Property Hostname Property Operating system Conditions Equal to Conditions Equal to Value Mark Value Windows Vistal Filter property condition when added and M Summary Summary Determine if hostname is equal to Mark Determine if operating system is equal to Windows Vista lt Back Add Cancel lt Back Add Cancel Screenshot 17 Filter conditions dialog s 7 Click on the Add button and configure the parameters of filter 1 as follows Filter condition Hostname Condition Equal to Value Mark 8 Click Add to finalize your filter c
61. on 330994 April 2003 Secunty Update for Outlook Express 5 5 Service Pack 2 Host IP address Host Name Service Pack 80 143 32 211 Andrew A Screenshot 74 Sample report showing installed patches grouped by operating system Installed patch details for each operating system List of host machines on which specific patches were found to be installed Use this report to e List installed patches grouped by operating system including the host machine names for each installed patch 8 1 21 Installed patches grouped by severity Patch 611113 Bulletin ID Not Available Posted Date 2006 04 25 Uninstallable No Description Windows XP Service Pack 2 Host IP address Host Name Operating Syster Service Pack 60 143 32 140 Jane Windows XP 2 e Screenshot 75 Sample report showing installed patches grouped by severity List of installed patches grouped by their severity level including information on each patch List of host machines on which specific patches were found to be installed Use this report to e List installed patches grouped by severity including the host machine names for each installed patch Appendix GFI LANguard default reports e 63 8 1 22 Remediation history by host Target Host Jane Patch install Date Started Date Ended Completed Status Is Scheduled 10 29 2008 12 14 27PM 10 29 2008 12 15 27PM Successfully Yes Installed Patches MS06 062 953155 Securnty Update for Wi
62. on Filter Property Information Filter condition to add Filter condition to add Property Hostname Property Operating system Conditions Equal to Conditions Equal to M Value Mark Value Windows Vistal Filter property condition when added and ka ang Summary Summary Determine if hostname is equal to Mark Determine if operating system Is equal to Windows Vista lt Back Add Cancel lt Back Add Cancel Screenshot 14 Using multiple filters Filter 1 Filter 2 Filter condition Hostname Operating System Logical relation Is equal to Is equal to Value Mark Windows XP The data which will be included in this custom report will vary according to how these filters will be applied against your data This is defined through the Filter property condition drop down Filters applied Data output Filter 1 and Filter 2 The report will show All scan data which is related to a host called Mark which runs on Windows XP Filter 1 or Filter 2 The report will show All scan data related to Windows XP no matter which host it belongs to AND All scan data related to a host called Mark no matter which operating system it has installed Example Creating a custom report based on network security scans performed during a particular month This example demonstrates how to generate a network vulnerabilities summary report called Network vulnerabilities summary on hostname
63. on the network List of operating systems including the number of host machines on which they are installed Chart displaying service pack distribution for each operating system List of operating system service packs including the number of host machines on which they are installed Use this report to e Graphically represent operating systems detected on the network e List the number of host machines for each operating system e Graphically represent service packs detected on the network for each operating system e List the number of host machines for each service pack installed 8 2 3 System information 00 143 32 140 Jane Operating System SP Windows XP 2 Computer Properties 60 143 32 140 Jane Windows XP Service Pack MAC Address 00 0E 2E 56 AF AE Edimax Technology Co Ltd Time to live 126 128 Network role Workstation Domain WORKGROUP LAN manager Windows 2000 LAN Manager EN O No Uptime Information found Disk Utilization O Total Space Free Space File System Type C 14 65 GB 5 20 GB NTFS D 23 62 GB 312 30 MB NIFS Groups and Users Description Administrators Administrators have complete and unrestricted access tothe computer domain Members HX3 sorn HX3 Administrator HXS LNSS_ MONITOR_USR Backup Operators Backup Operators can override secunty restrictions forthe sole purpose of backing up orrestoring files Guests Guests have the same access as memb
64. onfiguration options O Export configuration options Specify which configuration options to import export ReportCenter options ReportPacks custom scheduled and favorite reports options Specify the path and filename of the file to import export Screenshot 45 Import configurations dialog 1 From the pull down menu click on the File gt Import Export Configuration This will bring up the configuration dialog 2 Select the option Import configurations options 3 Specify which configuration options to import 4 Specify the path and filename of the XML file to import Click on OK to proceed with the import 46 e Configuring default options GFI ReportCenter Import process completed successfully In order to see the wamings that occurred during import please click on the Details button Details Importing RO Scheduling settings C L Importing settings for GFI LANguard 9 0 ReportPack Importing custom reports Importing scheduled reports Importing favorite reports Importing connection string Screenshot 46 Import configuration success GF ReportCenter Ea b Importing from C Program Files Common PR Files GFI ReportCenter Framework v3 5 SavedReports Omar xml file completed successfully Note that some of the settings could be only partially imported Please see the debug logs for more details Please close and restart GH Report
65. onfiguration settings 9 Click again on the Add button and configure the parameters of filter 2 as follows e Filter condition Operating system e Condition is equal to e Value Windows Vista Filter Property condition and 10 Click Add to finalize your filter configuration settings 11 Click Next and specify the following parameters e Report Name Network Vulnerability summary for November 2008 e Report Title Network security scans of hostname Mark e Report Description This report shows a summary of vulnerabilities found on hostname Mark during November 2008 22 e Custom reports GFI ReportCenter 4 4 Runacustom report To run a custom report 4 5 Editing a custom report GFI ReportCenter 12 Click Next to proceed to the final dialog 13 Click Finish to finalize your custom report configuration settings 1 Click on the Custom Reports navigation button 2 Right click on the custom report to be generated and select Generate To edit the configuration settings of a custom report 1 Click on the Custom Reports navigation button Custom Report Wizard Welcome to the LANguard Custom Report Wizard This wizard will help generate a new customized report based on the following report Network Vulnerability Summary 1 This report is an executive summary showing vulnerability counts for different categories The report also identifies the top most vulnera
66. option select the date time period from which network security scan results will be gathered Click Next to continue NOTE For more information on how to configure filter conditions refer to the section Configuring data filter conditions in this manual 7 Specify a name and description for the customized report Click on Next to continue 8 Click on Finish to finalize your configuration settings Custom reports e 17 4 3 Configuring data filter conditions Use data filter conditions to specify which network security scan data results will be included in the report Only scans which match the specified criteria will be processed and presented within the report Custom Report Wizard Data Alters Specify any filters that should be applied on the report H a ee ein ee Filters e e Screenshot 12 Custom Report Wizard Filters dialog Click on the Add button to bring up the Edit filter properties dialog and configure the following conditions e Filter condition Specify the data source area on which the filter will focus for example select Operating System to filter the events data related to a specific operating system e Condition Specify the condition comparison parameter e Value Specify the string to which source data will be compared For example to generate a report which contains only information related to Windows XP configure your filter parameters as shown below
67. ormats include reene Description Use this format to allow distribution of a report on 1 Adobe Acrobat PDF different systems such as Macintosh and Linux while preserving the layout Use this format if you want to further process the report and perform more advance calculations using another external program such as Microsoft Excel 2 MS Excel XLS Use this format if you want to access this report 3 MS Word DOC using Microsoft Word Use this format to save the report in a format that 4 Rich text format is small in size and which allows accessibility RTF through different word processors in different operating systems 5 3 1 Configuring report export to file options To configure the report export to file settings of a scheduled report do as follows Export to file Re et Click on the Settings button to customize the report storage options and specify the file format and destination folder where this report will be stored Settings Screenshot 22 Advanced Settings dialog Export to file settings button 1 From the Advanced Settings dialog click on the Settings button underneath the Export to file option GFI ReportCenter Scheduling reports e 27 Report Storage Options You can overide the default folder options for this scheduled report V Override the default folder options for this report c program files common files ofi eportcenter framework v3 Report format Ok Cancel
68. ous formats including HTML Adobe Acrobat PDF Excel XLS Word DOC and Rich Text Format RTF D Send email Use this button to instantly distribute the last generated report via email GFI LANguard 9 0 default reports The GFI LANguard 9 0 default reports are a collection of specialized pre configured reports which plug into the GFI ReportCenter framework These reports present the results of network security scans performed by GFI LANguard and allow for the generation of both graphical and tabular IT Level technical and management reports Default reports can also serve as the base template for the creation of customized reports which fit specific network reporting requirements Report scheduling service The report scheduling service controls the scheduling and automatic distribution of reports by email Reports generated by this service can also be saved to a specific hard disk location in a variety of formats which include DOC PDF RTF and HTML 1 4 Key features Centralized reporting GFI ReportCenter is a one stop centralized reporting framework which enables the generation and customization of graphical and tabular reports for a wide array of GFI products Wizard assisted configuration Wizards are provided to assist you in the configuration scheduling and customization of reports Report scheduling With GFI ReportCenter you can schedule reports to be generated on a pre defined schedule as well as at spe
69. patches and service packs for host machines on the network 8 1 16 Missing patches grouped by host 80 143 32 140 Jane Operating System Service Pack Patch Count Windows XP 2 60 1 Bulletin ID Description Posted Date MS07 004 Secunty Update for Windows XP KB929969 2007 01 09 Critical NotAvailable Windows Malicious Software Removal Tool January 2007 2007 01 09 Critical KB 890830 Not Available Windows Internet Explorer 7 0 for Windows XP 2007 01 02 Critical MS06 078 security Update for Windows XP KB923689 2006 12 12 Critical MS06 076 security Update for Windows Media Player 6 4 KB925396 2006 12 12 Critical MS06 076 KB 923694 Security Update for Outlook Express forWindows XP 2006 12 12 Important MS06 075 security Update for Windows XP KB926255 2006 12 12 Important MS06 066 Security Update for Windows XP KB923980 2006 12 12 Important MS06 0 72 Cumulative Security Update for Internet Explorer for Windows XP 2006 12 12 Critical KB 925454 2 Screenshot 70 Sample report showing missing patches grouped by host o Host machine details on which missing patches were detected link for further information o List of missing patch details for each host including severity and URL Use this report to e List missing patches grouped by host machine including URL links providing further information on each missing patch GFI ReportCenter Appendix GFI LANguard default reports e 61 8 1 17 Missing patches grouped by ope
70. ports chapter 42 e Configuring default options GFI ReportCenter 6 6 Importing Exporting the configuration GH ReportCenter 3 6 He Tools Help Import Export Configuration Ly Edit AtteF4 Screenshot 42 Import Export Configuration node The GFI ReportCenter allows you to backup your configuration settings for the ReportCenter and all ReportPacks through Import Export Configuration in the File pull down menu Settings are exported for e Default scheduling options e Custom reports e Scheduled reports e Favorite reports The configuration is backed up into an XML file which may be imported into a separate GFI ReportCenter instance provided that the same ReportPacks are installed on both instances You can also import export the configuration for a particular ReportPack through the Import Export Configuration node in the Options section of the ReportPack GFI ReportCenter Configuring default options e 43 Exporting the configuration To export the GFI LANguard configuration Import Export Configuration rx A Import Export ReportCenter and ReportPacks configurations The import export configuration functionalities can be used to perform of scheduled reports custom reports favorite reports and other options The exported configurations can also be imported into a separate Reportlenter instance provided that the same ReportPacks exist on both instances Specify the action to perform Import conf
71. r Coane 1 Gee EFgaibg az Aa EGU CSAS EO FASAN RE GUIRED FARALAR CH EE CHANGED ORR ACCCRNMT Em a Bal in ecocne for geet oc to e conge Las Lica eer EFesswaeridge Fee ed ero Ces too Hep As S er Ao Fall Rene Ft Deski Hep AsslsktAcrort Eglbe a Screenshot 88 Sample report showing groups and users o Host machine IP and name List showing group details for each host machine including name description and members List of user details for each group including user name privilege last logon and bad password count Use this report to e List group and user information for each host machine 72 e Appendix GFI LANguard default reports GFI ReportCenter 8 2 8 SNMP information 00 143 32 211 Andrew Operating System Service Pack Windows 2000 4 Description Object_ID 1 3 6 1 4 1 311 1 1 3 1 2 NT Server sysDescr Hardware x66 Family 15 Model4 Stepping 6 AT AT COMPATIBLE Software Windows 2000 Version 5 0 Build 2195 UniprocessorFree sysName MG sysUpTime 4hours 22 minutes 25 seconds Qe Vendor Microsoft Screenshot 89 Sample report showing SNMP information o Host machine IP and name SNMP details for each host machine including name and description Use this report to e List SNMP information for each host machine including name description and uptime 8 2 9 Services 00 143 32 140 Jane Operating System Service Pack Windows XP 2 Description Status Startup T
72. rating system Windows 2000 Patch 929969 Bulletin ID MS07 004 Posted Date 2007 01 09 Severity Critical Description Security Update for Internet Explorer 5 01 Service Pack 4 KB929969 Host IP address Host Name 60 143 32 211 Andrew d 2 Screenshot 71 Sample report showing missing patches grouped by operating system o Missing patch details for each operating system E List of host machines on which specific patches were found to be missing Use this report to e List missing patches grouped by operating system including the host machine names for each missing patch 8 1 18 Missing patches grouped by severity Critical Patch 890830 Bulletin ID Not Available Posted Date 2007 01 09 Description Windows Malicious Software Removal Tool January 2007 i 690630 Host IP address Operating Syste 80 143 32 233 Ai Windows XP 1 80 143 32 226 GamesPC Windows XP 2 80 143 32 211 Andrew Windows 2000 4 80 143 32 221 Joe Windows XP Gold 80 143 32 140 Jane Windows XP 2 O Patch 925398 Bulletin ID MS06 078 Posted Date 2006 12 12 Description Security Update for Windows MediaPlayer 6 4 ech Host IP address Host Name g SY DU 14332 140 Jane Windows XP 2 80 143 32 211 Andrew Windows 2000 4 Screenshot 72 Sample report showing missing patches grouped by severity o Missing patch details for each severity level E List of host machines on which specific patches were found to be
73. rom email account RC_Admin gfi com e Send to email account IT manager gfi com e SMTP server details 120 11 120 11 To create the scheduled report 1 Click on the Default Reports navigation button 2 Right click on Network Vulnerability Summary and select New gt Scheduled Report As soon as the welcome dialog is displayed click Next GFI ReportCenter Scheduling reports e 33 Schedule Report Wizard Scan or date time range Specify the scan or date time range on which to base the report GC Reports are based on the secunty scan results collected during past network secunty scans Select the scan results on which this report will be based O Last Scan Use this option to generate reports based on data collected during the latest network security scan 6 Particular Scan Use this option to generate reports based on data collected during a particular network secunty scan Scans over a date time range Use this option to generate reports based on the scan results data collected during a specific date time period lt Back Next gt Screenshot 29 Select network security scan s data 3 Select the option Scans over a date time range for data to be covered by this report and click Next Schedule Report Wizard Date Time Select the datetime period on which to base the report GC Reports based on date and time will gather all scans made during the selected time period and will gen
74. ry Severity Distribution High Med Backdoors 5 a Missing Updates 262 225 32 5 Registry 24 3 4 1r RPC 1 1 U Services 3 3 U WMINet 3 3 0 0 WMIUSB 2 2 U 0 Screenshot 51 Sample report showing network vulnerability summary O Chart displaying vulnerability categories and their distribution GFI ReportCenter Appendix GFI LANguard default reports e 51 Vulnerability Distribution by Timestamp Last Three Months Last Year Older than One Year Vulnerability Category Severity Distribution Total High Med Last Three Months 0 0 0 0 Last Year D f 0 0 Older than One Year 200 230 36 22 Screenshot 52 Sample report showing network vulnerability summary O Chart displaying the vulnerability distribution over time Top 10 Most Common Vulnerabilities Product Timestamp References Type Severity Count Windows 2007 01 09 WA Missing Update High 5 Product Timestamp References Type Seventy Count MNA 2002 01 01 WA Registry Low 3 Product Timestamp References Type Seventy Count Windows 2005 02 17 WA Missing Update High 3 Product Timestamp References Type Seventy Count Windows 2006 02 14 WA Missing Update High 3 Product Timestamp References Type Severity Count Windows 2006 09 12 NIA Missing Update Medium A Missing Update Security Update for Microsoft Windows KB824105 Product Timestamp References Type Seventy Count Windows 2003 09 09 NIA Missing Update High A Product Timestamp Ref
75. s The problem with automatic logon is the fact that any usercan start your computer and log on using your account Automatic logon proceeds differently from authenticated logon and can cause timing conflicts For example if one is loading several network transport protocols automatic logon might cause Windows 2000 to attemptto connect to some network resources beforethe protocols network transports are completely loaded In orderto solve this vulnerability one should set AutoAdminLogonto 0 and delete the value of DetaultPassword The latteris stored and displayed inthe registry editor in plain unencrypted text KEN Screenshot 65 Sample report showing too SANS vulnerabilities status Host machine details on which vulnerabilities reported by SANS were detected List showing SANS vulnerability details including name description and product affected SANS vulnerabilities are grouped by year and chapter Use this report to e List the vulnerabilities detected for each host machine based on the SANS top 20 report of vulnerabilities 8 1 13 Vulnerable hosts based on open ports Top 40 most vulnerable hosts IP address Host Name Operating System Service Pack O 60 143 32 140 Jane Windows XP 2 A 80 143 32 221 Joe Windows XP Gald 1 Sp Screenshot 66 Sample report showing vulnerable hosts based on open ports List showing the top 20 host machines most likely to be compromised by Trojans Use this report to e List the 2
76. stalled application name and details List of computers having application installed Use this report to e Identify all computers which have specific software installed on them 8 2 16 Antivirus Applications 00 143 32 140 Jane Operating System Service Pack Windows XP 2 Defn files ame Publisher Version up to date AVG AntiVirus T 1428 Yes 5 22 2009 5 37 02AM Not supported AVG Technologies Screenshot 98 Sample report showing installed anti virus applications o Host machine IP and name EH Antivirus application details for each host machine including name publisher and version Use this report to e List installed antivirus applications detected for each network host scanned including publisher and version details GFI ReportCenter Appendix GFI LANguard default reports e 79 8 2 17 Auditing Policies 00 143 32 211 Andrew Operating System Service Pack Windows 2000 4 assword Policy 0 chars 4 days 22 hours di no delay never force no history amp minutes 31 seconds Audit account logon events True True Audit account management True True Audit directory service access True True Auditlogon events True True Audit object access True True Audit policy change True True Audit privilege use True True Audit process tracking True True Audit system events True True Screenshot 99 Sample report showing policies od Host machine IP and name Password policy detai
77. stom Report Wizard Custom Report Wizard Scan or date Aime range Specify the scan or date time range on which to base the report eports are based on the secunty scan results collected during past network secunty scans Select the scan results on which this report will be based Last Scan Use this option to generate reports based on data collected during the latest network secunty scan Particular Scan Use this option to generate reports based on data collected during a particular network secunty scan Scans over a date time range Use this option to generate reports based on the scan results data collected during a specific datetime period nie Ge ere Screenshot 8 Selecting the scan data source to use 3 Specify the data source option that will be used to generate the custom report This data source refers to scan results trom e the last scan e particular scan s e scans carried out over a specific date time period Click Next to continue Custom reports e 15 Custom Report Wizard Past Select one or more scans on which to base the report From the list below select the network secunty scan s on which this report will be based Target Profile Date A localhost My Profile 5 11 2009 1 45 41 PM A localhost My Profile 5 11 2009 8 57 47 AM A 192 168 3 85 152 Full Vulnerability 5 8 2009 2 48 16 PM A localhost My Profile 5 8 2009 1 58 12 PM A localhost My Profile 5 6 2009 1 50 59
78. t Run and specify the scan date time period that will be covered by the report Example 1 Generating a Network Vulnerability Summary report based on the last scan This example demonstrates how to generate a network vulnerability summary report based on the last network security scan carried out 1 Click on the Default Reports navigation button to bring up the list of available reports 2 Right click on Network Vulnerability Summary and select Run gt For Last Scan Example 2 Generating a Network Vulnerability Summary report based on scans made on a particular day This example demonstrates how to generate a network vulnerability summary report based on the scan performed on May 11 2009 1 Click on the Default Reports navigation button to bring up the list of available reports 2 Right click on Network Vulnerability Summary and select Run gt For Custom Date 10 o Getting started Default reports GFI ReportCenter Specify Custom Date Date Time Select the date time period on which to base the report Cl Reports based on date and time will gather all scans made during the selected time period and will generate results based on information found during these scans O Relative Today Day Monday May 11 2009 IN a May 2009 2009 Sun Mon Tue Wed Thu Fri Sat DMI 2 JI ZS A0 20 1 2 CHE ECH EK E ME ee 10 7 13 4 15 1 CG 17 18 19 A0 A 22 FF PF 4 5 6 F B A W 31 1 2 3 4 3 D C Today 5 11 20
79. tCenter respective scan count Chart displaying scan profile usage Last Scan for Each System IP address 852 168 102 176 2 168 102 175 60 143 32 226 00 143 32 271 00 143 32 211 60 143 32 140 Jane 10302005 2 07 54PM Steve 10 30 2008 2 07 54PM Julia 10 30 2008 2 07 54PM Andy 10 30 2008 2 07 54PM GamesPc 10 30 2008 2 07 54PM Joe 10 30 2008 2 07 54PM Andrew 10 30 2008 2 07 54PM Scans Listing Start Date Time Scan Ended 1252006 2 07 54PM 600 143 932 124 Ping them All Yes 1626 2000 2 07 54PM 60 143 32 1 24 Ping them All Yes 10272008 2 07 54PM o0 143 32 1 24 Full Scan Yes 10202008 2 07 54PM o0 143 32 1 24 Full Scan Yes Screenshot 58 Sample report showing security scans history List showing date and time of the last scan performed on each host List showing all scans performed Use this report to e Display information and statistics on all network security scans performed 8 1 6 Vulnerability listing by category CATEGORY Missing Updates Vulnerability 614076 Security Update Microsoft Jscript version 5 6 Windows 2000 Windows XP Product Windows Timestamp 2003 11 21 Affected Hosts DERTES Operating System 00 143 32 221 Joe Windows Ai Gold Vulnerability 616093 Security Update Microsoft Virtual Machine Microsoft VM Product Windows Severity Critical Timestamp 2004 06 05 Affected Hosts Operating System 00 143 32 211 Andrew Windows 2000 4 00 143
80. tCenter GFI ReportCenter 8 2 11 Hardware Audit 01443324140 Jane BH 6 Operating System i 1 Windows AH d Intel R Core TM Quad CPU 6600 2 40GHz Vendor Genuine me Speed 2405 MHz Vendor Genuine e Speed 2405 MHz Vendor Genuine Speed 2405 MHz Vendor Genuine lm 2 Speed 2405 MHz Name PSK Maenufscturer ASUSTeK Computer IMC Version Rev 1 2 Sena Number MS6CT7ABS4400944 BIOS name BIOS Date 07 03 07 10 01 10 Ver 08 00 12 BIOS vendornare Amencan Megastrends Inc BIOS version leg BIOS release date 2007 07 03 00 00 00 BIOS Sena Number System Sere Number ai Physical menory 4 00 GB Free physical memory 2 05 6B Virtual mmm 6 22 66 Free virtual memory 6 91 GB O NVIDIA GeForce T600 GT Manufacturer NVIDIA Current resolution 1280 x 1024 x32x0 Hz O Sens Number 19828 1672673024 Storage Devices Floppy disk drive Description Floppy disk drive Manufacturer Standard floppy diskdnves Medis type Floppy disk drive ASUS DRW 2014L1T ATADevice E CO ROM Drive DWO Writer Manufacturer Standard CD ROM drives Interface type SCSI Medis type Optical disk drive Drive s E Sens Number 1115283277 2035 LVO403T FV2043D SCSI CdRom Device O Drives File System Type 3 5165 NTFS WA WA Screenshot 92 Sample report showing hardware audit part 1 of 2 Appendix GFI LANguard default reports e 75 USE Devices USB Root Hub Description USB Root Hub M
81. uilds NOTE GFI LANguard 9 0 ReportPack is configured by default to check for newer builds on startup GFI ReportCenter General options e 49 8 Appendix GFI LANguard default reports 8 1 Vulnerability assessment reports 8 1 1 Network vulnerability summary Hosts Severity Level Distribution Top 10 Vulnerable Hosts by Severity IP Address Severity 80 143 32 233 Andy 70 5 80 143 32 211 Andrew 70 10 1 80 143 32 140 Jane 59 g a 80 143 32 221 Joe 40 4 2 80 143 32 226 GamesPC 2 0 1 2 168 102 175 Julia 1 d 5 62 166 102176 Steve 0 0 5 Va Hosts Vulnerability Level Distribution Vulnerability Level H High 5 Medium 1 Low 1 NotAssigned U Total D Screenshot 49 Sample report showing network vulnerability summary Chart displaying vulnerability severity distributions List showing the top 10 most vulnerable host machines ordered by severity Chart displaying vulnerability level distributions across host machines on the network 50 e Appendix GFI LANguard default reports GFI ReportCenter Vulnerability Count by OS Distribution Windows Windows XF Windows XF x4 0 40 DU 120 160 200 240 Severity Distribution Total High Med Low Windows 2000 HI 70 10 1 Windows XP 214 172 26 16 Windows XP x64 5 0 0 5 Screenshot 50 Sample report showing network vulnerability summary Backdoors Missing Updates Registry Services WM INet WMIUSB Vulnerability Catego
82. ustrate how the number of vulnerabilities on the network has changed over a given time span 8 1 3 Vulnerability distribution by host Scan reference 80 143 32 1 24 Scan date amp time 10 30 2008 2 07 54PM Severity Distribution Vulnerability Categones Operating System SP Low Med High Mall Sav RPC DNS Soft Rtkt Mic Bko 80 143 32 140 Jane 80 143 32 211 0 0 0 3 0 0 0 0 0 0 0 0 0 0 0 78 Andrew 80 143 32 221 0 0 0 3 1 0 0 0 0 0 1 0 0 0 0 P Joe 80 143 32225 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 1 GamesPC 80 143 32233 0 0 0 3 1 1 0 0 0 0 0 0 0 0 0 31 Andy 82 168 102 175 0 0 0 7 0 0 0 0 0 0 0 0 0 0 0 1 Julia 82 168 102 176 Steve Screenshot 55 Sample report showing vulnerability distribution by host List of IP addresses and host names on which vulnerabilities were detected a The number of low medium and high severity vulnerabilities detected on each host 8 The number of vulnerabilities detected on each host distributed by l vulnerability category Appendix GFI LANguard default reports e 53 Use this report to e Generate statistics showing vulnerability counts for each host machine 8 1 4 Vulnerability distribution by operating system Scan reference 80 143 32 1 24 Scan date amp time 10 30 2008 2 07 54PM Severity Distribution Vulnerability Categories Operating System SP Low Med High Mall a Bkdr S Unauth USB Netwik Misa Prod Apps Updt Windows 2000 SP 4 Windows
83. ved by building up custom data filters which will analyze the data source and filter the information that matches specific criteria In this way you create reports tailored to your reporting requirements Favorites GFI ReportCenter allows you to create bookmarks to your most frequently used reports both default and custom Printing By default all reports generated by GFI ReportCenter are printer friendly and can be printed through the windows printing services provided by the system where GFI ReportCeniter is installed GFI ReportCenter Introduction e 5 2 Installation 2 1 System requirements Install the GFI LANguard ReportPack on a computer that meets the following requirements e Windows 2000 SP4 XP SP2 SP3 2003 2008 VISTA SP1 operating system e Internet Explorer 5 1 or higher e NET Framework version 2 0 e MDAC 2 8 e GFI ReportCenter 3 6 NOTE The GFI LANguard ReportPack only allows you to generate reports for data contained in scan results databases which were created and maintained by GFI LANguard 2 2 Installation procedure The GFI LANguard ReportPack includes an installation wizard which will assist you through the installation process During the installation process this wizard will e Verify that you are running the latest version of the GFI ReportCenter framework if you are installing the framework for the first time or the currently installed framework version is outdated the installation w
84. y details security audit policy details List of registry entry details for each host machine Use this report to e List detailed technical information for each host machine including services installed applications policies and devices 70 e Appendix GFI LANguard default reports GFI ReportCenter GFI ReportCenter 8 2 4 Computer properties 00 143 32 211 Andrew Windows 2000 Service Pack 4 MAC Address 00 0 C 29 55 72 FB VMware Inc Time to live 126 126 Network role Member Server Domain MG LAN manager Windows 2000 LAN Manager 2 Screenshot 85 Sample report showing computer properties o Host machine IP and name Host machine details including MAC address and domain Use this report to e List information for each host machine including MAC address network role and domain 8 2 5 Uptimes 2 166 102 175 Julia Operating System Service Pack Windows XP Pa Time of Day Up Time Of Feb 2007 17 37 00 1 day 12 hours 26 minutes 6 seconds Va o2 160 107 176 Steve Operating System Service Pack Windows XP x64 L Time of Day Ui Feb 2007 17 48 18 8 hours 41 minutes 13 seconds Screenshot 86 Sample report showing uptimes o Host machine IP and name Uptime details for each host machine including time of day and uptime value Use this report to e List uptime for each host machine grouped by network scan 8 2 6 Disk utilization 00 143 32 140 Jane
85. ype Account Name Alerter Stopped Disabled NT AUTHORITY LocalService ALG Description Status startup Type Account Name Application Layer Gateway Service Running Manual NT AUTHORITY LocalService AppMgmt Description Status startup Type Account Name Application Management Stopped Manual LocalSystem O Screenshot 90 Sample report showing services o Host machine IP and name EH service details for each host machine including name description status startup type and account name Use this report to e List service information for each host machine including description status and startup type and account name GFI ReportCenter Appendix GFI LANguard default reports e 73 8 2 10 Processes 60 143 32 140 Jane Operating System Service Pack Windows XP 2 System Idle Process Thread Count 1 PID 4 User Name SYSTEM Domain NT AUTHORITY Handle Count 540 Thread Count 60 Priority 6 2 spoolsv exe PID 160 PPID 946 User Name SYSTEM Path CAWINDOW S system32 spoolsv exe Domain NT AUTHORITY Command Line CAWINDOWS system32 spoolsv exe Handle Count 114 Thread Count 11 Priority 6 Screenshot 91 Sample report showing processes od Host machine IP and name Process details for each host machine including process ID and account l name Use this report to e List process properties for each host machine 74 e Appendix GFI LANguard default reports GFI Repor
86. ystem timer Description System timer Manufacturer Standard system Oe Ces Device Class System Devices Direct memory accees controller Description Direct memory access controller Manufacturer Standard system devices Screenshot 93 Sample report showing hardware audit part 2 of 2 76 e Appendix GFI LANguard default reports GFI ReportCenter gn o ea ed Use this report to identify all devices detected on the network for scan computers NOTE Devices are grouped by categories Categories with no devices detected are not displayed 8 2 12 Shares 00 143 32 211 Andrew Operating System Service Pack Windows 2000 H 4 ADMING Remote Admin LA Default share IPCS Remote IPC Screenshot 94 Sample report showing shares o Host machine IP and name Share folder details for each host machine including name and remarks Use this report to e List information on shared folders for each host machine GFI ReportCenter Appendix GFI LANguard default reports e 77 8 2 13 Open ports 197 166 3 65 ESM DEMO Operating System Service Pack Windows Vista 1 d DU Hypertext TransterProtocol HTTP 60 Full Port List 135 DCE endpoint resolution 135 Full Port List 139 NetBlOS NetBlOS Session Service 139 Full Port List 445 Full Port List 445 Microsoft DS Active Directory Windows shares 1 170 LNSS attendant 1 170 Full Port List 2 Screenshot 9
Download Pdf Manuals
Related Search