نمایش نتایج: از شماره 1 تا 1 از مجموع 1
سپاس ها 1سپاس

موضوع: SolutionBase: Get familiar with GFI LANguard's built in tool set

  
  1. #1
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    SolutionBase: Get familiar with GFI LANguard's built in tool set

    کد:
    http://articles.techrepublic.com.com/5100-10878_11-6170590.html
    Takeaway: GFI LANguard includes many tools to help you get control over your network. In this article, Derek Schauland shows you what they are and some of the flexible configuration settings you have.



    This article is also available as a TechRepublic download.


    GFI LANguard Network Security Scanner is a vulnerability scanner, aimed to tell you where problems may exist in your environment. The scanning features and filtering capabilities are amazing, and allow for a great deal of information to be collected right from your desk. Once the information is collected, you may need to act on it. This is where the tool set comes in.
    What tools are at my disposal?

    The available tools are as follows, and are found in the left pane of the application under the tools branch of the explorer tree, shown in Figure A.
    Figure A

    Additional tools available within LNSS. Some of the tools you'll find include:

    • Deploy Microsoft Updates: Allows deployment of MS updates.
    • Deploy Custom Software: Allows deployment of other applications, like Firefox.
    • DNS Lookup: Allows the resolution of host names on your network.
    • Traceroute: Displays the route information takes to arrive at a host.
    • Whois: An Internet whois engine.
    • Enumerate Computers: A utility to list all of the computers within a domain.
    • Enumerate Users: A utility to list all of the user accounts within a domain.
    • SNMP Audit: Identifies weak SNMP community strings for the specified host.
    • SNMP Walk: Probes your network to retrieve SNMP information.
    • SQL Server Audit: Performs dictionary based attacks on SQL accounts.

    Deploy Microsoft Updates

    By now, we have all seen Windows Update, which is a service to automate the installation of patches from Microsoft. Microsoft also has a free service called Windows Server Update Services which can help provide enterprise-wide updates completed in a timely fashion.
    WSUS is a great tool, but sometimes there isn't room in the server rack or the budget for another server to monitor Windows and office patches. That's where LNSS can help. By scanning for missing patches, you will be able to collect a list of items that need to be patched. One of the beautiful things about the Microsoft Update tool in LNSS is that it can be scheduled just like deployments using WSUS, but with a bit more control of when things might happen.
    As an example, let's scan a single PC for missing patches to see what might need to be updated. You would do so with the following procedure:

    1. Click on the Security Scanner node in the left pane of LNSS.
    2. Select a scan target. (For this example, I entered 127.0.0.1, so the scan is run on my computer.)
    3. Select the Missing Patches profile.

    Your screen should look similar to Figure B when all of these items have been set.
    Figure B

    Settings for a Missing Patch scan. Once the settings for the scan have been configured, press the Scan button to analyze the selected system. When the scan completes, you will see something similar to Figure C under the scanned computers pane.
    Figure C

    Scanned Items.
    When you select the vulnerabilities list item, the scan results for the item will appear in the right half of the center pane, showing what updates were found missing on the scanned computers. Scan results are shown in Figure D.
    Figure D

    Missing patches results. To invoke a patch deployment for these missing patches, right-click on the vulnerabilities list item on the left side of the screen or right-click on any of the patches found to be missing. Select Deploy Microsoft Updates, and then select On Selected Computers.
    Once you've chosen how you wish to deploy updates, the console screen will change to show the deployment options screen, as shown in Figure E below. When deploying Microsoft Updates, LNSS handles patches and service packs separately. For this reason, any service packs to be deployed will need to be scheduled separately from patches.
    Figure E

    Microsoft Update deployment. When this screen opens, the status of the selected update(s) will appear. If the update files are not downloaded yet, right-clicking them and choosing download will get the update from the Internet. While the file downloads, you can set other options for this deployment. Shown at the bottom of the screen is the option to schedule this deployment immediately or at a specific date and time.
    Only use deploy immediately if you are sure that your update will not require a restart.
    You can use the Deploy On box (shown in Figure F) to ensure updates happen after hours or on weekends. LNSS will install and start a service to handle the update on the selected client machines that is removed after the job(s) complete.
    Figure F

    Choose when to deploy updates. Before pressing the Start button, there is another panel of options that can be set, but is not required. In the right most panel of the LNSS console when on the deployment screen is the options panel. The General page is shown in Figure G below.
    Figure G

    The General tab contains optional elements. Here you can tell LNSS if the user should be warned before deployment. Typically, I will uncheck this box to save un-needed inquiry, or to save time if I'm running the update after hours.
    You can also stop selected services before deployment. For example, if you are deploying a SQL server patch and need to stop the MSSQLSERVER service, this feature may be handy.
    Another thing you can do is force a reboot and select computers which meet certain filtering requirements. Perhaps you only want to push an update out to computers running Windows 95. All of these optional items can be configured in the Options panel.
    The Advanced tab will allow you to change the timeout period for a deployment and specify alternate credentials, in case you aren't logged on as an administrator and need to be. You can also set the number of threads for LNSS to use during a deployment. GFI recommends no more than five threads, which is the default.
    On the Download Directory tab, you can specify a directory for downloaded patches, and if you want LNSS to work with a WSUS server.
    Once you have all of the options for your deployment configured, press the Start button. If the deployment is scheduled immediately, you will see activity in the console window. If it is scheduled for a later time, the schedule will be prepared and executed by the LNSS monitor.
    DNS lookup

    LNSS provides a tool to retrieve DNS information about the PCs within your organization. Windows also provides tools to make this happen, but the easy interface makes LNSS' tool well worth it. The DNS lookup tool runs within the main portion of the LNSS window. Figure H shows the host name input box.
    Figure H

    Enter a host name or IP address in this box. When you press Retrieve, LNSS will fetch the DNS information for the host you entered. Figure I shows the available options you can set for the DNS retrieval.
    Figure I

    LNSS will automatically retrieve DNS Info. The default options are shown in Figure I. This will retrieve only the general information about the PC: if a host name is entered the IP will be returned; likewise, if an IP address is entered, an IP address will be returned.
    If you select Host Information, hardware and domain OS information can be returned if they are available. You can retrieve available DNS aliases by checking the aliases box and NS Records as needed. To specify alternate DNS name servers to query for information add them to the list shown at the bottom of Figure I. By default, the DNS server for the local domain will be used. The result set generated for a default basic query, is shown in the center area of the middle pane. The DNS Lookup for 127.0.0.1 is shown in Figure J.
    Figure J

    DNS Lookup information for a local loopback address. Trace Route

    This tool counts the hops between the requesting PC and the host PC. LANguard incorporates this tool into its GUI interface. With the Trace Route tool, when you enter a host or IP address into the input box (Figure K) the result set will display the number of hops that the data takes to get to the host.
    Figure K

    Enter the IP address you want to trace here. The options for trace route, shown in Figure L, allow the following items:

    • Do not resolve IP addresses: will not return the IP addresses of the hops in the trace.
    • Repeat trace every n seconds (defaulting to 30): repeat the current trace until stopped.

    Figure L

    You can specify trace route options. You can also configure the response settings for a trace route. The response options are as follows:

    • Return Timeout After: Allows you to configure the time LNSS will wait for a response.
    • Timeout Steps Before Stop: The number of hops the trace will take before it stops.
    • Slow Response Icon After: Displays an icon after a number of milliseconds.
    • Very Slow Response Icon: Displays a different icon after a longer delay.

    When a trace is run, a text response similar to that of the DNS lookup tool will be displayed.
    whois

    Many domain registrars (or other Web sites) can provide information about a domains owner and other technical details. LANguard includes a tool to assist you in doing just that. The input box, shown in Figure M, accepts IP addresses, domain names, or host names. The output is similar to the output of many Web services providing whois.
    Figure M

    You can perform a whois from LNSS. Using the LNSS whois tool allows for options to be set within the GUI. The Options screen, shown in Figure N, lists the available settings.
    Figure N

    You can specify whois special settings. You can specify a whois server to use for the query or let LNSS choose one for you. The list of servers provided in options can be edited as needed.
    Enumerate computers

    This tool will create a list of all of the computers within a specified workgroup or domain. This can be useful if many changes have occurred in your environment or you want to create a new list to account for all of the PCs on your domain.
    This tool is helpful for separating workstations and server PCs into lists for future scanning. That way you can schedule your workstation scans nightly and your server scans on Saturdays. To use it, enter or select the domain name you wish to create the list for and press Retrieve. LNSS will scan the specified domain and display a list of PCs.
    For example, if you wanted to create a list of all of the Windows XP computers on your domain, you would configure the options for the scan, as shown below in Figure O, and run the scan against your domain.
    Figure O

    You can scan for computers that meet certain criteria. You can limit your lists to computers containing any one of the options above or multiple selections. By default, each computer's Windows Explorer interface is used to generate the information provided in an enumeration. You can change this to retrieve the information from Active Directory, if you are using an Active Directory domain.
    By using information from Active Directory, you can add extra information published within the directory to the enumeration. The panel for changing this setting is shown in Figure P.
    Figure P

    Here's where you tell LNSS to pull information from Active Directory. The additional information provided by the Active Directory functionality can be useful in locating devices other than computers that are published within Active Directory.
    Enumerate users

    Similarly to enumeration of computers in your environment, you can also use LNSS to enumerate users. This might prove extremely useful in ensuring accounts that are no longer needed get disabled or deleted in a timely fashion.
    To create a user list using LNSS, you will select the domain from which you want to list users. Once you have the domain selected, you can indicate the following options for the scan:

    • Enumerate All Users: Lists all user account types in your domain.
    • Enumerate Users: Lists only user accounts.
    • Enumerate Contacts: Lists only contact accounts.

    You can also configure LNSS to highlight locked or disabled accounts, making them easier to locate in the list. The panel for user enumeration is shown in Figure Q.
    Figure Q

    You can also scan for user information. If there's one drawback to this tool, it's that this tool does not work with work group environments, so a domain will be required.
    SNMP audit

    You can use LNSS to monitor devices on your network for SNMP problems and use resulting information to help manage your environment. The tool will look for weak community strings on any host you provide.
    Enter the IP address of the host you wish to scan and press Retrieve. Information will be returned as it is found in the bottom center pane of the LNSS console. Options available for the LNSS SNMP tool are few. About all you can do is specify an SNMP dictionary file that should be used when this type of scan is performed.
    SNMP walk

    This tool can be used to look for specific information within your environment. You can run the scan against a host IP address, and the tool will return the OID for the host and other relevant information that it finds.
    By default, this scan will use public community strings when scanning, as shown in Figure R. These options can be configured by the user.
    Figure R

    You can set custom community strings for SNMP walks here. SQL Server Audit

    The SQL Server Audit tool uses dictionary-style attacks to check the validity of SQL passwords within your environment. A handy tool if there are multiple SQL administrators in your environment adding logins to find out which IDs have weak or blank passwords.
    The tool works by guessing the password for the selected account. If the account password cannot be guessed, the testing stops.
    You can run the tool against one specific account or against all accounts. Using this against all accounts requires a login for the SQL server so a list of accounts contained there can be generated. Once the options are set, select the SQL Server to audit from the input box at the top of the screen and click Audit. Results will be displayed in the center column of the LNSS console.
    The account specification and dictionary file options are shown in Figure S below. The dictionary file contains the list of passwords to be checked. This file can be customized to contain additional passwords that the audit tool should look for when testing logins.
    Figure S

    The account specification and dictionary file options for a SQL Server Audit.




    موضوعات مشابه:
    ویرایش توسط patris1 : 2010-02-20 در ساعت 01:48 AM
    Mr_Pich سپاسگزاری کرده است.

کلمات کلیدی در جستجوها:

هیچ کلمه ای ثبت نشده است.

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •