Aside from being something of a "Swiss Army Knife" in its range of functionality, NSS is simply a great tool to learn and use. Here's a brief recitation of some of this program's most noteworthy capabilities:
- General network scanning of entire networks by IP address
- Report on each machine's service pack level, missing security patches, services and applications active, registry profiling
- Report on wireless access points active, open shares, open ports, weak passwords
- General patch and update management capabilities, plus network software deployment
In addition, GFi LANGuard can also perform the following tasks:
- Check for unused user accounts on client machines, identify all local user accounts and groups
- Audit both Linux and Windows computers for security vulnerabilities
- Reports on all shares include permission settings, drive root identification, anonymous access and startup folder identification (and optional blocking)
- Provides remediation advice for vulnerabilities and exposures discovered, with pointers to additional online information (KB
- articles, BugTraq IDs, CVE IDs, etc.)
- Profiles wireless access security, identifies all active wireless users
- Offers comparisons of previous to current scans to detect changes, including new shares, services, users, open ports and so forth
Beyond what the program can do, what it can tell you is perhaps even more valuable. GFi LANguard offers lots of reporting and filtering options to massage the data it gathers for delivery. Default filters permit easy identification of machines with high-risk vulnerabilities, or missing specific hotfixes, updates, or service packs. Scan results can be exported in XML format for further use (especially helpful for database import, or sophisticated text reporting tools). Admins can also employ scan profiles (pre-configured or custom-built) to look for open shares, perform security audits, check password policy compliance, and so forth.
In short, this is a great tool that offers well-designed capabilities that admins will find easy to deploy and use. The product also scales well (testimonials from companies like HP attest to its ability to handle 1,000-plus servers) and is extremely affordable (a license for 25 IP addresses costs $375, one for unlimited addresses costs $999 per management console). The free evaluation version automatically devolves into a limited-functionality freeware version if an evaluation key or license key isn't entered after 30 days. Check it out, and you'll probably end up putting one in your toolkit, too!
Ed Tittel is a full-time freelance writer, trainer, and consultant who specializes in matters related to information security, markup languages, and networking technologies. He's a regular contributor to numerous TechTarget Web sites, technology editor for Certification Magazine, and writes an e-mail newsletter for CramSession called "Must Know News."
This was first published in August 2005