نمایش نتایج: از شماره 1 تا 1 از مجموع 1

موضوع: SolutionBase: Watching your network with LANguard

  
  1. #1
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    SolutionBase: Watching your network with LANguard

    کد:
    http://articles.techrepublic.com.com/5100-10878_11-6166076.html
    Takeaway: Making sure your network is secure can be a daunting task. Here's how you can use LANguard Network Security Scanner to help get a handle on things.



    This article is also available as a TechRepublic download.


    Many tasks face a typical network administrator daily, from normal duties to -- in smaller shops -- user support. In situations like these, all the help an application can provide is welcome to relieve some of the daily work load of the administrator or support staff.
    Enter LANguard Network Security Scanner from GFI, a multi-purpose tool designed to view and fix vulnerabilities are on your network. This article will look at the product as a whole, discuss pricing and availability, and then dive into the remaining features.
    Note: During the installation process, you will be prompted to supply a domain administrator user account and password to assure that LANguard can properly access your network. You will also be asked to point LANguard at your e-mail server so notifications and alerts can be sent appropriately. For the purposes of this article, I will be running LANguard on a single Windows Vista PC, with local administrator credentials supplied.
    The LANguard Network Security Scanner

    The interface for LANguard Network Security Scanner (LNSS) displays a paned format with the list of tools on the left in an Explorer-style layout. The top pane shows the items being scanned with results; the bottom, the current progress. The default layout for a new installation of LNSS is shown in Figure A.
    Figure A

    The LNSS Console. When you configure LNSS to run scans of your environment, you are given the option to use the credentials of the currently Logged-On User, Alternative Credentials, a Null Session, or an SSH Private Key. In the toolbar at the top of the main window (shown in Figure B), you can choose the credentials you wish to use for the scan.
    Figure B

    The LNSS toolbar for scan credential assignment. If you select Alternative Credentials, the username and password boxes on the toolbar will open and allow you to enter that information. If the scan is run using an SSH Private Key, you will be able to provide a username and browse to the key file, which will allow the scan to run. You will only need to modify these options if your account does not have significant privileges to perform the scan.
    Notice, on the above toolbar, the new Scan and Save buttons. You can configure a particular scan to contain certain options, such as a missing patches scan, and save it for later use, avoiding the constant reconfiguration of the LNSS console.
    To begin a scan, you need to select the computers you wish to include in your scan, and then select a scanning profile to use. The scanning profiles included with LNSS are displayed first in the left pane; however, more can be created to include any options you choose. (I will look at one of the included profiles and create a new profile next). Selecting the PCs for the scan can be accomplished in many ways: You can use a text file containing a list of all of the PCs you wish to scan, scan an entire domain, use a range of IP addresses, or scan a single PC.
    Note: Once we have looked at a profile to use in performing scans, I will create a list of computers from right here in LNSS. Later, we will see that the scan to create the list can be filtered to meet more specific needs.
    To choose the profile you wish to use for your scan, select it in the Profile combo box on the Scan Settings toolbar, shown in Figure C.
    Figure C

    Scan targets and profiles are set here for the current scan. The scanning profile is the heart of the LNSS application. Without a chosen profile, which can get very complex or remain very simple, LNSS cannot perform much work.
    You can still perform many functions without scanning first, but the application will warn you that it cannot accomplish the selected task if this is attempted. It is always a good idea to scan the object you wish to work with ahead of time.
    The scanning profile for missing patches is selected in Figure D. The available scanning profiles are listed under the configuration section of the tools pane, which appears near the bottom of the list.
    Figure D

    Included scanning profiles. A scanning profile is a series of options that are evaluated on each system the scan is run against. Not all items are selected for every profile. If you wanted to create a profile and enable all options you certainly could, but scan times might make that impractical. Profiling allows you to create a scan based on specific criteria that you wish to evaluate.
    When you click on the profile in the list, the options for that profile fill the right pane. These options are segmented into the following sections, represented by a tab within the Options pane.

    • TCP Ports: Allows selection of the TCP ports you wish to evaluate.
    • UDP Ports: Allows selection of UDP ports to evaluate.
    • OS Data: Allows specification of which data on a computer's OS should be evaluated.
    • Vulnerabilities: Scans for known vulnerabilities on a system.
    • Patches: Scans for missing patches and security bulletins. LANguard can use its own database of patches or the list kept by a Windows Server Update Services server.
    • Scanner Options: Allows configuration of options for LNSS for this scanning profile.
    • Devices: Checks for network or USB devices.
    • Applications: Allows configuration of a scan to check for installed applications and security applications when a profile is run.

    As you can see, many options can be selected for each profile. Each of the tabs above -- except OS Data and Scanner Options -- can be enabled or disabled as a whole. When enabled, individual options can be set for that set of options. The tab for the missing patches is shown in Figure E.
    Figure E

    Patch scanning in LNSS. The Patches tab also allows configuration of the location to check patches against and the language of patches you wish to use when scanning. The default location is the GFI Web site and English, but the Options page is shown below in Figure F. To open the page, select the Change Language link on the Patches tab of the scanning profile.
    Figure F

    Configuring patch-scanning options. In the Program Updates properties dialog, you can change the language of the patches that are used, select which options LNSS should check for, and where the updates should be obtained from.
    If you have a Windows Server Update Services installation or SUS installation, you should consider using these services for your updates. The updates must be approved by an administrator before any downloading will occur. This option can be a nice feature, but is not required to use LNSS.
    To create your own scanning profile, right click the Scanning Profiles list item and select New | Profile. You will be asked to provide a name for your profile in a dialog similar to the one shown in Figure G.
    Figure G

    Adding a name for a new scanning profile. Once you have named the profile, press OK. Your element will be added to the list of available profiles. Now you need to configure its options by visiting each of the tabs described above. These are the same options as contained in each included profile. By default, all scanning options are turned on. This will make an edit necessary to limit the items being scanned and reduce scan time.
    The OS data tab can evaluate OS elements during a scan; this can help limit the results of the scan, or the number of computers that meet the conditions of the profile.
    On the OS Data tab, you will be able to retrieve information from Windows and Linux systems that are specific to the computer. Each of the items can have a Yes or No setting: Yes turns the option on; No, off. Figure H shows the default settings for OS Data.
    Figure H

    OS-specific options included in a scan. Each item on the OS Data tab will display a description of what the setting will do when enabled at the bottom of the tab when the item is selected.
    The other profile tab whose options cannot be disabled as a group is Scanner Options. This tab contains settings for LNSS which will apply to all scans run using this profile. You can turn off all of the settings in OS Data and most of the settings in scanner options, but this must be done on an individual basis, per setting.
    The Scanner Options tab, shown in Figure I, controls the method by which an environment is scanned. It will allow network discovery methods and options to be configured for each profile and allow all options for actually scanning an environment to change per profile.
    Figure I

    Scanning options can be configured for each profile. LNSS also allows the configuration of profiles for computers that will be scanned. This feature allows you to configure different credential and authentication methods for a computer one time and use them for each scan. This can be useful if you wish to use the same credentials for a particular computer, but they are not the currently logged-in user settings. It also allows each computer to have a different authentication method.
    The alerting options section under configuration allows you to provide mail server settings or modify the settings given during installation. To configure alerting options, right-click the list item and select Properties. The resulting dialog is shown in Figure J.
    Figure J

    Alerting options for Scans. The configuration section also includes three additional options:

    • Parameter files: The list of customizable parameter files used by LNSS.
    • Database maintenance options: Allows the database type and location to be changed as needed.
    • Scheduling options: Allows configuration of options to schedule scans.

    There are general options that can be configured for scheduled scans using the dialog box shown in Figure K. These options are set by right-clicking Scheduled Scans in the Configuration Tools list and selecting Properties.
    Figure K

    Options for specifying scheduled scan data control and notification options. The notification option set above can send a result comparison of the last two scans run with the same profile. This can be helpful if you schedule the same scan on a regular basis and want to determine what has changed. The report format can also be changed to HTML on the Notification tab (above left). The right tab (above) allows the results of scheduled scans to be saved as HTML or XML. This can speed up load time if you need to load a previous scan into LNSS at a later time.
    Scheduling scans in LNSS can save considerable time for support staff by eliminating the need to execute the scan and wait for it to process. You can schedule these items to happen overnight and e-mail you when complete.
    To schedule a scan for missing patches, complete the steps below. The scheduling process does not change depending on the profile used. Right-click Scheduled Scans and select New and Scan. You will then be presented with a dialog asking for the following information:

    • Targets: Select which computers to scan. Can be given as PC name or IP address, file containing a list of computers to scan, or a domain.
    • Scanning Profile: Select a profile for this scan.
    • Description: Enter a description of the scan.
    • Perform a scan: Enter often the scan will run.
    • Next scan: Enter when the next scan will run.

    Figure L shows the options for scheduling a new scan. You can also specify authentication credentials for the scheduled scan.
    Figure L

    The options for a new scheduled scan. Running a scan manually against a profile is as simple as clicking the New Scan button and selecting two things: the target of the scan and the profile to use when scanning it. The process is similar to that for a scheduled scan; however, it runs immediately rather than at a timed interval.
    Performing scans and filters

    When scanning with LNSS, there are multiple ways to provide the list of computers to scan. I prefer to use a text file with a list of computer names in it. You can generate this file using a domain-based scan and filters or enter the names of all of your PCs by hand into a text file. You can also perform scans against a range of IP addresses, by entering 192.x.x.x – 192.x.x.x into the targets box.
    To perform a domain scan, you would enter domainomainName into the targets box where DomainName is your domain name. This will scan all devices joined to that domain, providing a good starting point for your file containing the list of computers. To filter the list down to specific computers, you can use the filter capability. A good reason to use text files for target lists is to separate the workstations from the servers; that way, you can scan them separately if you are looking for specific information.
    There are many included filters that can be used to limit output results found by a scan. A list of these filters is shown in Figure M. I have selected the Missing Patches and Service Packs filter to dissect, as it is one that I use quite a bit in conjunction with Microsoft's Windows Update utility.
    Figure M

    Available Scanning filters. Filters are applied to scan results. To limit items with a scan filter you will need to have already completed a scan. If using a scheduled scan, you may need to load the scan data from the database or from an XML file. Once the scan data is available, you can run a filter against it. Filters, like profiles, can be created to meet your needs if those included are not sufficient.
    To review or modify the options in a particular filter, right-click the filter in the list and select Properties. This will open a dialog for that filter, as shown in Figure N.
    Figure N

    Filter Properties and condition properties. As you can see, the filter is defined by a series of options; any options can be added to any filter. For patches and service packs, the filter looks to see if a particular item exists. If this item is not found installed on the computer, it appears in the missing patches list when the scan is run. The items contained in a filter report are configured within the properties of the scanning filter on the Report Items tab. This tab, shown in Figure O for our selected scan, lists all of the options that can be displayed when a scan is run. Any report options can be displayed regardless of criteria the scan uses to run.
    Figure O

    Report items selected for this scan. Once the options and output items are configured as needed, press OK on the Advanced Properties window to return to the console. You shouldn't edit the included filters. It is best to create a new filter that is similar to the existing filter and customize that one as needed; that way, the included filter can be used as a baseline for creating and modifying filters.
    Filtering for a list, continued

    Now that we have looked at filters and know that they can be created to drill into the data retrieved by a scan, we can build a filter to check which computers in the last scan have an OS of Windows XP. This can be accomplished in the following steps (assume a scan of some type has been run):

    1. Right-click on Scan Filters and select New | Filter.
    2. Enter a name for the filter.
    3. Add conditions to the filter.
    4. Add reporting data to the filter.

    When creating a scan filter, you must include one element to report on. You cannot create the scan filter without it.
    Figure P

    Creating a filter to show computers with Windows XP as the OS. On the Reporting Items tab, a good item would be the NETBIOS name of the machine and its IP address; that way, you will have the list of computer names created for your list.
    On the General tab -- where you have already named your filter -- you need to add queries to the filter so it can provide the information you need. Press the Add button to add queries to a filter. You will then see another dialog box, as shown in Figure Q, which will walk you through the process.
    Figure Q

    Queries for filtering. Here I selected the OS as the condition and Windows XP as the value for the condition. Pressing Add will add this item to the filter.
    When you execute this filter against the previous scan, it will generate a list of all of the computers containing Windows XP as their OS.
    When the list has been generated in LNSS, you can right-click in the results pane and choose Export To File | Selected Computers. This will export the names of all of the checked computers to a text file. This text file can be used as a target list for future scans. The default save location for exported items is in the Reports directory under Program Files | GFI | LANguard Network Security Scanner 7.
    When you run a scan, LNSS displays several items in the right pane of the console. The top half of this pane displays the scanned items and the results of scanning those items with the current profile, as shown in Figure R.Since the tools section of LNSS is not completely scan-dependent, I will go through those items last.
    Figure R

    Information displayed during a scan. As each computer is scanned, it appears on the scanned computers list. When the scan completes, the computers icon in the list changes to the computer shown above and results be come available in the categories that were selected in an applied filter. During the scanning of each PC, the bottom portion of the main console pane displays current progress for all the computers being concurrently scanned. Each computer is scanned by an independent thread. LNSS can support 10 simultaneous threads but it is recommended to keep the maximum to five to improve performance. The progress pane is shown in Figures S and T.
    Figure S

    Figure T


    Scanning options complete


    We have made it through filters, profiles, and the general look and feel of the interface. In another article, I will go through the tools available in LNSS. These include patch deployment, whois, DNS, and traceroute, as well as a few others




    موضوعات مشابه:
    ویرایش توسط patris1 : 2010-02-20 در ساعت 01:38 AM

کلمات کلیدی در جستجوها:

network

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •