Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: GFI LANguard. Good or is there something better?

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    171

    GFI LANguard. Good or is there something better?

    Hi everyone,

    Currently I am looking for a product on the market for monitoring several servers, all Windows NT40/2000 based. GFI's LANguard was suggested to me, but I was wondering if anyone is currently using it, and if maybe there aren't better products out there.

    My network is: 6 Servers (1 running NT 4.0SP6a, 5 running Win2k SP4) and 50 Win2k Workstations.

    Any suggestions would be most helpful!

    Thanks!
    MrCoffee
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    One of the best products I've seen for detecting vulnerabilities and doing network scans for Microsoft environments is eEye's Retina Scanner. Very effective (but does cost a few). There is the standard Nmap but I've found that a bit flaky under Windows. I have found Superscan to be good, quick and free. Very simplistic in it's research.

    There is also SARA, although it is built for a Linux environment. I wonder if you might be able to compile it with cygwin and use it on Windows (I haven't done this so I can't attest to success or failure of this kind of exercise). Also, there is NeWT (Windows port of Nessus) but again this is a cost product.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I have had AWFUL results with GFI LanGuard. In fact, the performance was so bad that I placed it in the same category as Symantec's NetRecon - complete crap.

    Tale a look at Nessus (www.nessus.org). MsMitts already mentioned NeWT, which is the Windows version of Nessus. I find that the Linux build is a little faster and more stable.

    You have a good crop of tools to try. NMAP is awesome along with the others mentioned above.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Member
    Join Date
    Jan 2004
    Posts
    33
    The tools mentioned by Ms Mittens and Horse are great tools (superscan and Nessus). Free is always good......
    I have used Eeye Retina scanner and it is good, but you are going to pay for it.
    Another tool I have recently reviewed is Qualys. The thing I like about it is that you can take it a step furthur and do external pen tests with it as well as creat a mapping of your network. It costs about the same as Eeye Retina product, but while doing research I ran across this third party review of both products.
    These figures are provided by Assetain. This report is 100% independent. This study showed some interesting figures regarding updates and identified vulnerabilities.


    Total Number of Vulnerabilities:

    Qualys: 3740 eEye Retina: 1733

    Total Number of Unique CVE's Covered:

    Qualys: 1745 eEye Retina: 918

    Vulnerabilities Added between 9/1/04 and 9/28/04:

    Qualys: 41 eEye Retina: 12


    If you have the budget I would recommend either Eeye or Qualys. GFI Languard was disappointing for me as well and now the network admins just use it to detect patches needed. Hope this helps

  5. #5
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    i just use GFI (old version) to make pretty reports with pretty icons for my boss. but it's not that good.

    NMAP and Nessus on linux are most useful for me.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    I'm wondering if it wouldn't be a nice idea to just set-up a monitor station running some flavour of Linux, all patched up and running some of the many tools out there [the main ones already pointed out above.] You need to have nessusd running on a Linux box anyway, nmap is better on *nix, and you have Snort, Ethereal, Ettercap etc [] to choose from.

    I remember using LANGuard for a bit, but as I am not netadmin I can't give you a decent review on it.

    But I stick to the Penguin, if that's at all feasible for you.
    /\\

  7. #7
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    There is the standard Nmap but I've found that a bit flaky under Windows.
    While this is not a slam on nmap in any way i gotta say its more than a bit flaky under windows. I run it under *nix on a regular basis but have crap luck with it on a windows box. Superscan from foundstone is a very good free scanner.

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey

    Everyone's given you some really great security-testing products... but I'm going to take this a step further and ask what it is you actually want to monitor on these servers... Most of what we've seen is security auditing type stuff.. but is that actually the type of monitoring you are looking for?

    I'm just curious because when I think monitoring... I'm thinking of tools like MS Baseline security analyzer just to maintain that the servers are up to date and then software like What's up Gold to monitor the status and uptime of the servers....

    Perhaps you could give us more details on what exactly you wish to monitor?

    Peace,
    HT

    [Edit]
    As for port scanning... superscan has been mentioned a lot... It's nice... but I'm a big fan of command line port scanning and really enjoy Foundstone's ScanLine (formerly fscan) tool.
    [/Edit]

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    Hi everyone,



    Thanks for all the great info. I have been asked to set up both logging and event monitoring so that someone can keep an eye on the system when I am not available, and also to reduce the amount of time I personally spend combing thru log files, etc.

    It started with me proposing Tigersharks Central Logging tutorial, and kind of got a life of it's own. The idea of LANguard was thrown at me yesterday as I walked in the door, mostly I think be cause we currently use two other GFI products, and they work really well.

    I currently maintain 6 Server, 4 for storage, 2 application servers. And in the event that I was hit by a bus tomorrow, they want someone else in the company to be able to keep an eye on things until they can find a replacement for me (GASP! not possible I tell ya! It just aint!) Not a terribly unreasonable idea, except they person they have in mind set up the network originally, and he has a hard time telling the difference between a good event and a bad one. The firewall logs are meaningless to him, and worse, his first reaction to an error is to reboot the servers. They were hoping I could come up with a decent set of monitors that would allow him to keep things going. I thought that maybe LANguard would allow for me to set up a series of filters, so that all my events would be logged, but notification would not be sent unless there was a critical issue to be resolved.

    I know this sounds really open ended, but that is mostly because I don’t have a clear idea of what he wants. I am not sure he does either, but since he is one-third owner of the company, he doesn’t have to. I have documented the network well, between written documentation, and Visio "maps" so clearly finding services shouldn't be an issue.

    And last, our firewalls and application server generate a HUGE number of log files, in plain text, and it takes a while to go thru them to spot break in attempts. While I really like the idea of TigerShark' logging system, I honestly don't know what might be out there that would be useful for combining, and analysis of the logs. While I have found a lot of info on *nix based logging, not a lot on Windows.

    I use MBSA and a few other scanning utilities. But I was under the impression that LANguard would monitor the event logs of my Exchange, ISA, Win2K Servers and IIS and log them into a "central" event log, while passing critical alerts onto whoever needed to be notified.
    Did I misunderstand the function of LANguard?

    Again, thank you to everyone that took the time to reply.
    MrCoffee
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Ah... When most people refer to "Languard" it's usually for their network scanning product and is well-known for that. There are, however, specific variations of Languard:


    GFI LANguard Security Event Log Monitor (S.E.L.M.) performs event log based intrusion detection and network-wide event log management. GFI LANguard S.E.L.M. archives and analyzes the event logs of all network machines and alerts you in real time to security issues, attacks and other critical events.
    GFI Network Server Monitor automatically monitors your network and servers for failures and allows administrators to fix and identify issues before users report them. Alerts can be sent by email, pager or SMS.
    GFI LANguard Network Security Scanner (N.S.S.) checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, services packs, open shares, open ports, unused user accounts and more.
    GFI LANguard Portable Storage Control (P.S.C.) offers you network-wide control of which users can use removable storage such as USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, digital cameras and more.
    Each one is seperate so perhaps you can identify which one you were thinking of (I'm going to guess the first one). You might want to look into Tripwire, which is the closest other product I've seen that would come close to the Server Event/Server Monitor. That might be something to try and see if it matches.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •