If you are have a lot of workstations in your office environment and want to keep each of them updated with the latest patches and also want to know their relative vulnerability status then you definatly want to have one tool which can automate all these tasks. GFI LANguard In retrospect I was pleasantly surprised to see how many features the software has in its arsenal. The following contains the core features, which I will cover in this review.
It has different scan profiles. It has a scanning wizard, which will assist you in selecting the type of the scanning you want to do according to your objectives. For example if you only want to know the patching status of your machines then you can select the Patching Status profile,If you want to know the vulnerabilities status then you can select Vulnerability Scanning profile and so on.
Wizard has various options like Vulnerability Scanning, Patching stauts, Network & software Auditing and Complete scan.
You can also create your own custom scanning profile to reduce the time. For that it will provide you various option like port numbers to be scanned (TCP/UDP), Vulnerability to be scan, Patches to be scanned etc.
1) Vulnerability Scanning: -
a) Port Scanning (TCP/UDP): -GFI NSS supports various scan types such as tcp/udp port scans, scanning for well known Trojan as well as service ports. You can also add custom ports for custom services. In addition, you can also remove or uncheck any ports, which you don’t want to scan.
b) OS details: -This is another excellent feature of this scanner. It can determine various details like domain, workgroup, users, disk drives, password policy etc. This functionality certainly helps you to find details efficiently.
c) Vulnerabilities/Potential Vulnerabilities:-LANguard also contains categories within its vulnerabilities database such as FTP, Rootkit, DNS, and Services. You can edit the vulnerability check to suit your particular needs. If you are an advanced user then you can also write your own vulnerability signatures, which makes it easy to create your own custom checks.
d) Installed and missing Patches: -If you want to query about installed or missing patches then you can also perform a scan for that output. LANguard will scan the patch level status of the system and then provide you a detailed report on what patches are present and what patches were missing on the target system.
e) Network Device/USB device Scans: -GFI NSS can scan the various network and USB devices attached to the target system. It can also scan for a list of installed applications and mounted network shares.
2) Scheduled Scanning:-If you want GFI NSS can scan your network automatically on a specific schedule. You will need to configure the frequency of the scans and the software will do the rest automatically.
3) Patching: -GFI NSS gives detailed information on the patching status of the scanned machine. It will detect which patches are applied to the machine and which patches are not. It will also provide a report based on the priority of the patches in question.
a) Patch Auto download: -This is another exceptional feature of this software. Once you have enabled the Patch Autodownload, it will automatically download the patches. You can also specify the number of threads it will use for patch download to accommodate your environment.
b) Deploying patches:-Once you have gathered all the information on patches like applied patches, missing patches, etc., you can deploy the patches remotely on any machine over the network. Simply provide the credentials to the target machine and you are done.
c) Deploying Custom software:-If you deploy custom software in your environment then you can use this feature. It only requires that you browse to the executable and select it. It will then deploy that software on the remote machine in question.
4) Reporting: -After the scan is complete this software will provide you a detailed report on it’s findings. It has various reporting filters like open ports, vulnerability, Missing Patched etc. But overall all such reports are for the network administrator point of view. Unfortunately it does not have any options like saving to PDF, Word etc. I think a enhancement on the reporting functionality would be to allow the generation of various reports such as executive, technical and highlight reports.
5)Other tools:-This software has other built in tools like SNMP walker,SQL Audit,Tracert etc. which can help you to effectively audit the network.
6)Conclusion : - This tool has many features which can Automate not only the scanning of your network and determining vulnerability and Patching status but this tool will also make deploying the patches over the network very easy.Besides all that It is a OVAL compliance tool which means that it follows the OVAL standards for vulnerabilities. SecGeeks rating of this product is 4/5 and we recommend this product.
You can get a Trial Copy of this product by clicking here.
-SecGeek
