GFI LANguard Network Security Scanner (N.S.S.) 5 is a freeware
tool to audit network security and proactively secure it. It scans
entire networks from an attacker's perspective, and analyses machines
for open ports, shares, security alerts/vulnerabilities, service
pack level, installed hotfixes and other NETBIOS information such
as hostname, logged on user name, users etc. It does OS detection,
password strength testing, detects registry issues and more. Reports
are outputted in HTML.
GFI LANguard N.S.S. checks your network for all potential methods
that a hacker might use to attack your network. By analyzing the
operating system and the applications running on your network, GFI
LANguard N.S.S. identifies possible security holes. In other words,
it plays the devil's advocate and alerts you to weaknesses before
a hacker can find them, enabling you to deal with these issues before
a hacker can exploit them.
GFI LANguard N.S.S. scans your entire network, IP by IP, and provides
information such as service pack level of the machine, missing security
patches, open shares, open ports, services/applications active on
the computer, key registry entries, weak passwords, users and groups,
and more. Scan results are outputted to an HTML report, which can
be customized/queried, enabling you to proactively secure your network
- for example by shutting down unnecessary ports, closing shares,
installing service packs and hotfixes, etc…
Figure 1 - The new GFI LANguard N.S.S. 5 interface
GFI LANguard N.S.S. is also a complete patch management
solution. After it has scanned your network and determined missing
patches and service packs - both in the operating system (OS) and
in the applications - you can use GFI LANguard N.S.S. to deploy
those service packs and patches network-wide. It can also deploy
custom software network-wide.
Features of GFI LANguard N.S.S. are numerous, it can amongst other
Detect OS, service pack level & installed security patches
Installing the latest security patches is a must to keep your network
secure. GFI LANguard N.S.S. detects what service packs and security
patches are installed and identifies missing security patches and
service packs. GFI LANguard N.S.S. detects Windows and UNIX operating
systems using SMB queries.
Ability to patch NT/2000/2003/XP machines that are missing hotfixes
It can deploy missing service packs and patches network-wide, without
user intervention. It is the ideal tool to monitor that Microsoft
SUS is doing its job properly and to perform the tasks SUS cannot
do. Administrators can use GFI LANguard N.S.S. to deploy Microsoft
Office patches and custom software patches, for patch reporting
and for immediate deployment of high alert patches. Microsoft SUS
cannot do any of this. GFI LANguard N.S.S. supports patching of
English, Spanish, Italian, French and German versions of Microsoft
Office as well as custom software patching (for example, virus updates
or client software deployment). If administrators prefer not to
use Microsoft SUS, GFI LANguard N.S.S. can deploy patches for English
versions of Windows NT/2000/2003/XP, Microsoft Exchange Server,
Microsoft SQL Server and Microsoft ISA Server.
Fast TCP & UDP port scanning & identification
GFI LANguard N.S.S. includes a fast TCP/IP and UDP port-scanning
engine, allowing you to scan your network for unnecessary open ports.
GFI LANguard N.S.S. identifies well-known services (such as www/FTP/telnet/SMTP...
) and also supports "banner grabbing", that is, it queries
the port for an application name.
Easily create different types of scans/vulnerability tests with
Using Scan Profiles, administrators can scan for different types
of information. For example, they can scan for open shares on workstations,
security audit and password policies, machines missing a particular
patch or machines missing a particular service pack. Different types
of vulnerabilities can be scanned for, and the scan can also be
performed using different identities, providing different network
"Alerts" pinpoint security issues & recommends
Once GFI LANguard N.S.S. has completed scanning a computer, it generates
an "Alerts" node which details key security issues and
recommends a course of action. Wherever possible, GFI LANguard N.S.S.
includes further information about the security issue or a web link
to more information, for example a BugTraq ID or a Microsoft KnowledgeBase
Automatically detect NEW security holes with scheduled scan
GFI LANguard N.S.S. can compare scan results and identify new security
holes appearing on your network. The scheduled scan feature allows
you to schedule daily or weekly network scans, which can then be
automatically compared to previous scan results. This enables you
to quickly identify changes such as newly created shares, installed
services, added users or added ports. You can configure GFI LANguard
N.S.S. to automatically email you a list of changes.
Finds all shares on your network
GFI LANguard N.S.S. enumerates all shares on your network, including
administrative shares (C$, D$, ADMIN$) and printer shares. Using
this feature you can:
- Check whether a user is sharing his/her whole drive with other
- Prevent anonymous access to shares
- Ensure that startup folders or similar system files are not
shared as this could allow less privileged users to execute code
on target machines.
Find unused local users & groups
GFI LANguard N.S.S. also enumerates all local users and groups,
and marks user accounts not being used, allowing you to remove the
accounts you do not need. It is important to disable all unused
accounts and ensure that the used accounts (administrator) have
a strong password.
Vulnerabilities database includes Microsoft & UNIX/CGI issues
GFI LANguard N.S.S. automatically updates its security vulnerabilities
database by downloading the continuously updated security bulletins
XML file from the Microsoft site. This XML file contains the list
of security vulnerabilities in Windows platforms and applications.
In addition to this, the GFI LANguard N.S.S. security vulnerabilities
database is also updated with issues reported to BugTraq. GFI LANguard
N.S.S. also audits UNIX issues and cgi vulnerabilities.
Improved Linux/Unix security scanning
GFI LANguard N.S.S. 5 now includes an extensive set of Linux vulnerability
checks. More will be added on a continuous basis and will be available
via automatic download from the GFI website.
Query generator for scan reports
Because scan reports can include a lot of data, GFI LANguard N.S.S.
includes a query generator that allows you to filter the XML scan
reports for specific data. For example, you can query a scan result
for all machines with shares, or for all machines running FTP servers.
Addition of custom vulnerabilities using scripts/conditions
Administrators can add their own vulnerability checks using conditions,
for example, to check for particular registry entries/values. Users
can also write complex vulnerability checks using the GFI LANguard
N.S.S. VBscript-compatible script engine. GFI LANguard N.S.S. includes
a script editor and debugger to help with script development.
Identifies all installed NT/2000/XP services
Disable all services that you do not need! All services running
on the scanned machines are listed. Each service can be a potential
security risk, so closing/switching off what you do not need automatically
reduces the security risk.
Check if auditing is enabled & enable network-wide auditing
GFI LANguard N.S.S. checks if each NT/2000/XP machine has security
auditing enabled. If not, GFI LANguard N.S.S. alerts you and permits
you to enable auditing remotely. Security event auditing is highly
recommended - it allows you to detect intruders in real time. GFI
LANguard N.S.S.'s companion product GFI LANguard Security Event
Log Monitor (S.E.L.M.) automates network-wide, real time analysis
of security events.
Check password policy
GFI LANguard N.S.S. can automatically check password policy for
all machines on the network. You can ensure that the password policy
is secure, for example, by enabling a maximum password age, password
lockout and password history.
Check for programs that run automatically
GFI LANguard N.S.S. can find programs that are automatically launched
on a user's workstation. Review these entries carefully for possible
GFI LANguard N.S.S. outputs scan results to a graphical HTML report,
so that you can print the report and review it easily.
- Scans large networks by sending UDP query status to every IP
- Lists NETBIOS name table for each responding computer
- Provides NETBIOS hostname, currently logged username & MAC
- Provides a list of shares, users (detailed info), services,
sessions, remote TOD (time of day) & registry information
from remote computer (NT/2000)
- Tests password strength on Windows 9x/NT/2000 systems using
a dictionary of commonly used passwords
- SNMP device detection, SNMP Walk for inspecting network devices
like routers, network printers...
- Support for sending spoofed messages (social engineering)
- DNS lookup (www.somehost.com - > xxx.xxx.xxx.xxx); resolve
hostnames (reverse DNS)
- Trace route support for network mapping
- Configuration manager so you can easily save particular scans.
- Security vulnerabilities are now categorized according to importance
- Scan filters allow for easy filtering of scan data
- More scripts and vulnerabilities; includes top SANS vulnerabilities
- Scalable back-end: GFI LANguard N.S.S. 5 now uses a Microsoft
Access or SQL database for storing scan data; the database makes
it easy to create custom reports and perform trending analysis
- Scan results can be saved to XML for reporting purposes
- Improved SQL server audit tool
- New tool to enumerate users.
A detailed list of new features is available at http://kbase.gfi.com/showarticle.asp?id=KBID002051.
About GFI LANguard N.S.S.
GFI LANguard Network Security Scanner (N.S.S.) checks a network
for possible security vulnerabilities by scanning the entire network
for missing security patches, services packs, open shares, open
ports, unused user accounts and more. With this information (displayed
in customizable reports), administrators can easily lock down their
network against hackers. GFI LANguard N.S.S. can also remotely deploy
missing patches and service packs in applications and OS. GFI LANguard
N.S.S. is the leading Windows security scanner and very competitively
priced. For more information and to download the product, one can
GFI Software Ltd. is a leading provider of network security, content
security and messaging software. Key products include the GFI FAXmaker
fax server software for Exchange and SMTP servers; GFI MailSecurity
email security software for Exchange and SMTP servers; GFI MailEssentials
server-based anti-spam software; GFI LANguard Network Security Scanner
(N.S.S.) security scanning and patch management software; GFI Network
Server Monitor network management software; and GFI LANguard Security
Event Log Monitor (S.E.L.M.) that performs network-wide event log
management and auditing. Clients include Microsoft, Telstra, Time
Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW,
the US IRS, and the USAF. GFI has offices in the US, the UK, Germany,
Cyprus, Romania, Australia and Malta, and operates through a worldwide
network of distributors. GFI is a Microsoft Gold Certified Partner
and has won the Microsoft Fusion (GEM) Packaged Application Partner
of the Year award. For more information about GFI, visit http://www.gfi.com.
All product and company names herein may be trademarks of their