GFI LANguard Network Security Scanner [8.0]

• GFI LANguard Network Security Scanner [8.0 New Licences]
• GFI LANguard Network Security Scanner [8.0 Software Maintenance]
• GFI LANguard Network Security Scanner [8.0 Additional Users]
• GFI LANguard Network Security Scanner [8.0 Version Upgrades]

• Support for OVAL: GFI LANguard N.S.S. 8 can now import and check networks using OVAL definitions. This database is the standard used to define the tests needed to check if weaknesses are present on a system. For more information on the OVAL database please refer to http://oval.mitre.org.
• Improvements to patch management: New patch management features contribute to an overall improvement of the patch management module. New features include patch rollback, multilingual patch autodownload, missing Windows Installer 3 notification, patch sort by severity and detection engine memory-use optimizations.
• Security Scanner optimizations: IT administrators now have the ability to configure up to 10 scanning threads. This enables them fully utilize their hardware and network infrastructure's potential
• Scheduled scan enhancements: GFI LANguard N.S.S. 8 keeps track of computers that are not scanned (such as laptops disconnected from the network) and performs scans on them as soon as these become available.
• Faster retrieval of Linux data: Linux data retrieval is now around 20 times faster than the previous version of GFI LANguard N.S.S.
• Revamped UI: GFI LANguard N.S.S. 8 is updated with cosmetic changes to the User Interface and Icons. New buttons were added and the GUI is re-organized with the categorization all the Main, Configuration and Tools options in three separate tabs. A restructure of the security scanner tree now also includes an improved categorization of the retrieved information, assisting users in browsing through the records retrieved.
• Unicode support: You can now scan multi-language networks from one central location and have all characters displayed correctly, whatever the language. For example, you can scan, from a Windows XP English Edition machine, computers having Chinese and Greek editions and everything will be displayed correctly.
• New scanning options: Dependencies on administrative shares have been removed through the addition of a new option in the scanning profiles. GFI LANguard N.S.S. now temporarily creates and uses a custom hidden share during scans.
• Remote registry scanning: In GFI LANguard N.S.S. 8 an option was added which, when enabled and if the scan is performed with proper rights, will temporarily start remote registry on the remote machine during the scan.
• Advanced scan range options: Added support for scanning CIDR subnets and the ability to specify addresses that are to be excluded from the scanning of a previously specified IP address range.
• Debug Enabled Warning Message: A warning message now lets the user know that the scanning speed is lower when debug is on.
• Enhanced troubleshooter: The wizard-assisted troubleshooter now incorporates better logging and new automated checks to assist users in identifying issues faster. It also assists users in resolving any issues encountered through in-program issue specific advice and links to GFI's Kbase articles.
• Enhanced auto-update System: The auto-updating system was improved so that urgent fixes arrive to the clients faster than it takes to download and install a new build.
• Support for Microsoft Windows Vista: GFI LANguard N.S.S. 8 now supports installation and scanning for vulnerabilities on Microsoft Windows Vista based computers
• Wizard assisted new custom vulnerability conditions setup: GFI LANguard N.S.S. 8 now incorporates an intuitive wizard that removes the complexity of custom vulnerability setup and configuration, enabling you to set-up custom vulnerabilities in the easiest way possible.
• Graphical Threat Level Indicator: Users can now easily determine their network's vulnerability level through a graphical scale that indicates the vulnerability level of any particular computer or groups of computers/networks.
• Improved status monitor: The GFI LANguard N.S.S. 8's status monitor has been upgraded with a global graphical threat level indicator and an autodownload queue viewer.
• Support for Microsoft Exchange Server 2007: GFI LANguard N.S.S. 8 now supports vulnerability scanning, identification and deployment of missing patches and service packs for Microsoft Exchange Server 2007.
• Support for Microsoft Office 2007: GFI LANguard N.S.S. 8 now supports vulnerability scanning, identification and deployment of missing patches and service packs for Microsoft Office 2007.

Vulnerability scanning
During security audits, over 15,000 vulnerability assessments are made and networks are scanned IP by IP. GFI LANguard N.S.S. gives you the capability to perform multi-platform scans (Windows, Mac OS, Linux) across all environments and to analyze your network's security health from a single source of data. This ensures that you are able to identify and remediate any threats before hackers manage to do so.

IMPROVED! - Identify security vulnerabilities and take remedial action
GFI LANguard N.S.S. scans computers, identifies and categorizes security vulnerabilities, recommends a course of action and provides tools that enable you to solve these issues. GFI LANguard N.S.S. also makes use of a graphical threat level indicator that provides an intuitive, weighted assessment of the vulnerability status of a scanned computer or group of computers. Wherever possible a web link or more information on a particular security issue is provided, such as a BugTraq ID or a Microsoft Knowledge Base article ID

IMPROVED! - Extensive, industrial-strength vulnerabilities database
GFI LANguard N.S.S. ships with a complete and thorough vulnerability assessment database, which includes standards such as OVAL (2,000+ checks) and SANS Top 20. This database is regularly updated with information from BugTraq, SANS Corporation, OVAL, CVE and others. Through its auto-update system, GFI LANguard N.S.S. is always kept updated with information about newly released Microsoft security updates as well as new vulnerability checks issued by GFI and other community-based information repositories such as the OVAL database.

Ensures that third party security applications such as anti-virus and anti-spyware offer optimum protection
GFI LANguard N.S.S. also checks that supported security applications such as anti-virus and anti-spyware software are updated with the latest definition files and are functioning correctly. For example, you can ensure that supported security applications have all key features (such as real-time scanning) enabled.

Easily creates different types of scans and vulnerability tests
You can easily configure scans for different types of information; such as open shares on workstations, security audit/password policies and machines missing a particular patch or service pack. You can scan for different types of vulnerabilities to identify potential security issues. These include:

• Open ports: GFI LANguard N.S.S. scans for unnecessary open ports and checks that no port hijacking is in force.

Unused local users and groups: Remove or disable User accounts no longer in use.

• Blacklisted applications: Identify unauthorized or dangerous software and add to blacklists of applications you want to associate with a high security vulnerability alert.
• Dangerous USB devices, wireless nodes and links: Scans all devices connected to USB or wireless links and alerts you of any suspicious activity.

NEW! - Setup your own custom vulnerability checks
GFI LANguard N.S.S. allows you to easily create custom vulnerability checks through wizard-assisted custom-vulnerability condition setup screens. You can also write complex vulnerability checks using the GFI LANguard N.S.S. VBScript-compatible script engine. GFI LANguard N.S.S. includes a script editor and debugger to help with script development.

Easily analyze and filter scan results
GFI LANguard N.S.S. enables you to easily analyze and filter scan results by clicking on one of the default filter nodes. This enables you to identify, for example, machines with high security vulnerabilities or machines that are missing a particular service pack. Custom filters can also very easily be created from scratch or customized. You can also export scan results data to XML.

Patch management
When a scan is complete, GFI LANguard N.S.S. gives you all the functionality and tools you need to effectively install and manage patches on all machines across different operating system platforms and 38 languages. GFI LANguard also allows auto-downloads of missing patches as well as patch roll-back. Custom software can also be deployed. This results in a consistently configured environment that is secure against all vulnerabilities.

IMPROVED! - Automatically deploy network-wide patch and service pack management
With GFI LANguard N.S.S. you can easily deploy missing service packs and patches network-wide. GFI LANguard N.S.S. is the ideal tool to monitor that Microsoft SUS is doing its job properly and it performs tasks SUS does not such as deploying Microsoft Office and custom software patches. GFI LANguard N.S.S. also provides you with new features such as patch auto-download and patch rollback. It is also Unicode compliant and able to support patch management in all the 38 languages currently supported by Microsoft.

Deploys custom/3rd party software and patches network-wide
Besides deploying patches and service packs, GFI LANguard N.S.S. enables you to easily deploy 3rd party software or patches network-wide. You can use this feature to deploy client software, update custom or non-Microsoft software, virus updates and more. The custom software deployment feature means you can do without Microsoft SMS, which is too complex and expensive for small to medium sized networks. View screenshot.

Network and software auditing
GFI LANguard N.S.S.'s auditing function tells you all you need know about your network - what USB devices are connected, what software is installed, any open shares, open ports and weak passwords in use. The solution's in-depth reports gives you an important and real-time snapshot of your network's status. Scan results can be easily analyzed using filters and reports, enabling you to proactively secure the network by closing ports, deleting users or groups no longer in use or disabling wireless access points.

Automatically receive alerts of new security holes
GFI LANguard N.S.S. can perform scheduled scans (for instance daily or weekly) and can automatically compare results to previous scans. Any new security holes or security setup changes discovered on your network are emailed to you for analysis. This enables you to quickly identify newly-created shares, installed services, installed applications, added users, newly-opened ports and more.

Check if security auditing is enabled network-wide
GFI LANguard N.S.S. checks if each NT/2000/XP/VISTA machine has security auditing enabled. If not, GFI LANguard N.S.S. alerts you and allows you to enable auditing remotely. Security event auditing is highly recommended because it detects intruders in real-time.

Scan and retrieve OS data from Linux systems
It is possible to remotely extract OS data from Linux-based systems and scan results are presented in the same way as for Windows-based computers. This means that both Linux and Windows-based computers can be analysed in a single scanning session! GFI LANguard N.S.S. includes numerous Linux security checks including rootkit detection. GFI LANguard N.S.S. can use SSH Private Key files instead of the conventional password string credentials to authenticate to Linux-based target computers.

Other features
Multiply the value of GFI LANguard N.S.S. with powerful reporting
Reports are designed to satisfy the requirements of both management and technical staff. These deliver a graphical snapshot of the security health status of your network. From trend reports for management (ROI) to daily drill-down reports for technical staff; the GFI LANguard N.S.S. ReportPack provides you with the easy-to-view information you need, to fully keep abreast of changes to your network's security environment. Full automation and custom scheduling provide you with true install-and-forget functionality!

NEW! - Helps to comply with PCI DSS and other regulations
As from September 2007 all businesses handling cardholder data - irrespective of size - have to be fully compliant with strict security standards drawn up by the world's major credit card companies. GFI LANguard N.S.S. provides complete vulnerability management coupled with an extensive ReportPack add-on that make GFI LANguard N.S.S. the essential, cost-effective solution that your organization needs to safeguard your network and gauge the effectiveness of your PCI compliance program.

Silent installation support
You can perform an unattended default installation of GFI LANguard N.S.S. on multiple computers in the background without any user interaction or intervention. Customization of the deployment parameters is also possible through the creation of Microsoft Transform (MST) files.

Predefine authentication details
GFI LANguard N.S.S. allows you to store separate authentication details for every target computer on your network, avoiding the need to specify authentication credentials prior to every scan. In a single scanning session, it is possible to audit all the targets in your network, even if they require different authentication details/methods.

UPDATED! - Other features:

• Automatically checks the password policy for all machines on the network
• Checks for programs that run automatically (potential trojans)
• Finds out if the OS is advertising too much information
• Performs simultaneous scans through the multithread scan engine
• Provides NetBIOS hostname, currently logged username and MAC address
• Provides a list of shares, users (detailed info), services, sessions, remote TOD (time of day) and registry information from remote computer (Windows)
• SNMP device detection, SNMP Walk for inspecting network devices like routers, network printers and more
• Offers alternative command line deployment tool
• Identifies all installed Windows services
• Support for Microsoft Windows Vista.

• Over 15,000 vulnerability assessments carried out across your network
• Reduces the total cost of ownership by centralizing vulnerability scanning, patch management and network auditing
• Provides customizable reports of scans performed across the whole network including applications and resources
• Helps IT administrators secure their networks faster and more effectively
• Prevents downtime and business losses due to vulnerability exposure
• #1 Windows commercial security scanner (voted by Nmap users for two years running).

A consultant license allows you to scan IPs that are not within your organization's control. This license is required if you are offering an uptime scanning service to your customers. All other licenses are for IPs that are under your organization's control.

A Software Maintenance Agreement is highly recommended for all products. This includes free software version upgrades, as well as email and phone support during office hours. A Software Maintenance Agreement must be purchased within 90 days from the date of product purchase and costs 20% of the published full product end-user list price per year. The minimum Software Maintenance Agreement fee per year is £75.

A Software Maintenance Agreement can only be purchased in 1-year intervals or multiples of 1 year. The starting date of a Software Maintenance Agreement is ALWAYS the date when the product was purchased, i.e., if you purchase on 1 May, then your Software Maintenance Agreement will also run from 1 May, and will expire a year after that. It is not possible to purchase maintenance for, say, 18 months. Software Maintenance Agreement renewals can only be purchased within 60 days of the original day of product purchase (for example, if your product was purchased on 12 July 2006, and you want to purchase a Software Maintenance Agreement renewal a year later, you can only do so within 60 days of 12 July 2007).

• Windows 2000 (SP4), XP (SP2), 2003, VISTA operating system
• Internet Explorer 5.1 or higher
• Client for Microsoft Networks component - included by default in Windows 95 or higher
• Secure Shell (SSH) - this is included by default in every Linux OS distribution pack.