Tech Daily
News | Analysis | Comment | Features | Reviews

Review: GFI LANguard 9.0

Vulnerability scanner gets new automation capabilities to ease IT admin burden

Dave Bailey, vnunet.com; 12 Dec 2008
Price: £200 + VAT: 8 IP addresses; £492 + VAT: 64 IP addresses; £2,230 + VAT: 512 IP addresses
Manufacturer: GFI: 0178 444 8838
GFI LANguard 9.0 screenshot

Launched in November, version 9.0 of GFI's LANguard network scanner includes a wide range of enhancements designed to make the lives of network administrators easier, including the ability to detect whether a desktop system is real or running as a virtual machine (VM).

Other new features accessible via the refreshed interface include better hardware auditing capabilities and a facility for firing up a remote desktop connection in the event that a system’s security issues cannot be fixed automatically.

Also new is the ability for LANguard to check if there are any unauthorised applications on the network, and automatically remove them. IT administrators need to define what applications to classify as unauthorised.

LANguard’s dashboard can now summarise all scan results, give an overview of the most highly vulnerable systems, and trend the security status of the network. GFI has also implemented custom vulnerability checks defined in the Python language.

We downloaded the package and installed it on a variety of desktop and server systems. The install took a little under 10 minutes, with most of that time taken up by the Microsoft Access database installation used to store scan and asset management data, although for larger networks IT managers can choose to point scan data at SQL Server installations.

Setting up a complete network scan was pretty straightforward, although we did have to log on to several systems to enable the NetBIOS protocol.

There are a large number of predefined scans provided by GFI, including ones for specifically auditing installed software or for a network vulnerability assessment. Network vulnerability assessments can be run against a database containing threat signatures from a number of respected security organisations, such as the SANS Institute.

When we scanned our test network LANguard picked up a Windows XP system with 11 missing patches. Fixing the system was a simple matter of downloading the patches and remote installing them. LANguard’s vulnerability reporting gives useful web links relating to any problems it finds.

Running the software and hardware audits quickly pulled out useful information about the configuration of our scanned systems. We could then “baseline” these systems as a way of detecting any subsequent changes to the state of their hardware and software. As well as being able to use LANguard to manually classify packages as being unauthorised, admins can set up the system so that it automatically removes unauthorised applications.

New to this version is the ability to pick up VMs running on systems connected to the network. LANguard detected and scanned a laptop on our test network with VMware’s Workstation version 6.5 running XP Professional and Vista Enterprise VMs.

The only minor niggle was that when we analysed the scan results, any errors in the scanner activity window were flagged with information as to what went wrong but not how to put the problem right.

On the whole though, LANguard 9.0 performs impressively as a proactive risk management package, as well as an asset manager and network vulnerability scanner.

See also:

Network cables
Secerno and F5 hook up on network security
Partnership aims to prevent attacks on critical databases  19 Nov 2008
Virus
NHS hospitals contract Mytob virus
Worm wriggles into IT systems and does a bit of networking  19 Nov 2008
Computer security
McAfee aims to ease NAC woes
Unified Secure Access promises easier deployment and better access controls  20 Oct 2008
How to combat the full threat lifecycle
Fighting off bot networks is possible but it requires a combination of technologies  16 Oct 2008
Sophos Endpoint Security and Control 8.0
First Look: Sophos Endpoint Security and Control 8.0
Upgrade adds integrated endpoint security, malicious script detection and anti-rootkit functions  01 Oct 2008

All Networking
Tags: Networks, Patch-management, Virtual-machine, Vmware, Virtualisation, Security, Software

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Verdict

GFI's LANguard 9.0 is a very good system for IT managers to check out and fix desktop system vulnerabilities existing on their networks. As a proactive risk management package, when combined with a decent anti-virus system, this would give firms deploying the package a large network security boost.

Pros: Simple to set up and use, even though there's a lot of complexity under the hood; can now pick up problems with virtual machine operating systems.

Cons: Error messages in scanner activity window, while informative, would be better if they were clickable to bring up an answer to the problem.

Reviews Disclaimer
Readers are reminded that the opinions expressed, and the results published in connection with reviews and/or laboratory test reports carried out on computing systems and/or related items are confined to, and representative of, only those goods supplied and should not be construed as a recommendation to purchase.
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503