Thursday, November 30, 2006

GFI LANguard Network Security Scanner 3.3

GFI LANguard Network Security Scanner 3.3 covers the basics of vulnerability scanning well, though it lacks some of the advanced capabilities found in more enterprise-focused products such as eEye's Retina Network Security Scanner and NetIQ's Security Analyzer 5.0. LANguard cannot take the in-depth look at CGI scripting that Retina can or scan some types of network hardware, such as routers. But it's also much less expensive than the products from eEye and NetIQ.

To perform a basic scan of your network, you simply enter an IP address or range and press Start. LANguard gives you many types of predefined security scan profiles. For example, you can scan using only ICMP for discovery, scan all available ports, or scan for open shares or missing patches. You can also define and save your own security scan profiles.

Without administrative privileges in a Windows domain, you can determine computer names, MAC addresses, open ports, operating system versions, and SNMP information, all reported in a tree structure of results sorted by IP address. With domain administrative privileges, you can determine significantly more information about each system, such as shares, user accounts, services, password policies, registry information, and installed patches. Your scan can also include testing for CGI abuses as well as FTP, DNS, mail, service, and registry vulnerabilities. The results are grouped by category and include either a recommendation for remediation or a BugTraq, CVE, or Microsoft Security Bulletin reference.

Within the report generator you can create and save custom reports to meet your individual security needs. For example, you can generate a report of all systems that have either TCP port 80 (Web) or port 21 (FTP) open. As with Retina and SAINT 5, an included utility lets you compare two reports for new, removed, or changed items, as well as alert and hot-fix changes.

LANguard is also marketed as a patch management and deployment solution. During a scan of a Windows network, LANguard determines which patches have been installed on your systems and which are missing, based on GFI's coordination with Microsoft. It deploys hot fixes as well as service packs.