• All Files
Settings  >  Profile Editor  >  Configuring Network & Software Audit options

Configuring Network & Software Audit options

The scanning profiles that ship with GFI LanGuard are already pre–configured to run a number of network and software audit checks on selected target. You can however disable scanning as well as customize the list of network and software audits executed during a scan.

ClosedConfiguring TCP/UDP port scanning options

Scanning Profiles properties: TCP Ports tab options

Option Description
Enabling/disabling TCP Port scanning

To enable TCP Port Scanning in a particular scanning profile:

1. From the Network & Security Audit Options tab, click TCP Ports sub–tab.

2. Select the scanning profile that you wish to customize from the left pane under Profiles.

3. Select Enable TCP Port Scanning option.

Configuring the list of TCP portsAcronym for Transmitting Control Protocol. This protocol is developed to allow applications to transmit and receive data over the internet using the well-known computer ports. to be scanned

To configure which TCP ports will be processed by a scanning profile:

1. From Network & Security Audit Options tab, click TCP Ports sub–tab.

2. Select scanning profile to customize from the left pane under Profiles.

3. Select TCP ports to analyze with this scanning profile.

Customizing the list TCP ports

1. From the Network & Security Audit Options tab, click TCP Ports sub–tab.

2. Select the scanning profile that you wish to customize from the left pane under Profiles.

3. Customize the list of TCP Ports through Add, Edit or Remove.

NOTE

The list of supported TCP/UDP Ports is common for all profiles. Deleting a port from the list will make it unavailable for all scanning profiles

ClosedConfiguring System Information options

Scanning Profiles properties: System Information tab options

To specify what System Information is enumerated by a particular scanning profile:

1. From the Network & Security Audit Options tab, click System Information sub–tab.

2. Select the scanning profile that you wish to customize from the left pane under Profiles.

3. From the right pane, expand the Windows System Information group or LinuxAn open source operating system that is part of the Unix operating system family. System Information group accordingly.

4. Select which Windows/Linux OS information is retrieved by the security scanner from scanned targets.

For example, to enumerate administrative shares in scan results, expand the Enumerate shares option and set the Display admin shares option to ‘Yes’.

ClosedConfiguring Device scanning options

Use the Devices tab to enumerate network devices. Together with device enumeration, you can further configure GFI LanGuard to generate high security vulnerability alerts whenever a USB or Network device is detected.

This is achieved by compiling a list of unauthorized/blacklisted Network and USB devices that you want to be alerted.

The network devices configuration page

GFI LanGuard can also exclude from the scanning process specific USB devices that you consider safe. Such devices can be a USB mouse or keyboard. This is achieved through a safe/white list of USB devices to ignored during scanning.

Similarly you can create a separate scanning profile that enumerates only BluetoothAn open wireless communication and interfacing protocol that enables exchange of data between devices. dongles and wireless NIC cards connected to your target computers. In this case however, you must specify ‘Bluetooth’ and ‘Wireless’ or ‘WiFi’ in the unauthorized network and USB lists of your scanning profile.

All the device scanning configuration options are accessible through the two sub–tabs contained in the devices configuration page. These are the Network Devices tab and the USB Devices tab.

Use the Network Devices sub–tab to configure the attached network devices scanning options and blacklisted (unauthorized)/white–listed (safe) devices lists.

Use the USB Devices sub–tab to configure the attached USB devices scanning options and unauthorized/safe devices lists.

Option Description
Enabling/disabling checks for all installed network devices

To enable network device (including USB device) scanning in a particular scanning profile:

1. From the Network & Security Audit Options tab, click Devices sub–tab.

2. Click Network Devices tab.

3. Select the scanning profile to customize from the left pane under Profiles.

4. From the right pane, select Enable scanning for hardware devices on target computer(s).

NOTE

Network device scanning is configurable on a scan profile by scan profile basis. Make sure to enable network device scanning in all profiles where this is required.

Compiling a network device blacklist/white–list

To compile a network device blacklist/white–list for a scanning profile:

1. From the Network & Security Audit Options tab, click Devices sub–tab.

2. Click Network Devices tab.

3. Select the scanning profile to customize from the left pane under Profiles.

4. In the right pane: to create a network device blacklist, specify which devices you want to classify as high security vulnerabilities in the space provided under Create a high security vulnerability for network devices which name contains.

For example, if you enter the word ‘wireless’ you will be notified through a high security vulnerability alert when a device whose name contains the word ‘wireless’ is detected. To create a network device white–list, specify which devices you want to ignore during network vulnerability scanning in the space provided under Ignore (Do not list/save to db) devices which name contains.

NOTE

Only include one network device name per line.

Configuring advanced network device scanning options

From the Network Devices tab, you can also specify the type of network devices checked by this scanning profile and reported in the scan results. These include ‘wired network devices’, ‘wireless network devices’, ‘software enumerated network devices’ and ‘virtual network devices’. To specify which network devices to enumerate in the scan results:

1. From the Network & Security Audit Options tab, click Devices sub–tab.

2. Click on the Network Devices tab (opens by default).

3. Select the scanning profile that you wish to customize from the left pane under Profiles.

4. Click Advanced at the bottom of the page.

5. Set the required options to Yes. Click OK to finalize your settings.

Scanning for USB devices

To compile a list of unauthorized/unsafe USB devices:

1. From the Network & Security Audit Options tab, click the Devices sub–tab.

2. Click USB Devices tab.

3. Select the scanning profile that you wish to customize from the left pane under Profiles.

4. In the right pane. specify which devices you want to classify as high security vulnerabilities in the space provided under Create high security vulnerability for USB devices which name contains:.

For example, if you enter the word ‘iPod’, you will be notified through a high security vulnerability alert when a USB device whose name contains the word ‘iPod’ is detected.

To create a USB device white–list, specify which USB devices you want to ignore during network vulnerability scanning in the space provided under Ignore (Do not list/save to db) devices which name contains.

NOTE

Only include one USB device name per line.

ClosedConfiguring Applications scanning options

The Applications tab enables you to specify which applications will trigger an alert during a scan.

The applications configuration page

Through this tab, you can also configure GFI LanGuard to detect and report unauthorized software installed on scanned targets and to generate high security vulnerability alerts whenever such software is detected.

Option Description
Scanning installed applications

By default,GFI LanGuard also supports integration with particular security applications. These include various antivirus and antispyware software.

During security scanning, GFI LanGuard checks the correct configuration of virus scanner(s) or antispyware software and that the respective definition files are up to date.

Application scanning is configurable on a scan profile by scan profile basis and all the configuration options are accessible through the two sub–tabs contained in the Applications tab. These are the Unauthorized Applications sub–tab and the Advanced Options sub–tab.

Enabling/disabling checks for installed applications

To enable installed applications scanning in a particular scanning profile:

1. From the Network & Security Audit Options tab, click on the Applications sub–tab.

2. Click on the Unauthorized Applications sub–tab.

3. Select the scanning profile that you wish to customize from the left pane under Profiles.

4. Select the Enable scanning for installed applications on target computer(s) checkbox.

NOTE

Installed applications scanning are configurable on a scan profile by scan profile basis. Make sure to enable installed applications scanning in all profiles where this is required.

Compiling installed applications blacklist/white–list

To compile installed applications blacklist/white–list:

1. From the Network & Security Audit Options tab, click Applications sub–tab.

2. Select Unauthorized Applications sub–tab.

3. Select the scanning profile to customize from the left pane under Profiles.

4. From the right pane, select Enable scanning for installed applications on target computer(s) checkbox.

5. Specify the applications that are authorized for installation. Select from:

  • Only the applications in the list below - Specify names of applications that are authorized for installation. These applications will be ignored during a security scan
  • All applications except the ones in the list below - Specify the names of the applications that are unauthorized for installation. Applications not in this list will be ignored during a security scan.

6. In the Ignore (Do not list/save to db) applications from the list below options key in applications by clicking Add. Any application listed is white–listed.

NOTE

Include only one application name per line.

Advanced application scanning options

GFI LanGuard ships with a default list of antivirus and antispyware applications that can be checked during security scanning.

The Advanced Options tab enables you to configure when GFI LanGuard will generate high security vulnerability alerts if it detects certain configurations of a security application.

Alerts are generated when:
Enabling/disabling checks for security applications

To enable checks for installed security applications in a particular scanning profile:

1. From the Network & Security Audit Options tab, click on the Applications sub–tab.

2. Click on the Advanced Options tab.

3. Select the scanning profile that you wish to customize from the left pane under Profiles.

4. Select Enable scanning for installed applications on target computer(s) checkbox.

5. (Agent–less scans) Select Enable full security applications audit for agent–less scans checkbox.

NOTE

1. Agent–less scans temporarily runs a small service on the remote computers in order to retrieve the relevant information.

2. Security applications scanning are configurable on a scan profile by scan profile basis. Make sure to enable security applications scanning in all profiles where this is required.

3. The number of supported security applications is constantly updated. Click the link available in order to get the latest version of the list. Configuring security applications – advanced options.

To configure alerting triggers for installed security applications in a particular scanning profile:

1. From Network & Security Audit Options tab, click Applications sub–tab.

2. Click Advanced Options tab.

3. Select the scanning profile that you wish to customize from the left pane under Profiles.

4. Select Enable scanning for installed applications on target computer(s) checkbox.

5. (Agent–less scans) Select Enable full security applications audit for agent–less scans checkbox.

6. From the bottom–right pane, select the trigger you want to configure and choose between Yes or No from the drop down menu next to the respective alert trigger.

NOTE

Security applications scanning are configurable on a scan profile by scan profile basis. Make sure to enable security applications scanning in all profiles where this is required.

Try now, for FREE!

Related Topics

GFI LanGuard Help System v12.5
Copyright © GFI Software 2020
Free Trial