GFI, in the variety of products that they offer, is always looking to provide some interesting security tools to facilitate our jobs as IT professionals. One of the most complete security platforms available is GFI LANGuard, which provides detailed network auditing options and security scanning for your organization.

With no large or complex requirements, GFI LANGuard gives us some nice features:

• Powerful network scanning options without the need of agents to deployments.
• Reviews and controls vulnerabilities, updates/service packs status (for operating systems and applications), TCP and UDP ports open, and hardware and software inventory.
• Remediation options for deploying updates and service packs, deploy applications and the possibility for removing unauthorized software from machines.
• Detect and deploy non-Microsoft software to protect the entire operating system.

GFI LANGuard Requirements

The requirements for installing GFI LANGuard for a mid-size company (10 to 500 computers to scan) are:

Hardware

• Processor: 2GHz
• Storage: 2GB.
• Memory: 2GB.

Software

• Operating System: Windows XP SP2 or higher. Including Vista, 7, Windows Server 2003 and Windows Server 2008.
• Supported databases: Microsoft Access (installed locally by default) and SQL Server 2000 or higher (SQL Server Express is supported). If you have a large environment, is highly recommended to use a SQL Server instance instead of the Microsoft Access.
• .NET Framework 2.0
• For target clients, WMI is required for Windows operating systems (available in Windows 2000 or higher) and SSH for UNIX/Linux machines.

Note: Windows 2000 SP4 is also supported but since this operating system is no longer supported by Microsoft, using it is not recommended.

Installation

As any other GFI product, the installation is a straightforward process.

1. Download the GFI LANGuard trial.

2. Run the installer and complete the wizard.

3. The only thing you should have available at this point is the account which you would like to use to execute operations on target machines. This account must have administrative privileges in the domain.

Scanning the Network

Once the software is installed, using it is pretty much intuitive. Let’s take a quick look about the scanning process:

1. Open GFI LANGuard console.

2. Select the type of scan you would like to use:

• Quick scan: Looks for high security vulnerabilities in OS. This can be changed according to the profile we choose.
• Full scan: Looks for all type of vulnerabilities.
• Custom scan: We can change the profile, credentials and other options used in the scan.
• Schedule scan: Schedule scans can set the time where the scans will be executed in a determined time period. Also you can select options for: Automatically deploy updates or un-install software; trigger e-mail notifications; etc.

3. A short two step wizard will show where you can select the scope of the scan: local computer, specific computer or the entire domain.

4. Select an alternative credentials for this scan and click on “Scan”.

5. Once the scan is completed, we can take a quick glance about the status of all machines by selecting “Analyze”.

6. Here we can evaluate the vulnerabilities, system patching status, ports open, hardware, software, etc.

Once we have the computers analyzed, we can easily switch to the “Remediate” console where in easy steps we can deploy missing patches, un-install software, etc.

Updates Deployment

With the scan process completed, we finally get to the fun part, the remediation process. Here we can execute tons of actions to solve the problems we found in the auditing process. One of the actions we would like to execute is definitely the updates deployment.

GFI LANGuard offers the possibility to deploy windows operating system updates, patches and service packs; and also 3^rd party software updates.

Let’s take a look at the process:

1. Access the “Remediate” console in GFI LANGuard.

2. For the Microsoft patches, select the option “Deploy Microsoft Patches”. These should be the same we can find in Windows Update.

3. Review the updates and mark on those you would like to deploy. By default, all are marked.

4. Review also “Deploy Microsoft Service Packs”.

5. In “Deploy non-Microsoft Patches” we can review updates for all other software which is left out by Windows Update.

6. We can also review and select previously installed updates for uninstallation.

7. Once we complete marking all of the updates, we can set to deploy those updates immediately or in a specific schedule.

Managing Software with GFI LANGuard

Another interesting aspect in GFI LANGuard is the options available for managing software in client machines. We can set to uninstall unauthorized applications in our network or deploy custom software to guarantee our machines are following the right baseline.

Adding Unauthorized Software

If we are looking to add unauthorized applications for automatically removing it, the process involved is the following:

1. Access “Configure” pane in GFI LANGuard console.

2. In applications inventory select the application you would to add as unauthorized software, right-click and select “Configure”.

3. A wizard will start that will let us select in which scanning profile will be marked as unauthorized. Complete the wizard.

Before completing this configuration we must validate the uninstall procedure to guarantee that GFI LANGuard can perform the removal.

4. Access auto-install validation and you should see the “Validation pending” status of the application; click “Validate”.

5. A new wizard will pop up to confirm the uninstall procedure. This process WILL NOT uninstall the application in the remote machine, will only validate the process.

6. Complete the wizard with the selected target machine.

Note: An important note about this process is that we must have the application installed in a target machine to be selected and get a validated removal.

Removing Applications in One Client

If we’ve discovered one application that we would like to instantly remove from a machine, we can do so in the “Remediate” pane.

1. Select “Uninstall Applications” and select those to remove.

2. We can uninstall the application immediately or we can schedule the uninstall process.

Deploying Custom Software

GFI LANGuard gives us the chance to use automated deployment process to install applications in our target machines:

1. Access “Remediate” pane and select “Deploy Custom Software”.

2. Select “Add” to put in the application you would like to deploy. Take note that you can add specific parameters to the applications, for example, to complete a silent installation.

3. Select the target computers you would like to deploy the software.

4. And finally select the deployment schedule, which can be immediate or in a specific date and time.

Other Features

GFI LANGuard also offers some other common tools which are present daily for must IT guys, here are some:

• DNS Lookup: This is a handy tool most of us use when we need to validate name resolution within our domain or using an external DNS server.
• Traceroute: When we are having connectivity problems, we can quickly verify in GFI LANGuard console the number of hops to reach it.
• Whois: Retrieves information from a particular IP or hostname.
• Enumerate computers or users: Retrieves the number of computers/users found in he domains and/or workgroups in our networks. In computer, it also shows the operating system on each computer.
• SNMP Auditing: Reports weak SNMP strings available in the network, using dictionary attacks (from file snmp-pass.txt).
• SNMP Walk: To probe your network nodes and retrieve SNMP information (for example, OID’s).
• SQL Server Audit: Test the passwords vulnerabilities of SQL accounts, including the “sa” account.

Conclusions

As a quick summary of this review:

Pros

• Using GFI LANGuard offers a simple way to audit our networks to observe vulnerabilities and easily solve this by deploying software and or packages.
• Integrates with UNIX/Linux machines to cover also heterogeneous environments.
• The possibility to deploy 3^rd party updates represents an important feature to guarantee protection even with non-Microsoft software.
• GFI LANGuard using scanning profiles lets us to scale up our auditing process, providing different options in our scans.
• We can optimize our time using auto remediation options in scheduled scans.

Cons

• Uninstalling applications requires software to be installed in at least one computer available to test the uninstallation process, which should require manual work every time we found an unauthorized application.
• Besides deploying software and updates, real time actions like stopping a malicious service or process detected is not possible. The only option available is using a Remote Desktop option.

Running periodically auditing processes in our network is not very common in organizations, using GFI LANGuard can simplify us this task to maintain a secure baseline in our environment.

Resources

Here are some additional resources for GFI LANGuard:

• GFI LANGuard system requirements.
• [PDF] GFI LANGuard Getting Started Guide.
• [PDF] GFI LANGuard Manual.
• [PDF] GFI LANGuard Scripting Manual.