Little Administrative Effort

 
 
By Matthew Sarrel  |  Posted 2009-03-10 Print this article Print
 
 
 
 
 
 
 


 

While configuring scans, I had the option of providing Windows or SSH credentials to gain access to systems in order to perform deeper scans. I could also apply rules for auto-remediation, such as download and install missing patches or services packs, or uninstall non-whitelisted applications. In a simple environment, the auto-remediation features provided by the combination of LANguard and WSUS (Windows Software Update Services) could keep endpoints ship-shape with almost no administrative effort. Just let everything run as planned and review reports when you get to work in the morning.

Patch management is provided via tight integration with WSUS, a free tool provided by Microsoft that can be used to deploy updates to Microsoft Windows Server 2000 and higher, Windows XP and higher, and other Microsoft applications, such as Exchange 2003 and higher and Office XP and higher. WSUS allows a local administrator to test and approve updates from the public Windows Update site before company-wide deployment. Patch deployment can be scheduled and reported.

LANguard adds the ability to deploy third-party software and patches as well as deployment to Windows NT.

Once I installed WSUS on my Windows Server 2008 and pushed the clients to my Windows XP Professional SP3 workstations, scanning and patching was easy. I had a great deal of control over when security updates and service packs were downloaded, plus I could approve each patch before pushing it to clients. In the event of an incompatibility, I could remove patches just as easily as I applied them.

Report Center and the Report Pack, offered as free add-ons, are strong points of the solution. After running a scan, I launched the GFI LANguard ReportPack and imported scan results with the click of a button. From there I was given a list of different reports grouped by topic.

Executive reports provide overview and trend analysis with such reports as Network Vulnerability Summary and Network Vulnerability Trend. Statistical reports provide information related to vulnerability and operating system and include OS Service Pack Distribution, Vulnerability Distribution by Host and Vulnerability Distribution by OS. Technical reports provide technical information on vulnerabilities, missing patches and open ports, including reports such as Installed Patches Grouped by Host, Missing Patches Grouped by OS, Open Trojan Ports by Host and Vulnerability Listing by Host.

I could quickly generate reports such as Open Trojan Ports, Vulnerable Hosts based on Missing Patches and Vulnerable Hosts based on Open Ports. These reports can be scheduled and automatically distributed via e-mail, printed or exported to HTML, PDF, XLS, DOC or RTF for inclusion in more comprehensive reports of network health. A feature that made my life easier is the ability to bookmark the reports that I found the most useful. However, I found the mechanic of running scans in one application and running reports in another to be unwieldy and cumbersome; it's best to filter (by workstation, for example) before exporting from LANguard, but that requires knowing what you want to see in a report before even launching Report Center.

A one-year license starts at $32 per IP address, $10 per IP for 100-249 IP addresses, $4 per IP for 3,000-3,999 IP addresses.

Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services, and consulting firm in New York City.



 
 
 
 
Matthew Sarrel Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel