Having worked for years with open source security scanners, I've seen the strengths and weaknesses of open source software and therefore I was pretty excited to test the new GFI LANguard N.S.S. 8 Network Security Scanner and Patch Management tool.
The installation was a breeze and after a few mouse clicks the product was up & running. At the hart of the system lies the GFI Languard NSS Monitor which runs as a service. During the installation, you can specify which account should the service run as. The Languard NSS Monitor takes care of all recurrent tasks such as scheduled reporting, product updates and patch download.
GFI has designed this product with the security administrator in mind by incorporating useful features required by the day-to-day security activities. The Status Monitor runs in the tray bar and provides quick access to the scanner itself and it also allows the user to quickly check the health status of the scanned systems
I continued my test by actually running a few scans.
The first thing when starting a new scan is the option to choose which template you want for your scan. GFI LANguard is more than a vulnerability scanner and this reflects in the options displayed in the New Scan wizard :
- Vulnerability Scanning
- Patching Status
- Network & Software Auditing
- Complete / Combination Scans
The Vulnerability Scanning options opens a new wizard window which permits the selection of a scan profile. Out of the box the product supports more than 15,000 checks which it’s quite a lot to run on every scan and therefore it’s great that you can define custom scan profiles. You can always start with one of the profiles that the product ships with and refine them later. The default profiles include:
- Top SANS 20 Vulnerabilities
- Hig Security Vulnerabilities
- Last Year Vulnerabilities
- Only Web
- Trojan Ports
- Only SNMP
- Portable Storage Scan
In addition to creating your own profile, you can even define new checks . There is a wizard which guides you trough all the steps required to add a new security check. So you can have your own 15,001st new vulnerability check the way you want it.
I chose to scan the laptop test machine using All Vulnerabilities profile .
The scan completed very fast (55 seconds) and the results were quickly displayed in an ordered tree-like structure. The grouping is done upon severity : High / Medium / Low and on vulnerability category : Mail / Services / Software / etc.
The test machine was a freshly installed WinXP SP2 with only a few patches applied and, as expected there were a lot of vulnerabilities : 61 :)
I liked the fact that GFI LANguard supports multiple vulnerability reference systems such as : OVAL, CVE , MS Security BID, SecurityFocus BID and Top 20 SANS Report
Because all the scans are stored in a database (alternatively, during install you can choose to have a local MS Access storage) you can easily open a past scan and examine the findings. One notable feature about reporting is the ability to produce so called “Comparison Reports” a form of delta report which compares 2 scans and presents the differences between them.
For advanced reporting GFI provides a separate tool called : GFI ReportCenter . This tool offers a lot of ready made reports such as :
- Network Vulnerability Summary
- Network Vulnerability Trend
- Vulnerability Distribution by host
- Vulnerability Distribution by Operating Systems
- Security Scans History
- Vulnerability Listing by Category
- Vulnerability Listing by Host
- Vulnerability Listing by Product
- Vulnerability Listing by Severity
- Open Trojan Ports by Host
- Top SANS Vulnerabilities Status
- Vulnerable Hosts based on Vulnerability Level
- Vulnerable Hosts based on Open Ports
- Open Trojan Ports
In addition to the above Vulnerability Scanning reports, GFI ReportCenter offers many other reports for Patch Management, System Information and Results Comparison.
GFI LANguard is definitely more than a security scanner. The product is able to remotely deploy and track Microsoft software patches and also it can remotely install custom applications. It’s nice that you can interact with the remote machine by sending a message prior to software deployment, and you can set the deployment to wait upon user’s acceptance. I bet this saves a lot of service desk support calls.
The patches can be auto-downloaded either directly from Microsoft or you could use an existing WSUS server from your network.
In my opinion, GFI LANguard is a great example of a tool developed to be used everyday by all the security staff. It fits perfectly in the PLAN – DO – CHECK – ACT security framework.
- Based on the vulnerability and patch analysis trends you can PLAN better security controls and procedures.
- The asset discovery & inventory features of GFI LANguard helps you DO - implement the security controls efficiently.
- CHECK the effectiveness of the security controls in place using the flexible vulnerability scanning module
- ACT by deploying the necessary software patches and upgrades – all with one click .
This concludes my review of GFI LANguard N.S.S. 8 . There are a lot of features that were not included in this review and I suggest you to discover them by actually using the product . You can download it for free.
This review was sponsored by GFI.