GFI LANguard Network Security Scanner

If you only have one computer, or a small handful of computers, then maybe it is not too difficult to keep track of what applications are installed and what services are running so you can stay on top of the vulnerabilities as they are discovered and apply the necessary patches. But, managing a larger network requires some tools to automate tracking which machines are vulnerable to what and for deploying the appropriate patches. GFI LANguard NSS is one of those tools.

About The Product

GFI LANGuard N.S.S. (Network Security Scanner) combines vulnerability scanning and patch management functions into one simple, cost-effective product. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies potential security issues. Used regularly, it can alert you to weaknesses before a hacker can find them, enabling you to deal with these issues before a hacker can exploit them.

GFI LANguard N.S.S. provides you with the capabilities to to perform in-depth vulnerability scans of all machines or devices on the network and to deploy patches or updates to remediate vulnerable machines. Some of the features of GFI LANguard N.S.S. include:

• Check for unused user accounts on workstations
• Audit your network for security vulnerabilities (Windows and Linux)
• Detect unnecessary shares, open ports & unused user accounts on workstations
• Check for and deploy missing security patches & service packs in OS & Office
• Wireless node/link detection and USB device scanning

New Features In Version 6.0

The latest version of LANguard N.S.S. comes with a variety of new features including:

• Detects wireless network devices
• Detects and reports USB devices (can also generate high security alerts when particular devices are detected like removable hard disks)
• Highly improved network devices reporting
• Checks status of GFI LANguard Portable Storage Control (P.S.C.)
• Support for SSH (allowing even more security checks to be created for the Linux OS)
• Multithread scan engine (scan multiple machines TOGETHER)
• Status monitor for scheduled operations (scans and deployments)
• Supports saving and re-loading of saved scan results to and from database/XML files. You can also restart operations from a saved scan as if the security scan was just made
• Shares - Both NTFS and Share permissions are now reported.

In addition to these features, GFI LANguard N.S.S. 6.0 also has new configuration and database maintenance options as well as a new status monitor and the ability to compare saved scan results.

My Review

The LANguard N.S.S. installation was fairly straight-forward and simple. You do need to give LANguard N.S.S. a password for an account with Domain Administrator privileges in order for it to function.

The NSS interface looks complex at first glance, but with a little clicking around I found it to be much more intuitive and user-friendly than it appeared.

I ran a scan of my own system and identified a handful of vulnerabilities and configuration issues which may represent security concerns. One of the nice things about NSS is that it provides you with detailed information about the vulnerabilities identified, allowing you to drill down for more information.

NSS also provides the functionality to allow you to automate scanning and deploy patches and updates. One great feature is the ability to compare two scans and identify the differences, allowing you to quickly notice changes such as new network shares or vulnerabilities that have appeared.

I did need to be reminded to reset the NSS password when I changed my Administrator password on the PC. Starting at $575 for 100 IPs and maxing out at $999 for unlimited IPs, GFI LANguard represents a powerful, cost-effective solution for helping monitor and protect your network.