The Scanning Profile Editor Vulnerability Assessment Options tab allows you to configure which Microsoft or non-Microsoft and Security or non-Security updates are checked when LanGuard is scanning targets with the selected profile.
This eliminates the need to acknowledge or ignore specific patches from the Dashboard individually and manually since they would not be detected during scanning with this customized Scanning Profile.
- Enabling Vulnerability Scanning
- Customizing the List of Vulnerabilities to Be Scanned
- Customizing Vulnerability Checks Properties
- Setting up Vulnerability Check Conditions
Enabling Vulnerability Scanning
Vulnerability scanning can be enabled or disabled (if your goal is network and software auditing only) in any Scanning Profile:
- Launch LanGuard console and go to Configuration > Scanning Profile Editor. Alternatively, press CTRL + P to launch the editor.
- Go to Vulnerability Assessment Options > Vulnerabilities.
- Select the Scanning Profile to customize from the left pane under Profiles.
- In the right pane, select Enable Vulnerability Scanning.
Vulnerability scanning is configured on a Scanning Profile level. If this option is not selected in a particular profile, no vulnerability tests will be performed in the security audits carried out by this scanning profile.
Customizing the List of Vulnerabilities to Be Scanned
To specify which vulnerabilities will be enumerated and processed during a security audit:
- Launch LanGuard console and go to Configuration > Scanning Profile Editor.
- Go to Vulnerability Assessment Options and select the Scanning Profile to customize from the left pane under Profiles.
- In the right pane, select the vulnerability checks to execute through this Scanning Profile.
Customizing Vulnerability Checks Properties
All the checks listed in the Vulnerabilities tab have specific properties that determine when the check is triggered and what details will be enumerated during a scan.
- Right-click on the vulnerability to customize, select Properties.
- Customize the selected vulnerability check from the tabs described below:
Use this tab to customize general details, including vulnerability check name, vulnerability type, OS family, OS version, product, timestamp, and severity.
Use this tab to configure the operational parameters of this vulnerability check. These parameters will define whether a vulnerability check is successful or not.
Use this tab to customize the vulnerability check description.
Use this tab to customize references and links that lead to relevant information in the OVAL, CVE, MS Security, Security Focus, and SANS TOP 20 reports.
- Click OK to save your changes.
Setting up Vulnerability Check Conditions
The Conditions tab enables you to add or customize conditions, which define whether the computer or network being scanned is vulnerable or not.
WARNING: It is, therefore, of paramount importance that any custom checks defined in this section are set-up by qualified personnel aware of the ramifications of their actions.
To add a vulnerability check condition:
- From the Vulnerability Assessment Options > Vulnerabilities, right-click a vulnerability from the list and select Properties.
- From the Edit Vulnerability dialog, go to Conditions > Add.
- Select the type of check to be configured and click Next.
- Define the object to examine and click Next.
- Specify required conditions and click Finish to finalize your settings.
- If more than one condition is set up, define conditional operators, and click OK to finalize your configuration settings.
- (Optional) Click Advanced in the Vulnerabilities tab to launch the advanced vulnerabilities scanning options.
The options in Advanced Vulnerabilities Options are used to:
- Configure extended vulnerability scanning features that check your target computers for weak passwords, anonymous FTP access, and unused user accounts.
- Configure how LanGuard handles newly created vulnerability checks.
- Configure LanGuard to send CGI (Common Gateway Interface) requests through a specific proxy server. This is mandatory when CGI requests will be sent from a computer behind a firewall to a target web server outside the firewall. For example, Web servers on a DMZ (Demilitarized Zone).
The firewall will generally block all the CGI requests directly sent by GFI LanGuard to a target computer in front of the firewall. To avoid this, set the Send CGI Requests Through Proxy option to Yes and specify the name/IP address of your proxy server and the communication port, which will be used to convey the CGI request to the target.
- Creating and Personalizing a Scanning Profile
- Configuring Patches with Scanning Profile Editor
- Configuring TCP/UDP Port Scanning Options with Scanning Profile Editor
- Configuring System Information Options with Scanning Profile Editor
- Configuring Device Scanning Options with Scanning Profile Editor
- Configuring Applications Scanning Options with Scanning Profile Editor