Overview
GFI LanGuard uses the SNMP (Simple Network Management Protocol) to query for vulnerabilities present in network switches, firewalls, and other network devices.
This article details two methods of scanning for vulnerabilities on these devices.
Process
Method 1 - Scanning the Devices Using a Vulnerability Scan
GFI LanGuard allows administrators to run a pre-configured scan in the network to search for vulnerabilities. The scan uses a profile where the administrator can see the details of checks performed and make adjustments if necessary.
To run a successful scan:
- Ensure that the devices are configured to respond to SNMP requests from the LanGuard machine:
- SNMP agent must be running on the target device and accepting SNMP queries.
- The agent must be listening on UDP port 161.
- Set a community string that is not easy to guess.
- Open the GFI LanGuard Console.
- If needed, adjust the Scanning Profile to suit your preference in accomplishing the task.
- Go to Scan. Adjust the settings and click Scan.
Method 2: Using SNMP Utilities
GFI LanGuard provides administrators with two SNMP Utilities that can be used to troubleshoot issues when the scans are not giving proper results or to perform some custom test.
SNMP testing utilities can be accessed by going to GFI LanGuard > Utilities.
- SNMP Audit - Checks for weak community strings.
- SNMP Walk - Queries for the current value of specific Object IDs. It could be used to verify if the target device is replying to SNMP requests. It could also be used to walk down the SNMP Object ID Tree from a specific point, or to check a specific Object ID, specified in the check properties.
Supported SNMP Versions
- SNMPv1
- SNMPv2c
Unsupported SNMP Versions
- SNMPv3
- SNMP over TLS / DTLS