AUTHOR: Paul Cunningham
REQUIREMENTS:
• Windows XP SP2 or Windows Server 2003 SP2 computer
• .NET Framework 2.0
• GFI LANguard
INTRODUCTION
A typical business network is made up of many computers each of which represents a potential security hole for the network. As networks grow the effort to manage these security risks grows as well. Although different vendors provide management tools specific to their products these do little to reduce the administrative burden of managing all of the different elements of the network.
GFI LANguard offers a single, centralized solution for IT administrators to scan the computers and servers on the network to detect and resolve security threats. GFI LANguard is available both as a licensed product for larger networks, and also as a free, full featured version for scanning up to 5 IP addresses.
INSTALLING GFI LANGUARD
In this demonstration I will walk through the installation of GFI LANguard on an administrator’s Windows XP desktop.
To install GFI LANguard download the free trial from http://www.gfi.com/lannetscan to the computer. Launch setup and step through the installation wizard. If your computer is missing the required .NET Framework 2.0 it will automatically be downloaded and installed by GFI LANguard setup.
SCANNING THE NETWORK FOR VULNERABILITIES
To scan the network for security vulnerabilities launch the GFI LANguard console and click on Full Scan on the start page.
You can choose to scan the local computer, a single remote computer, or the entire domain/workgroup. In this example I will scan the entire domain/workgroup. Click the Scan button to begin scanning the network.
When the scan has finished click on Analyze to see details of the vulnerabilities that were discovered.
Examine any of the scanned computers to see a summary and statistics of the vulnerabilities that were discovered.
Scroll to the bottom of the results and click Remediate to begin fixing the security vulnerabilities.
FIXING SECURITY VULNERABILITIES
A remediation task that you can perform is the deployment of missing Microsoft security patches. Select the computers that you wish to deploy patches to and then click the Start button to launch the deployment.
CUSTOMIZING GFI LANGUARD SETTINGS FOR AUTOMATIC REMEDIATION OF SECURITY VULNERABILITIES
While deploying patches in the previous task you may have noticed that the patch files needed to first be downloaded from Microsoft before they could be deployed to computers on the network. You may also have noticed that after the patches were deployed nothing else happened, such as the computers restarting. This is because of the default patch deployment settings in GFI LANguard.
GFI LANguard can be configured to perform scheduled scans and automatic remediation of missing security patches, including restarting computers to complete the installation of security updates. To achieve this we must first modify some of the default settings for GFI LANguard.
In the GFI LANguard console click the Configuration tab and navigate to Patch Auto-Deployment. Click on the link marked “To automatically approve patches and/or service packs click here”.
Tick the box to enable automatic approval of all patches. Service packs can also be auto-approved but many administrators prefer to manually approve service packs so as to better manage the deployment of such a significant update. Click OK when you are done.
Next we change the patch auto-download setting. Navigate to Patch Auto-Download and click the link to modify the settings.
Tick the box to enable patch auto-download. To save on disk space choose “Only needed patches” so that only those patches that a GFI LANguard scan has determined are needed for the network will be downloaded from the internet. Click OK when you are done.
The final step is to configure a scheduled scan. On the Network Audit tab of the GFI LANguard console click Set Up a Scheduled Scan. Choose a scan type appropriate for the network. In some environments it is more suitable to configure different scheduled scans for different subnets on the network. For smaller environments scanning the entire domain or workgroup at once is preferable.
Tick the box for each domain or workgroup that you wish to include in the scan, and click Next to continue.
Choose a recurrence for the scheduled scan, such as daily or every 4 hours, and click Next to continue. You can also choose to wait for offline machines to be connected to the network. This allows GFI LANguard to maintain a list of machines were not online and scan them as soon as they are back on the network.
Choose the scan profile that you want this scheduled scan to use. A Full Scan may be suitable for weekly scans whereas other more specific scans such as open firewall ports or missing security patches can be scheduled more frequently.
Specify any special credentials that are required for this scheduled scan. In this case the GFI LANguard service account used has administrative access to all Windows computers targeted by this scan and so it can be used as the credentials.
Configure auto-remediation settings by ticking the box to automatically download and deploy missing patches. Then click the link to configure auto-remediation options.
Change the “After deployment” settings to reboot the target machines, but to let logged in users decide when to reboot.
At the final step review your scan summary. You can also configure alerting options to automatically receive email reports for scheduled scans. Click Finish when you are done.
CONCLUSION
In this demonstration we looked at using GFI LANguard to proactively scan your computer network for vulnerabilities, and to automatically remediate those vulnerabilities by downloading and installing missing security patches. A free 30 day trial of GFI LANguard can be downloaded from http://www.gfi.com/lannetscan.
REQUIREMENTS:
• Windows XP SP2 or Windows Server 2003 SP2 computer
• .NET Framework 2.0
• GFI LANguard
INTRODUCTION
A typical business network is made up of many computers each of which represents a potential security hole for the network. As networks grow the effort to manage these security risks grows as well. Although different vendors provide management tools specific to their products these do little to reduce the administrative burden of managing all of the different elements of the network.
GFI LANguard offers a single, centralized solution for IT administrators to scan the computers and servers on the network to detect and resolve security threats. GFI LANguard is available both as a licensed product for larger networks, and also as a free, full featured version for scanning up to 5 IP addresses.
INSTALLING GFI LANGUARD
In this demonstration I will walk through the installation of GFI LANguard on an administrator’s Windows XP desktop.
To install GFI LANguard download the free trial from http://www.gfi.com/lannetscan to the computer. Launch setup and step through the installation wizard. If your computer is missing the required .NET Framework 2.0 it will automatically be downloaded and installed by GFI LANguard setup.
SCANNING THE NETWORK FOR VULNERABILITIES
To scan the network for security vulnerabilities launch the GFI LANguard console and click on Full Scan on the start page.
You can choose to scan the local computer, a single remote computer, or the entire domain/workgroup. In this example I will scan the entire domain/workgroup. Click the Scan button to begin scanning the network.
When the scan has finished click on Analyze to see details of the vulnerabilities that were discovered.
Examine any of the scanned computers to see a summary and statistics of the vulnerabilities that were discovered.
Scroll to the bottom of the results and click Remediate to begin fixing the security vulnerabilities.
FIXING SECURITY VULNERABILITIES
A remediation task that you can perform is the deployment of missing Microsoft security patches. Select the computers that you wish to deploy patches to and then click the Start button to launch the deployment.
CUSTOMIZING GFI LANGUARD SETTINGS FOR AUTOMATIC REMEDIATION OF SECURITY VULNERABILITIES
While deploying patches in the previous task you may have noticed that the patch files needed to first be downloaded from Microsoft before they could be deployed to computers on the network. You may also have noticed that after the patches were deployed nothing else happened, such as the computers restarting. This is because of the default patch deployment settings in GFI LANguard.
GFI LANguard can be configured to perform scheduled scans and automatic remediation of missing security patches, including restarting computers to complete the installation of security updates. To achieve this we must first modify some of the default settings for GFI LANguard.
In the GFI LANguard console click the Configuration tab and navigate to Patch Auto-Deployment. Click on the link marked “To automatically approve patches and/or service packs click here”.
Tick the box to enable automatic approval of all patches. Service packs can also be auto-approved but many administrators prefer to manually approve service packs so as to better manage the deployment of such a significant update. Click OK when you are done.
Next we change the patch auto-download setting. Navigate to Patch Auto-Download and click the link to modify the settings.
Tick the box to enable patch auto-download. To save on disk space choose “Only needed patches” so that only those patches that a GFI LANguard scan has determined are needed for the network will be downloaded from the internet. Click OK when you are done.
The final step is to configure a scheduled scan. On the Network Audit tab of the GFI LANguard console click Set Up a Scheduled Scan. Choose a scan type appropriate for the network. In some environments it is more suitable to configure different scheduled scans for different subnets on the network. For smaller environments scanning the entire domain or workgroup at once is preferable.
Tick the box for each domain or workgroup that you wish to include in the scan, and click Next to continue.
Choose a recurrence for the scheduled scan, such as daily or every 4 hours, and click Next to continue. You can also choose to wait for offline machines to be connected to the network. This allows GFI LANguard to maintain a list of machines were not online and scan them as soon as they are back on the network.
Choose the scan profile that you want this scheduled scan to use. A Full Scan may be suitable for weekly scans whereas other more specific scans such as open firewall ports or missing security patches can be scheduled more frequently.
Specify any special credentials that are required for this scheduled scan. In this case the GFI LANguard service account used has administrative access to all Windows computers targeted by this scan and so it can be used as the credentials.
Configure auto-remediation settings by ticking the box to automatically download and deploy missing patches. Then click the link to configure auto-remediation options.
Change the “After deployment” settings to reboot the target machines, but to let logged in users decide when to reboot.
At the final step review your scan summary. You can also configure alerting options to automatically receive email reports for scheduled scans. Click Finish when you are done.
CONCLUSION
In this demonstration we looked at using GFI LANguard to proactively scan your computer network for vulnerabilities, and to automatically remediate those vulnerabilities by downloading and installing missing security patches. A free 30 day trial of GFI LANguard can be downloaded from http://www.gfi.com/lannetscan.
0 comments:
Speak up your mind
Tell us what you're thinking... !
Note: only a member of this blog may post a comment.