GFI LNSS - The n2k Perspectivity-pivoty-nividiv
Results 1 to 2 of 2

Thread: GFI LNSS - The n2k Perspectivity-pivoty-nividiv

  1. #1
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    GFI LNSS - The n2k Perspectivity-pivoty-nividiv

    GFI LNSS - The n2k Perspectivity-pivoty-nividiv
    @ Articles -> Software ::: Scanners Feb 27 2003, 14:56 (UTC+0)

    GFI LANguard Network Security Scanner
    WexTech Systems?
    Norton AntiVirus nearly bit my head off
    Security update: before
    Security update: after
    Straight-forward scanning

    nitrate2k writes: I wonder if the boys (any girls?) over at GFI development headquarters sleep as much as most boxsters do? I came to this conclusion after doing a second software review for them -- the GFI LANguard Network Security Scanner. Gather around my little script kiddies, this is one port scanner that should be part of your windows toolset.

    After installing GFI's LANguard Network Security Scanner (herein "LNSS"), and seeing what I could do rather than just the normal "throw 'n play" certainty most software developer's expect from their customers, I went through it like a chocolate-chip honey-dip cookie junkie. Here's what came out of the GFI kitchen...
    1 - Installation

    Before loading any software onto my o/s partitions, I always check to see what it is that will be scattered throughout my filesystem. This means, I go through the install files and make sure they are legit. Paranoid? Nawwww.. it's called "security awareness". Okay, I'm paranoid.

    LNSS encourages the end-user to read the manual before installation, as most software companies recommend. It was in MS Word 9.0 format, though (doc). I sure hope GFI uses antivirus software, because I'd hate to read a manual that contains a malicious macro (you'll understand why I said this later in my review). Before opening the doc file, I was curious to read the properties (hehe, GFI you didn't expect this much from me, eh?). What I found was shocking. Here I was, thinking I am installing a product from GFI, but rather the properties show that the file was "Created by WexTech Systems". Eeee, gads.

    Okay, okay.. I trust GFI, so I noted it to be included in my review. On with the story.. the manual was half positive, and have suckage. The suckage you say? There are an abundant amount of "Section break (odd page)"'s, dotted lines, dizzy dizzy headache headache displays. It was a bit messy for my taste, but then again, I tend to be a perfectionist. But I'll be fair, the other positive half to the manual was that they didn't leave out much to say. The software was well-documented, including images for referencing. All in all, they should have included a PDF version.

    Enough poking and prodding. It's time to smell the cookies and install.

    Remember what I said about fear of a malicious macro contained in the manual? I said this because when you install LNSS, you'll need to disable your antivirus software. The software will perform a registry modification using a .vbs file -- and if you have AV running, it will think World War III has begun. The get around this, pet your computer and say that everything is okay. This made me wonder, though, does GFI use antivirus for their own production machines? Not once in the manual was there a reference to disabling your AV software before installation. *hmmm*


    2 - Configuration

    After the minor implication during install, the next step is running the LNSS. No problem here. It starts right up (with the exception of the "30-day evaluation" splash) and you're ready to scan to your hearts desire --- which is what most folks will do. But this is a port/security scanner, people. Since it performs security checks, you'll want to make sure that the database is current. The problem is that you will need to do a manual security update (no auto-update upon initial use of software). Like I said, most folks will just start scanning... won't do much good if the database contains out-of-date information, now will it?

    I initiated the manual update. The update hung. Erm, not good.

    However, I took into great consideration that I am using windows, and we ALL know how stable windows can be. So I started up LNSS again, went back into the update screen, and wham bam thank-you 'mam, it updated the software faster than I can say, "m-i-s-s-i-s-s-i-p-p-i". After the security update, LNSS will restart itself. I noticed another problem. The update window will remain open, and behind the new LNSS window (check your taskbar). Simple enough, just click-n-close. Something for GFI to consider changing, as it is a nuissance when a child window runs off on ya.

    Aside from the security updates, the rest of configuration is a breeze. This thing is loaded with options that you can modify to fit your needs. Under the Scan pull-down, I have the following possibilities:


    Start scanning
    Scheduled scans
    Gather information/from all
    Options
    Configure ports
    Configure alerts
    Configure operations


    I'm not going to write about each possibility, but rather once again repeat myself with, "this thing is loaded with options that you can modify to fit your needs". This makes up for the problems with installation and initial configuration. The ports, alerts, and operations configuration sub-menu is a shortcut that is shown in the actual "Options" menu. For a "free" scanner, GFI gave a lot of thought here. Advanced features will allow you to import ini files. Sweet.


    3 - Interface

    This is what really impressed me. You have a top tool menu, and the heart of the application uses a split-style user interface (simple & effective -- the way it should be!). The bottom of the window contains useful information during scans (progress bar). The information gathered from each machine scanned is stored on the left, and the active scanning portion is located on the right. Cute OS icons were also incorporated. There's not much else to say about the interface. It really is stripped down to "basic", which rules. Too much fancy-schmancy for something like this is DAMN annoying (ahem, eEye).


    4 - Functionality

    There's a lot of functionality here, baby. Tools that are included in this nifty port/security scanner are:


    DNS lookup
    Whois client
    Traceroute
    SNMP walk & audit (sweeeet)
    MS SQL server audit*
    Enumerate computers


    Granted, the first 3 tools are pretty basic (but useful). I totally fell in love the SNMP walk and audit features. It's nice to have it integrated into the scanner, versus having another set of software. As for the MS SQL server audit, I didn't have a spare M$ SQL box on hand, so you'll just have to play with that on your own. That goes for the other M$-related server patching feature.

    "What about the actual SCANNING mr. n2k??", you may say.. well my friends, you have read enough and now comes the time to byte into the GFI baked, chocolate-chip honey-dipped cookie.

    I must reiterate the fact that installation and the initial configuration sucked, only because of the two major factors (antivirus issue and non-auto security update). GFI lost major points for this. It was worth it, though. This "free" scanner is one BLAZING FAST SCANNER. I can only say this -- you'll have to try it yourself to see what I mean. If you don't believe me, I'll personally come to your door and show you how to turn on a computer.

    Extremely fast it may be, this scanner does lack the ability to scan multiple IP/HOSTS. What I mean by this is that you only can scan a single ip, a range, list of computers, or comptuers that are part of a domain. You can't do something like 10.0.1.1-10.0.1.10, 10.0.1.13, 10.0.1.15-10.0.1.20. But I suppose you can't complain when it's free. Also, the OS fingerprinting is semi-reliable (not always accurate). But this is mainly with unix, bsd, linux and other *nix-based boxes. LNSS simply just gives it a penguin icon (foo). I should also point out to you script kiddies: LNSS should definately NOT be used for stealth scanning. It wasn't built for doing such; that's alright because it's fast and does the job. During scans, LNSS uses basic (but useable), NetBios username/password guessing. The passwords are stored in an editable dictionary. The scanner also produces useful network info (TTL & number of hops).

    As for the report generator, this also impressed me. Going back to the basics, GFI didn't make a clutter for a web layout. You can modify how the reports are made (header, footer, etc), and you can later parse the output since LNSS also creates an XML file. Nice planning on their part. The reporting uses links outside of GFI's website to explain alerts, which I wasn't too keen on. Some of the alerts to external sites sucked. It would be nice if they had their own database. But all-in-all, the report generation is clean, customizable, and straight-forward (*cough* eEye *cough* spend thousands *cough* get eye strains *cough*).


    5 - Judgement Day

    I'm a *nix lover by trade, there is no doubt about that. I'm somewhat sad that GFI sticks only to windows, but I won't hold it against them. I just couldn't, and you can see why. LANguard Network Security Scanner started out smelling like stale cookies, but they made up for it later on. So, judgement. GFI held true, as always, to what they claim this software can and will do. The only thing they need to work on is the installation and initial configuration aspect. But I think they definately made up for it in the end. So with that said, I'm gonna give this port/security scanner a score of 4 out of 5.

    Definately download this and give it a try. It works and without a doubt will stay in my winblowz network utility folder. GFI LANguard Network Security Scanner is free for non-commercial use and can be downloaded here.


    nitrate2k
    //home

    (c) New Order / http://neworder.box.sk/
    http://neworder.box.sk/newsread_print.php?newsid=7264
    http://www.gfi.com/lannetscan/
    yeah, I\'m gonna need that by friday...

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    I actually just installed this software last night and I was quite impressed with it for being windows software.. The only problem I've had is that it will auto install patches your system needs.. It found one IE patch I was missing.. yet windows update says I'm up to date.. regardless I install the patch and reboot and run languard again.... and boom it tells me the update is still need.. so i try installing the patch off the microsoft site... it tells me it's installed and exits.. but yeah other than that I think it's a great peice of software and a handy little tool
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •