Transcript GFI LANguard Network Security Scanner

GFI LANguard Network
Security Scanner
1
Contents
Introduction
 Features
 Source & Installation
 Testing environment
 Results
 Conclusion

2
Introduction

Importance of Network security
 Internal
Security
 External Security

Purpose of GFI LANguard
 Enable
Network admins to perform
Security audit
 Remote system analysis

3
Features

Security Audit
 Results
in a verbose
manner
 Flexible scanning




Scan one computer
Scan range of computers
Scan list of computers
Domain specific scan
4
Features (Cont…)

System detection
 SNMP
, NETBIOS
queries , Ping Sweep

Configuring ports for
port scan
5
Features (Cont..)

Enumeration of entry points
 SNMP
holes
 CGI holes
 Open shares
 Rogue , Backdoor users
 Weak network passwords
6
Features (Cont…)

Alerts
 Well
known security problems are clearly
identified
 Intelligent scanning
 Listing of hot-fixes & service packs
7
Features (Contd..)
Remote Machine shutdown
 Exploitation of NetBIOS vulnerability
 Enabling auditing
 Sending spoofed messages
 Scheduling scans & automatic update of
scans
 Gathering information & displaying using
report generator

8
Features (Contd..)

Scripting Language:

LANS: LANguard Scripting language
 GFI LANguard contains its own scripting
editor
 Allows users to create custom script which will
be executed on the remote host as when
accessed
9
Features (Contd..)

Tools:
 SNMP
Walk
By performing SNMP
walk potential hackers
or malicious users will
get lot of information
about the system
10
Features (Contd..)

Tools (Contd..)
 Trace
 DNS
route
look up
11

Tools (Contd..)
 SNMP Audit
SNMP audit allows to
detect weak
community strings.
12

Tools (Contd..)
 MS-SQL Audit
13

Tools (Contd..)
 Enumerated
Computers
14
Source & Installation
Downloaded GFILANguard from
www.gfi.com
 Minimum requirements as set by vendor

 OS:
Win 2000/2003/XP
 IE 5.1 +
 Client for Microsoft networks be installed
 No personal firewall settings
15
Testing Environment

Setting options:
16
Testing Environment (Contd..)
17
Testing Environment (Contd..)
18
Results
Source IP address : 137.207.234.120
 CASE -1 :

 Destination
IP: 137.207.234.138
 Scan parameters: As specified earlier
19
20
Results (Contd..)

CASE –II : SunSolaris
21
Results (Contd..)

Script execution:
hostname = "agardel2" # my desktop
computer
 // name of the system from which the
script is running
 ip = dnslookup(hostname)
 // using the function dnslookup
 if ip <> ""
 echo("hostname: " + hostname)
 echo("resolved as: " + ip, _color_blue)
 # now backwards:)
 hostname = ReverseDnsLookup(ip)
 if hostname <> ""
 echo("back to: " + hostname,)
 end if
 else
 echo("unable to resolve " + hostname + " !", \
 _color_red)
 end if
22
Conclusion

GFI LANguard is a very good tool in
 detecting
and analysis of vulnerabilities
 User – defined Scripting language : LANS
 Verbose representation of Data
 Generating Reports
23
References

www.gfi.com
24