GFI LanGuard - Virtual Security Consultant
One of the important tasks of ensuring information security is the identification of potential risks and “holes” in protection. You need to find and fix vulnerabilities before attackers can take advantage of them. For this purpose, and serve as security scanners. Security scanner or network vulnerability scanner - an automated solution for full port scanning, software update monitoring, and software and hardware verification. This is an application that scans the network and its devices to detect security weaknesses.
Scanners check used applications, look for “holes” that could be used by hackers, and warn the administrator about risk zones and security gaps. Their tasks are identification and analysis of vulnerabilities, inventory of resources, generation of reports containing a description of vulnerabilities and options for eliminating them. Of course, the functionality of different products varies significantly, but correctly using the network vulnerability scanner, which has proven itself in the market, can significantly enhance network security.
Such a tool is a necessary tool not only for companies owning unique databases, valuable archives or working with confidential information. They will be useful everywhere where information leakage is undesirable or even dangerous, there are databases of clients' personal data. This is one of the important elements of an enterprise information security system.
Tell you about one of these products - GFI LanGuard . This is a much more mature tool than many security scanners that have flooded the market, marked by a number of industry-specific awards, and is superior in functionality to many similar platforms.
')
Let's see how such a product can be useful to system administrators in small companies, and information security specialists in large organizations.
GFI Software's LanGuard is a network security scanner and software update management tool that builds a network map and performs risk analysis. GFI Software is one of the leaders in the information security market. The company has been operating since 1992 and during this time has earned a reputation as a reliable organization that produces professional products for solving a wide range of IT tasks.
This product solves several problems at once - works as a security scanner, serves for managing updates, auditing software and hardware. Moreover, it manages updates not only of the OS and Microsoft products, but also Microsoft’s excellent popular software - Acrobat Reader, Flash Player, Skype, etc. In addition, it is useful for companies that need to comply with the requirements of PCI DSS.
LanGuard installs on a single Windows PC and scans the local network, detecting all devices in it — servers, workstations, laptops, mobile gadgets, virtual machines, switches, routers, and printers — to check for security.
Vulnerability Scanner checks everything: from servers to network hardware, virtual machines and smartphones. This is done with or without software agents. In the first case, you can get more accurate and deeper results.
Combined with new cloud protection infrastructure tools like CloudPassage or IDM products such as ViewFinity, GFI LanGuard will become an essential tool in the arsenal of network security products.
GFI LanGuard Network Scan
Essentially, GFI LanGuard works as a virtual security consultant:
As a network security scanner, GFI LanGuard detects, identifies, and fixes network vulnerabilities. Full port scans, the availability of the necessary software updates to protect the network, as well as the audit of software and hardware - all this is possible from a single control panel.
An important feature is port scanning. Several scan profiles already created allow for a full scan of all ports, and quickly check only those that are commonly used by unwanted and malicious software. GFI LanGuard scans several nodes at once at the same time, significantly reducing the required time, and then compares the software found on busy ports with the expected one.
LanGuard can be used to deploy updates across the entire network.
This network vulnerability scanner has a very important difference from many competitors. It can automatically update the software. Until the latest updates are installed, the network nodes are completely unprotected, since it is the newest vulnerabilities that close current patches and updates that hackers use to penetrate.
In contrast to the tools built into the OS, GFI LanGuard will check not only the OS itself, but also the popular software whose vulnerabilities are commonly used for hacking: Adobe Acrobat / Reader, Flash Player, Skype, Outlook, browsers, instant messengers.
It is worth noting that after updating the data on vulnerabilities, the number of which in the GFI LanGuard database has already exceeded 50,000, the network scan starts automatically. Software vendors themselves, as well as proven SANS and OVAL lists, provide information about threats. This provides protection against the latest threats.
Application Inventory Result
To get the full picture, you need a network audit. LanGuard will prepare a detailed list of installed software and hardware on each of the computers, detect prohibited or missing programs, as well as unnecessary connected devices. The results of several scans can be compared to reveal changes.
The functions of the network security scanner apply to all popular operating systems for workstations and servers (Windows, MacOS, popular Linux and Unix distributions), as well as to smartphones based on iOS and Android. The security picture is complemented by VMware, Virtual PC, VirtualBox and other virtual machines.
LanGuard weighs about 300 MB, and you can receive the product activation key by email. A special utility step-by-step helps to complete the installation — in five minutes it will be possible to scan the network.
LanGuard main screen
The product's main screen displays the scan results — network vulnerability status and audit data, as well as tips on enhancing protection, for example, a recommendation to apply missing patches, remove unauthorized programs, enable anti-virus protection, etc. In addition, the software provides information on working with software agents , for example, recommends allowing them to be used to automate the audit of network security and load distribution during scanning on client PCs. And at the bottom of the screen there are links to product news.
LanGuard Web Console
After installing and running a scan in LanGuard, the search for vulnerabilities on local systems is automatically resolved. Detailed information shows the level of vulnerability, the main problems that need to be addressed, the state of the scan, the status of agents and the change in vulnerability over the observation period.
Network scan results are displayed in a readable format.
The product provides consolidated statistics of network vulnerability as a whole, shows the level of threats (shares of potential, high, medium and low security problems), the dynamics of changes in the security level and a list of the most unprotected systems in the network.
Additional features include checking DNS address compliance (DNS Lookup), network tracing (Traceroute), checking domain or IP address information, building a list of computers on the network and users in Active Directory.
If you click on one of the security sensors shown, a list of vulnerabilities will appear in order of their severity, with detailed information about each. These statuses can be changed, as well as the rules relating to the vulnerability.
Work with the product is facilitated by the availability of complete documentation and even a video tour . In addition, there is an informative knowledge base available online. For support, you can use the chat with GFI experts.
Setting Vulnerability Assessment Options
To start the initial remote scan, go to the scan page. Here you can set a scan group by specifying a range of IP addresses and clicking the “Scan” button. LanGuard shows the number of computers scanned and an approximate estimate of the scan time — this operation can take several hours.
Configure network scan profiles and software
In addition to detecting open ports, unsafe settings and software that is prohibited to install, LanGuard checks for updates and patches not only of the OS (desktop and mobile, physical and virtual), but also of the installed software. The results window displays the IP addresses of the systems, the name of the PC and the name / version of the OS. You can get more information on TCP and UDP ports, hardware and software, and system information.
Monitoring the status of patches
Each computer with Windows has corresponding sections with vulnerability assessment, network audit data and software. Vulnerabilities are divided by severity level - high, low, potential, missing Service Pack, no updates applied. Double clicking on the name of the application shows a new window with deeper information and a link to the update.
The LanGuard interface is well thought out and "polished". Windows and fields can be dragged and resized. The contents of almost any window can be copied to the clipboard. The windows show information about devices, reference information, the interface is intuitively understandable even to a not very sophisticated user, not to mention sysadmins.
The network security scanner can be configured to work offline, in which case it will run on a timer, and corrections allowed by the administrator will be executed automatically. No less thought out and reports.
After completing the scan, GFI LanGuard sends the user a full report with the characteristics of all vulnerabilities and instructions for eliminating them manually. You can immediately eliminate the gaps in the protection, correct the settings, update the software (including the installation of the missing elements), remove the prohibited programs.
The reports that GFI LanGuard builds are suitable for both technicians and company management.
The reports tab, along with general reports, contains reports that meet the requirements of regulators, such as reports on PCI DSS standards, HIPAA, etc. The report can be customized, printed, or sent by e-mail.
PCI DSS Compliance Report
Popular formats supported are PDF, HTML, XLS, XLSX, RTF, and CSV. You can add your own templates to the scheduler to already existing PCI DSS, HIPAA, SOX, GLB / GLBA and PSN CoCo reports.
Having received a detailed report on the scan results with a description of each vulnerability and links to additional literature, you can fix most threats with a single click on the “Remove” button: ports are closed, registry keys are fixed, patches are installed, software is updated, prohibited programs are removed, and missing programs are installed .
LanGuard does not accidentally occupy the top lines in the ratings of network scanners. The product provides a complete picture of what is happening on the network for quick response and effective troubleshooting as soon as possible. Along with the well-implemented traditional functions of the network scanner, it can automatically update outdated software and install updates and patches on different operating systems, and the price of GFI LanGuard will not be burdensome for a small organization. Finally, it is suitable for companies using virtual environments. GFI LANguard really allows you to get accurate information about network problems, which will allow the system administrator to take steps to improve its security.
Download the free fully functional version (demo, 30 days) here:
gfi-software.ru/downloads/gfi-languard
At the time of use, technical support is provided in Russian in accordance with the policy:
gfi-software.ru/support/policy
Post 2 - GFI Archiver: storage for mail >>
Post 3 - GFI MailEssentials: mail is protected >>
Scanners check used applications, look for “holes” that could be used by hackers, and warn the administrator about risk zones and security gaps. Their tasks are identification and analysis of vulnerabilities, inventory of resources, generation of reports containing a description of vulnerabilities and options for eliminating them. Of course, the functionality of different products varies significantly, but correctly using the network vulnerability scanner, which has proven itself in the market, can significantly enhance network security.
Such a tool is a necessary tool not only for companies owning unique databases, valuable archives or working with confidential information. They will be useful everywhere where information leakage is undesirable or even dangerous, there are databases of clients' personal data. This is one of the important elements of an enterprise information security system.
Tell you about one of these products - GFI LanGuard . This is a much more mature tool than many security scanners that have flooded the market, marked by a number of industry-specific awards, and is superior in functionality to many similar platforms.
')
Let's see how such a product can be useful to system administrators in small companies, and information security specialists in large organizations.
What is LanGuard?
GFI Software's LanGuard is a network security scanner and software update management tool that builds a network map and performs risk analysis. GFI Software is one of the leaders in the information security market. The company has been operating since 1992 and during this time has earned a reputation as a reliable organization that produces professional products for solving a wide range of IT tasks.
This product solves several problems at once - works as a security scanner, serves for managing updates, auditing software and hardware. Moreover, it manages updates not only of the OS and Microsoft products, but also Microsoft’s excellent popular software - Acrobat Reader, Flash Player, Skype, etc. In addition, it is useful for companies that need to comply with the requirements of PCI DSS.
LanGuard installs on a single Windows PC and scans the local network, detecting all devices in it — servers, workstations, laptops, mobile gadgets, virtual machines, switches, routers, and printers — to check for security.
Vulnerability Scanner checks everything: from servers to network hardware, virtual machines and smartphones. This is done with or without software agents. In the first case, you can get more accurate and deeper results.
Combined with new cloud protection infrastructure tools like CloudPassage or IDM products such as ViewFinity, GFI LanGuard will become an essential tool in the arsenal of network security products.
Essentially, GFI LanGuard works as a virtual security consultant:
- Manages updates for Windows, Mac OS and Linux.
- Detects vulnerabilities on computers and mobile devices.
- Conducts an audit of hardware and software.
As a network security scanner, GFI LanGuard detects, identifies, and fixes network vulnerabilities. Full port scans, the availability of the necessary software updates to protect the network, as well as the audit of software and hardware - all this is possible from a single control panel.
LanGuard features
An important feature is port scanning. Several scan profiles already created allow for a full scan of all ports, and quickly check only those that are commonly used by unwanted and malicious software. GFI LanGuard scans several nodes at once at the same time, significantly reducing the required time, and then compares the software found on busy ports with the expected one.
This network vulnerability scanner has a very important difference from many competitors. It can automatically update the software. Until the latest updates are installed, the network nodes are completely unprotected, since it is the newest vulnerabilities that close current patches and updates that hackers use to penetrate.
In contrast to the tools built into the OS, GFI LanGuard will check not only the OS itself, but also the popular software whose vulnerabilities are commonly used for hacking: Adobe Acrobat / Reader, Flash Player, Skype, Outlook, browsers, instant messengers.
It is worth noting that after updating the data on vulnerabilities, the number of which in the GFI LanGuard database has already exceeded 50,000, the network scan starts automatically. Software vendors themselves, as well as proven SANS and OVAL lists, provide information about threats. This provides protection against the latest threats.
To get the full picture, you need a network audit. LanGuard will prepare a detailed list of installed software and hardware on each of the computers, detect prohibited or missing programs, as well as unnecessary connected devices. The results of several scans can be compared to reveal changes.
The functions of the network security scanner apply to all popular operating systems for workstations and servers (Windows, MacOS, popular Linux and Unix distributions), as well as to smartphones based on iOS and Android. The security picture is complemented by VMware, Virtual PC, VirtualBox and other virtual machines.
Installing and running the product
LanGuard weighs about 300 MB, and you can receive the product activation key by email. A special utility step-by-step helps to complete the installation — in five minutes it will be possible to scan the network.
The product's main screen displays the scan results — network vulnerability status and audit data, as well as tips on enhancing protection, for example, a recommendation to apply missing patches, remove unauthorized programs, enable anti-virus protection, etc. In addition, the software provides information on working with software agents , for example, recommends allowing them to be used to automate the audit of network security and load distribution during scanning on client PCs. And at the bottom of the screen there are links to product news.
After installing and running a scan in LanGuard, the search for vulnerabilities on local systems is automatically resolved. Detailed information shows the level of vulnerability, the main problems that need to be addressed, the state of the scan, the status of agents and the change in vulnerability over the observation period.
The product provides consolidated statistics of network vulnerability as a whole, shows the level of threats (shares of potential, high, medium and low security problems), the dynamics of changes in the security level and a list of the most unprotected systems in the network.
Additional features include checking DNS address compliance (DNS Lookup), network tracing (Traceroute), checking domain or IP address information, building a list of computers on the network and users in Active Directory.
If you click on one of the security sensors shown, a list of vulnerabilities will appear in order of their severity, with detailed information about each. These statuses can be changed, as well as the rules relating to the vulnerability.
Work with LanGuard
Work with the product is facilitated by the availability of complete documentation and even a video tour . In addition, there is an informative knowledge base available online. For support, you can use the chat with GFI experts.
To start the initial remote scan, go to the scan page. Here you can set a scan group by specifying a range of IP addresses and clicking the “Scan” button. LanGuard shows the number of computers scanned and an approximate estimate of the scan time — this operation can take several hours.
In addition to detecting open ports, unsafe settings and software that is prohibited to install, LanGuard checks for updates and patches not only of the OS (desktop and mobile, physical and virtual), but also of the installed software. The results window displays the IP addresses of the systems, the name of the PC and the name / version of the OS. You can get more information on TCP and UDP ports, hardware and software, and system information.
Each computer with Windows has corresponding sections with vulnerability assessment, network audit data and software. Vulnerabilities are divided by severity level - high, low, potential, missing Service Pack, no updates applied. Double clicking on the name of the application shows a new window with deeper information and a link to the update.
The LanGuard interface is well thought out and "polished". Windows and fields can be dragged and resized. The contents of almost any window can be copied to the clipboard. The windows show information about devices, reference information, the interface is intuitively understandable even to a not very sophisticated user, not to mention sysadmins.
The network security scanner can be configured to work offline, in which case it will run on a timer, and corrections allowed by the administrator will be executed automatically. No less thought out and reports.
LanGuard Reports
After completing the scan, GFI LanGuard sends the user a full report with the characteristics of all vulnerabilities and instructions for eliminating them manually. You can immediately eliminate the gaps in the protection, correct the settings, update the software (including the installation of the missing elements), remove the prohibited programs.
The reports tab, along with general reports, contains reports that meet the requirements of regulators, such as reports on PCI DSS standards, HIPAA, etc. The report can be customized, printed, or sent by e-mail.
Popular formats supported are PDF, HTML, XLS, XLSX, RTF, and CSV. You can add your own templates to the scheduler to already existing PCI DSS, HIPAA, SOX, GLB / GLBA and PSN CoCo reports.
Having received a detailed report on the scan results with a description of each vulnerability and links to additional literature, you can fix most threats with a single click on the “Remove” button: ports are closed, registry keys are fixed, patches are installed, software is updated, prohibited programs are removed, and missing programs are installed .
findings
LanGuard does not accidentally occupy the top lines in the ratings of network scanners. The product provides a complete picture of what is happening on the network for quick response and effective troubleshooting as soon as possible. Along with the well-implemented traditional functions of the network scanner, it can automatically update outdated software and install updates and patches on different operating systems, and the price of GFI LanGuard will not be burdensome for a small organization. Finally, it is suitable for companies using virtual environments. GFI LANguard really allows you to get accurate information about network problems, which will allow the system administrator to take steps to improve its security.
Download the free fully functional version (demo, 30 days) here:
gfi-software.ru/downloads/gfi-languard
At the time of use, technical support is provided in Russian in accordance with the policy:
gfi-software.ru/support/policy
Post 2 - GFI Archiver: storage for mail >>
Post 3 - GFI MailEssentials: mail is protected >>
Source: https://habr.com/ru/post/304272/
All Articles