Product review

Languard N.S.S

System Requirements:

• Windows 2000 (SP4), XP (SP2), 2003, VISTA operating system.
  
• Internet Explorer 5.1 or higher.
  
• Client for Microsoft Networks component - included by default in Windows 95 or higher.

License: Commercial

Application: Security Assesment
Homepage: http://www.gfi.com

What is it?
In this day and age its hard for home users to keep up with the constant updating/patching of their system along with keeping a steady eye on their information to make sure its protected. With one to five computers doing all the work to be safe can be pretty manageable, but how about 500 computers or even 5,000? Corporate IT professionals struggle to keep systems up to date with the newest patches and in return do not get enough time to assess their exposure to hackers.

“GFI LANguard Network Security Scanner (N.S.S.) is an award-winning solution that allows you to scan, detect, assess and remediate any security vulnerabilities on your network.” That quote comes straight from GFI themselves and after testing the software I firmly agree with them. This product was extremely easy to use, but in no way was it performance sacrificed for functionality.

Putting it to use
Lets say your the network administrator in charge of 500 nodes. Its Monday, your company sits you down and tells you they need a report by Friday that details how secure their current network setup is. Most would panic, but you have installed LANguard N.S.S along with the report packages. LANguard gives you several option when choosing what you would like to scan. There is the option to scan just a signal computer or you have a few other options (list of nodes, address ranges or a domain). In our case we would like to reduce the time and just scan the whole domain.

Now we need to tell LANguard what profile to use for our domain scan (if not using the wizard go to Configuration > Scanning Profiles in the Tool Explorer). LANguard comes with a bunch of generic scans, but also allows for you, the user to make custom scans based on services running on your network. Since we are scanning our whole domain we should use the Slow Networks profile. This profile is setup to assume that there may be longer communication delays.

We then run the scan by clicking start. If you look at the bottom of the screen you can see which parameters are being tested and how they are being tested. As the scan is working you will see each computer with IP address appear in bold. Under each host will be a vulnerabilities, open tcp/ip ports and system information tab which you can click to display more information. Now that we have scanned our domain we are left with a lot to look at. From here we have the option to save the scan, probe each computer and see the vulnerabilities or check out what patches were missing.

Since management wants a report of how “secure” their network is we will use our Report Pack software to create a technical report of the scan. This report will identify when the scan took place, the hosts picked up, the missing patches, vulnerabilities and what it needs to be up to date. After printing out the report and saving our scan information we can now go back and investigate what was missing. Starting one at a time we will look at each computer. If you click the vulnerabilities section under one of the nodes you can now get a complete break down of what is missing on the right side of the screen. LANguard puts these into a unique easy to read order. If any service packs are missing then they will be listed first, followed by patches and then the vulnerabilities found. The vulnerabilities section is broken down into high risk, medium risk and low risk making it easy to prioritize the work ahead.

On our domain, about 150 computers were missing services packs all related critical. Instead of going to each one all we have to do is right-click the service pack and go to the option deploy service packs and then choose for several computers. Upon clicking it you will be sent to the deployment screen. From here you right click the service pack and tell LANguard to go out and download it. As its downloading you can customize how it will be deployed on the right hand side. There are a few options on how to warn a user on the machine of a deployment along with how to handle rebooting the host afterwards. Once the download is complete, hit start at the bottom and you will be good to go. (this process is the same for patches).

Going back to the left of the screen we can click the open ports section and get a list of the services and current ports opened on each system. Double clicking on any port will automatically establish a telnet session so that you may configure if necessary. You may also notice that LANguard is able to do OS fingerprinting. This information will be displayed in bold next to each computer scanned.
So now we have our machines all up to date, safe and secure. From here we are able to go through and use different scanning profiles to assess our network in more detail. Other useful details of LANguard are:

• A number of tools built into the interface including DNS lookup, Whois, Traceroute, and more. (found in the tools section).
  
• Set time and date for scans, patch deployment and getting reports fed through email.
  
• Automatic updates of the LANguard software and vulnerability databases.
  
• Ability to install software and updates remotely (Windows nodes only)

Coming back to our initial problem of getting all that information in a week, you can easily see that LANguard was in fact the right tool for the job. We were able to meet our dead line with plenty of time and fix the problems that were found. With report pack we were able to show our level of security right after the scan and how it is now that everything has been patched. Using LANguard N.S.S network administrators can now have a chance on keeping their systems up to date.

---

Fundacja Rozwoju Regionu Gołdap webmaster, web designer grafik portfolio Zygfryd Słapik Lublin dj warszawa Smycze reklamowe Ford Transit CV var1at