Home > Guides > Security > General Security and Privacy

Security Reference Guide

Hosted by

Toggle Open Guide Table of ContentsGuide Contents

Close Table of ContentsGuide Contents

Close Table of Contents

Securing your Windows Servers with GFI LANguard Network Security Scanner

Last updated May 23, 2003.

In this guide we've given a lot of attention to free and low-cost open source security tools and solutions. However, we have previously given relatively little attention to commercial solutions. For those administrators with a more liberal budget and a need for a well-supported product, we now look at GFI LANguard Network Security Scanner (NSS).

Perhaps more than anything, the best recommendation for the software might be that it is in the top 25 list on insecure.org. This is for good reason, as we learned after testing it. Installation was straightforward, and a handy wizard guides you through the key steps. For example, you are able to schedule scans, configure how to respond to threats, and more.

GFI LANguard Network Security Scanner (N.S.S.) scans your network for many of the possible ways that a malicious hacker could attack you. For example, the program analyzes not only opened services, but also the operating system and the applications running on your network, in order to identify possible security holes. Like many security tools, this one has the potential for being used in a malicious manner. However, unless you understand how an attacker could penetrate your defenses, you will be impotent — and wide open to attack.

GFI LANguard N.S.S. has the ability to scan your entire network, IP by IP, or to scan just a single machine upon which it is installed. Not only do you get a list of open ports and vulnerable services, but you also get useful information such as the service packs installed on the machine, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. In addition, you can easily analyze scan results using filters and reports, enabling you to proactively secure your network — for example, by shutting down unnecessary ports, closing shares, installing service packs and hotfixes, etc.

Another important value added a feature of GFI LANguard N.S.S. is that it is also a complete patch management solution. For example, once you have done a complete network scan and determined which patches and hot fixes are missing, GFI LANguard N.S.S. allows you to deploy your choice of service packs and patches network-wide and also to deploy custom software.

The following section will at some of the features and benefits of GFI LANguard N.S.S., point by point.

Extensive Vulnerabilities Database

GFI LANguard N.S.S. has a surprisingly complete database of vulnerabilities, which includes top SANS issues, as well as Linux and CGI vulnerabilities. This vulnerability database also stays current with BugTraq, SANS, CVE and other sources.

Automatic Alerting of New Vulnerabilities

GFI LANguard N.S.S. allows you the flexibility to perform either manual- or automatically-scheduled scans, such as daily or weekly. You can choose to receive automatic e-mail updates of any new wall liabilities. This includes the ability to quickly identify any newly created shares, installed services, installed applications, added users, newly opened ports and more.

Granular Creation of Scans and Vulnerability Tests

You also have the flexibility to granularly schedule security audits, including scanning for shares, constant scans for violations of audit/password policy, or for machines missing a particular patch or service pack.

Enables Easy Filtering of Scan Results

GFI LANguard N.S.S. allows you to drill down to particular machines or nodes. Also create custom filters, as well as export scan results data to XML.

Organize Vulnerabilities and Solutions

GFI LANguard N.S.S. categories security vulnerabilities and, where possible, recommends a solution. If available, it provides a web link or further information regarding the issue, for example a BugTraq ID or a Microsoft Knowledge Base article ID.

Fast TCP/UDP Port Scanning and Service Fingerprint Identification

GFI LANguard N.S.S. includes a fast TCP/IP and UDP port scanning engine, allowing you to scan your network for unnecessary open ports. While identifying key open ports (such as www, FTP, Telnet, SMTP) through banner processing, GFI LANguard N.S.S. will also query the service running behind the detected open ports to ensure that no port hijacking took place.

Automatically Downloads Security Patches and Vulnerability Information

GFI LANguard N.S.S. includes an auto-update feature which allows you to be always kept updated with information about newly released Microsoft security updates as well as new vulnerability checks issued by GFI.

Anti-virus and Anti-spyware Optimization

GFI LANguard N.S.S. keeps a close track of the antivirus software installed on the machines, including the time of the last virus signature installed.

Other features include:

  • Automatically checks the password policy for all machines on the network
  • Checks for programs that run automatically (potential Trojans)
  • Finds out if the OS is advertising too much information
  • Performs simultaneous scans through the multithread scan engine
  • Provides NetBIOS hostname, currently logged username and MAC address
  • Provides a list of shares, users (detailed info), services, sessions, remote TOD (time of day) and registry information from remote computer (Windows)
  • SNMP device detection, SNMP Walk for inspecting network devices like routers, network printers and more
  • Offers alternative command line deployment tool
  • Identifies all installed Windows services.

Version 8 Update

At the time of this writing, the version 8 update (the version we tested) is currently in beta. Some of its interesting new features include:

  • Over 2000 new security checks added via new support for the Open Vulnerabilities Assessment Language (OVAL) security definitions
  • Patch management enhancements allow you to rollback Microsoft patches, as well as automatically download new Microsoft security patches as they are released
  • A new graphical threat level indicator designed to provide a weighted vulnerability assessment of the entire network; or, you can scan on a computer by computer basis.
  • Scanning engine is optimized for faster speed and lower footprint.

Overall, the software gives a superb benefit:cost ratio in the class of commercial vulnerability assessment and remediation tools. We appreciate the help from GFI in answering our questions, as well as allowing us to include some of their product information in our review.