Overview
This article provides information on creating a new scanning profile or personalizing an existing profile using the Scanning Profiles Editor. This allows customizing profiles for any environment or purpose, for example:
- enabling scanning options relevant only for certain groups of devices, like Linux or macOS
- removing extra scanning checks in the slow networking environments
- creating a profile that does not report missing patches for known items
- adding custom vulnerability checks
Solution
Out of the box, LanGuard already has multiple scanning profiles pre-configured to cover various use cases and environments. All these profiles can be viewed and modified with the Scanning Profile Editor, and the new profiles can be created and personalized to address your specific use cases.
Scanning Profile Editor can be reached from the LanGuard console by any of the methods below:
- right-clicking on Scanning Profiles in the Configuration tab and selecting Scanning Profiles Management
- selecting Edit this profile… on a particular profile in the Scanning Profiles configuration section
- clicking on the Scanning Profile Editor through the main File menu
- pressing Ctrl + P in the main interface.
Creating a New Scanning Profile
- In the Scanning Profiles Editor from the Common Tasks, click New Scanning Profile.
- Specify the new profile's name and optionally select Copy all settings from an existing profile to clone settings from an existing profile.
- Click OK to save settings. The new scanning profile is added under Profiles in the left pane.
Personalizing a Scanning Profile
The Scanning Profile Editor allows changing the following Scanning Profile settings:
- Vulnerability Assessment Options: specific checks, e.g., OVAL or CVE vulnerabilities and various patches.
- Network and Software Audit Options: port scanning, system enumeration, and OS information.
- Scanner Options: deals with timeouts, scanning threads, and other options for scanning.
Configuring Vulnerabilities and Patches
The Scanning Profile Editor Vulnerability Assessment Options tab allows you to configure which vulnerability and patches checks are performed when LanGuard is scanning targets with the selected profile. For example, you can skip some items from being detected in the first place instead of acknowledging or ignoring them after the scan.
Refer to the Configuring Vulnerabilities with Scanning Profile Editor and Configuring Patches with Scanning Profile Editor for the customization instructions.
Configuring Network and Software Audit Options
The default scanning profiles in LanGuard are already pre-configured to run many network and software audit checks on the selected target. You can customize the list of network and software audits executed during a scan or even disable in case you are interested only in the Vulnerability and Patches checks.
Refer to the articles below for the settings available in the individual Network and Software Audit sections:
- Configuring TCP/UDP Port Scanning Options with Scanning Profile Editor
- Configuring System Information Options with Scanning Profile Editor
- Configuring Device Scanning Options with Scanning Profile Editor
- Configuring Applications Scanning Options with Scanning Profile Editor
Configuring Security Scanning Options
Scanner Options tab allows you to configure various settings and timeouts of the scanning engine, mostly used for manual scans. These parameters are configurable for each Scanning Profile separately and define how the scanning engine will perform target discovery and OS Data querying.
IMPORTANT: Configure these parameters with extreme care! An incorrect configuration can affect the security scanning performance of LanGuard.
- From Scanning Profile Editor > Profile categories, select the category that contains the scanning profile you want to edit (example: Complete/Combination Scans).
- From the Profiles section, select the scanning profile you want to edit (example: Full Vulnerability Assessment).
- From the right pane, click Scanner Options.
- Configure the following parameters that determine the LanGuard scanning behavior:
| Parameter | Description |
|---|---|
| Network Discovery Methods | |
| NetBIOS queries | Enable/disable the use of NetBios queries to discover network devices. |
| SNMP queries | Enable/disable the use of SNMP queries to discover network devices. |
| Ping sweep | Enable/disable the use of Ping sweeps to discover network devices. |
| Custom TCP discovery | Discover online machines by querying for the specified open TCP ports. |
| Network Discovery Options | |
| Scanning delay | Enter the time interval (in milliseconds) between one scan and another. |
| Network discovery query responses timeout | Amount of time in milliseconds, the security scanner will wait before timing out when performing a machine discovery query (NetBIOS/SNMP/Ping). |
| Number of retries | The number of times the security scanner will retry to connect to a non-responsive machine before skipping it. |
| Include non-responsive computers | Run scans on all the PCs regardless of whether they are detected as being online or not. |
| Perform a TCP port probing to detect mobile devices | Perform a TCP port probing to detect mobile devices using known ports. |
| Network Scanner Options | |
| Scanning threads count | Enter the number of scan threads that can run simultaneously. |
| NetBIOS Query Options | |
| Scope ID | Used for NetBIOS environments requiring a specific scope ID to allow querying. |
| SNMP Query Options | |
| Load SNMP enterprise numbers | Specifies whether a security scanner should use the OID (Object Identifier database) containing ID to Vendor map to identify various devices. |
| Community strings | Specifies whether a security scanner should use the specified community string for SNMP server detection and information retrieval. |
| Global Port Query Options | |
| TCP port scan query timeout | The amount of time in milliseconds security scanner will wait during a TCP port scan before timing out and moving on to scan the next port. |
| UDP port scan query timeout | The amount of time in milliseconds security scanner will wait during a UDP port scan before timing out and moving on to scan the next port. |
| WMI Options | |
| WMI timeout | The amount of time in milliseconds security scanner will wait for a reply from the remote WMI server before timing out and moving on to the next scan item. |
| SSH Options | |
| SSH timeout | The time in milliseconds security scanner will wait for an SSH script to return before timing out and moving on to the next scan item. |
| Alternative SSH port | Alternative SSH ports to use when the default port 22 is unreachable. |
| Scanner activity window | |
| Type of scanner activity output | Activity progress modes: simple (basic progress - start / stop of operations) or verbose (more detailed information on process flow). |
| Display received packets | Output TCP packets in raw format as they were received by a security scanner. |
| Display sent packets | Output TCP packets in raw format as they were sent by a security scanner. |
| OS Information Retrieval Options | |
| Create custom share if administrative privileges are disabled | If administrative shares are disabled, the scanner will temporarily create a custom hidden share of the form $. The share is used to retrieve data that helps to identify vulnerabilities and missing patches. |
| Start remote registry | If the remote registry service is stopped on the scanned machine, enable this option to temporarily open it during the security scanning. |
Adding Custom Vulnerability Checks
LanGuard allows you to add custom vulnerability checks and even create new custom scripts that check for vulnerabilities. To add a custom check:
- Within the Scanning Profiles Editor, select the Scanning Profile that has Vulnerability Assessment Options enabled.
- Under the Vulnerability Assessment Options Vulnerabilities tab, select the Add... button.
- Configure necessary details under each tab of the Add vulnerability pane.
- Press the OK button
IMPORTANT: Changes made to existing vulnerability checks will be applied to all scanning profiles.
Security auditing scripts can be developed using the script editor that ships with LanGuard. Script creation is a complex and sensitive topic and is covered by LanGuard Scripting documentation, accessible from the installation links:
GFI does not support requests related to problems in custom scripts.
Running the script in GFI LanGuard without debugging is not recommended. If the script is not functional, you will not be able to identify why the script failed. In addition, improper coding can lead to infinite loops, which can stall the GFI LanGuard scanner.