1 - Installation
Before loading any software onto my o/s partitions, I always check to see what it is that will be scattered throughout my filesystem. This means, I go through the install files and make sure they are legit. Paranoid? Nawwww.. it's called "security awareness". Okay, I'm paranoid.
LNSS encourages the end-user to read the manual before installation, as most software companies recommend. It was in MS Word 9.0 format, though (doc). I sure hope GFI uses antivirus software, because I'd hate to read a manual that contains a malicious macro (you'll understand why I said this later in my review). Before opening the doc file, I was curious to read the properties (hehe, GFI you didn't expect this much from me, eh?). What I found was shocking. Here I was, thinking I am installing a product from GFI, but rather the properties show that the file was "Created by WexTech Systems". Eeee, gads.
Okay, okay.. I trust GFI, so I noted it to be included in my review. On with the story.. the manual was half positive, and have suckage. The suckage you say? There are an abundant amount of "Section break (odd page)"'s, dotted lines, dizzy dizzy headache headache displays. It was a bit messy for my taste, but then again, I tend to be a perfectionist. But I'll be fair, the other positive half to the manual was that they didn't leave out much to say. The software was well-documented, including images for referencing. All in all, they should have included a PDF version.
Enough poking and prodding. It's time to smell the cookies and install.
Remember what I said about fear of a malicious macro contained in the manual? I said this because when you install LNSS, you'll need to disable your antivirus software. The software will perform a registry modification using a .vbs file -- and if you have AV running, it will think World War III has begun. The get around this, pet your computer and say that everything is okay. This made me wonder, though, does GFI use antivirus for their own production machines? Not once in the manual was there a reference to disabling your AV software before installation. *hmmm*
2 - Configuration
After the minor implication during install, the next step is running the LNSS. No problem here. It starts right up (with the exception of the "30-day evaluation" splash) and you're ready to scan to your hearts desire --- which is what most folks will do. But this is a port/security scanner, people. Since it performs security checks, you'll want to make sure that the database is current. The problem is that you will need to do a manual security update (no auto-update upon initial use of software). Like I said, most folks will just start scanning... won't do much good if the database contains out-of-date information, now will it?
I initiated the manual update. The update hung. Erm, not good.
However, I took into great consideration that I am using windows, and we ALL know how stable windows can be. So I started up LNSS again, went back into the update screen, and wham bam thank-you 'mam, it updated the software faster than I can say, "m-i-s-s-i-s-s-i-p-p-i". After the security update, LNSS will restart itself. I noticed another problem. The update window will remain open, and behind the new LNSS window (check your taskbar). Simple enough, just click-n-close. Something for GFI to consider changing, as it is a nuissance when a child window runs off on ya.
Aside from the security updates, the rest of configuration is a breeze. This thing is loaded with options that you can modify to fit your needs. Under the Scan pull-down, I have the following possibilities:
Start scanning
Scheduled scans
Gather information/from all
Options
Configure ports
Configure alerts
Configure operations
I'm not going to write about each possibility, but rather once again repeat myself with, "this thing is loaded with options that you can modify to fit your needs". This makes up for the problems with installation and initial configuration. The ports, alerts, and operations configuration sub-menu is a shortcut that is shown in the actual "Options" menu. For a "free" scanner, GFI gave a lot of thought here. Advanced features will allow you to import ini files. Sweet.
3 - Interface
This is what really impressed me. You have a top tool menu, and the heart of the application uses a split-style user interface (simple & effective -- the way it should be!). The bottom of the window contains useful information during scans (progress bar). The information gathered from each machine scanned is stored on the left, and the active scanning portion is located on the right. Cute OS icons were also incorporated. There's not much else to say about the interface. It really is stripped down to "basic", which rules. Too much fancy-schmancy for something like this is DAMN annoying (ahem, eEye).
4 - Functionality
There's a lot of functionality here, baby. Tools that are included in this nifty port/security scanner are:
DNS lookup
Whois client
Traceroute
SNMP walk & audit (sweeeet)
MS SQL server audit*
Enumerate computers
Granted, the first 3 tools are pretty basic (but useful). I totally fell in love the SNMP walk and audit features. It's nice to have it integrated into the scanner, versus having another set of software. As for the MS SQL server audit, I didn't have a spare M$ SQL box on hand, so you'll just have to play with that on your own. That goes for the other M$-related server patching feature.
"What about the actual SCANNING mr. n2k??", you may say.. well my friends, you have read enough and now comes the time to byte into the GFI baked, chocolate-chip honey-dipped cookie.
I must reiterate the fact that installation and the initial configuration sucked, only because of the two major factors (antivirus issue and non-auto security update). GFI lost major points for this. It was worth it, though. This "free" scanner is one BLAZING FAST SCANNER. I can only say this -- you'll have to try it yourself to see what I mean. If you don't believe me, I'll personally come to your door and show you how to turn on a computer.
Extremely fast it may be, this scanner does lack the ability to scan multiple IP/HOSTS. What I mean by this is that you only can scan a single ip, a range, list of computers, or comptuers that are part of a domain. You can't do something like 10.0.1.1-10.0.1.10, 10.0.1.13, 10.0.1.15-10.0.1.20. But I suppose you can't complain when it's free. Also, the OS fingerprinting is semi-reliable (not always accurate). But this is mainly with unix, bsd, linux and other *nix-based boxes. LNSS simply just gives it a penguin icon (foo). I should also point out to you script kiddies: LNSS should definately NOT be used for stealth scanning. It wasn't built for doing such; that's alright because it's fast and does the job. During scans, LNSS uses basic (but useable), NetBios username/password guessing. The passwords are stored in an editable dictionary. The scanner also produces useful network info (TTL & number of hops).
As for the report generator, this also impressed me. Going back to the basics, GFI didn't make a clutter for a web layout. You can modify how the reports are made (header, footer, etc), and you can later parse the output since LNSS also creates an XML file. Nice planning on their part. The reporting uses links outside of GFI's website to explain alerts, which I wasn't too keen on. Some of the alerts to external sites sucked. It would be nice if they had their own database. But all-in-all, the report generation is clean, customizable, and straight-forward (*cough* eEye *cough* spend thousands *cough* get eye strains *cough*).
5 - Judgement Day
I'm a *nix lover by trade, there is no doubt about that. I'm somewhat sad that GFI sticks only to windows, but I won't hold it against them. I just couldn't, and you can see why. LANguard Network Security Scanner started out smelling like stale cookies, but they made up for it later on. So, judgement. GFI held true, as always, to what they claim this software can and will do. The only thing they need to work on is the installation and initial configuration aspect. But I think they definately made up for it in the end. So with that said, I'm gonna give this port/security scanner a score of 4 out of 5.
Definately download this and give it a try. It works and without a doubt will stay in my winblowz network utility folder. GFI LANguard Network Security Scanner is free for non-commercial use and can be downloaded here.
nitrate2k
//home
(c) New Order /
http://neworder.box.sk/
Reply With Quote