Overview
This article provides information on enabling/disabling scanning for hardware devices on target computers and adding the appropriate network and USB devices to the blacklist and whitelist groups for a Scanning Profile. This allows detecting the devices you mark as dangerous or removing extra scanning time checks you are not interested in.
Solution
LanGuard can detect the hardware device marked as dangerous or exclude from the scanning process-specific USB devices you consider safe. Such devices can be a USB mouse or keyboard. This is achieved through a safe/whitelist of USB devices to be ignored during scanning.
You can further configure LanGuard to generate high-security vulnerability alerts whenever a USB or Network device is detected. This is achieved by compiling a list of unauthorized or blacklisted Network and USB devices you want to be alerted for.
- Access GFI LanGuard.
- Go to Configuration > Scanning Profile Editor. Alternatively, press CTRL + P to launch the Scanning Profiles Editor.
- Go to Network & Software Audit Options and select the Devices tab.
- Use the Network Devices sub-tab to configure the attached network devices scanning options and blacklisted (unauthorized)/whitelisted (safe) devices lists.
- Use the USB Devices sub-tab to configure the attached USB devices scanning options and unauthorized/safe devices lists.
- Choose the appropriate action needed from the list of options on the table below:
Option Description Enabling/disabling checks for all installed network devices To enable network device (including USB device) scanning in a particular scanning profile:
- Click the Network Devices tab.
- Select the appropriate scanning profile from the left pane under Profiles.
- On the right pane, select Enable scanning for hardware devices on the target computer(s).
Network device scanning is configurable on a scan profile by scan profile basis. Make sure to enable network device scanning in all profiles where this is required.
Compiling a network device blacklist/whitelist - Click the Network Devices tab.
- Select the appropriate scanning profile from the left pane under Profiles.
- In the right pane, specify which devices you want to classify as high-security vulnerabilities or whitelist.
- High-security vulnerabilities: Specify the devices under Create high-security vulnerability for USB devices which name contains.
Example: If you enter the word ‘wireless,’ you will be notified through a high-security vulnerability alert when a device whose name contains the word ‘wireless’ is detected. - Whitelist: Specify which USB devices you want to ignore during network vulnerability scanning in the space provided under Ignore (Do not list/save to db) devices which name contains.
- High-security vulnerabilities: Specify the devices under Create high-security vulnerability for USB devices which name contains.
Only add one network device name per line.
Configuring advanced network device scanning options You can also specify the type of network devices checked by this scanning profile and reported in the scan results. These includes:
- wired network devices
- wireless network devices
- software enumerated network devices
- virtual network devices
To specify which network devices to enumerate in the scan results:
- Click the Network Devices tab, which opens by default.
- Select the appropriate scanning profile from the left pane under Profiles.
- Click Advanced and set the required options to Yes.
- Click OK to finalize your settings.
Scanning for USB devices To compile a list of unauthorized/unsafe USB devices:
- Click USB Devices.
- Select the appropriate scanning profile from the left pane under Profiles.
- In the right pane, specify which devices you want to classify as high-security vulnerabilities or whitelist.
- High-security vulnerabilities: Specify the devices under Create high-security vulnerability for USB devices which name contains.
Example: If you enter the word ‘iPod,’ you will be notified through a high-security vulnerability alert when a USB device whose name contains the word ‘iPod’ is detected. - Whitelist: Specify which USB devices you want to ignore during network vulnerability scanning in the space provided under Ignore (Do not list/save to db) devices which name contains.
- High-security vulnerabilities: Specify the devices under Create high-security vulnerability for USB devices which name contains.
NOTE: Only add one USB device name per line.
Using the settings above, you can implement Scanning Profiles just for your particular case(s). For example, you can create a separate scanning profile that enumerates only Bluetooth dongles and wireless NIC cards connected to your target computers. In this case, you must specify Bluetooth and Wireless or WiFi in the unauthorized network and USB lists of your scanning profile.
Related Articles
- Creating and Personalizing a Scanning Profile
- Configuring Vulnerabilities with Scanning Profile Editor
- Configuring Patches with Scanning Profile Editor
- Configuring TCP/UDP Port Scanning Options with Scanning Profile Editor
- Configuring Applications Scanning Options with Scanning Profile Editor
- Configuring System Information Options with Scanning Profile Editor