|
After a brief hiatus, I am glad to get this final installment of Network Security Scanner 7 posted! As promised we are going to look into configuration of N.S.S. 7 scanning options. After you open the application, just under the configuration node you have the option to create a custom scanning profile for you network or you can accept the defaults. You can of course make changes to the defaults, which is what I did.
When you expand the default node, you can then make changes to the following scanning options: TCP Ports, UDP Ports, OS Data, Vulnerabilities, Patches, Scanner Options, Devices, and Applications. The TCP ports settings allow you to select all ports (1-65535) or check the more common troublesome ports, such as PCAnywhere, Napster, Dolly and even many worm ports. The UDP ports works in a similar fashion. Support scanning ports typically scans ports used by Deep Throat, and Back Orifice. I work with the standard default ports. The OS Data scan retrieves PDC, BDC information as well as shares, groups, and logged users. Also policies, processes services, and sessions. You can accept the defaults or turn them off or on. The Vulnerabilities section scans for CGI, DNS, FTP, Mail, RPC, and Registry settings. This is a very detailed area of the application, and it pays to pay close attention to the default settings. Literally hundreds of potential issues are scanned by default. I too have all the default scans enabled, and have found that it is more than satisfactory for us. **Spoiler Alert** GFi is planning on releasing Network Security Scanner 8 by the end of March that adds support for Windows Vista, and automated patch management with both Microsoft Bulletin updates and OVAL databases.** N.S.S.7 scans for missing OS patches and updates, and MS Office patches. Currently it will detect the missing patches, and notifies you via e-mail or the optional report pack. You can download and deploy these patches, as well was deploy software network wide. The soon to be released version 8, will automatically update client machines. I personally like the tool to deploy software such as upgrades from N.S.S.7, and can choose options to silently install. This makes life a little easier to network admins. Scanner Options allow you to configure both Network discovery methods, and options, as well as SNMP queries, Global Port Queries, WMI and SSH settings. It is recommended that you stick with the defaults here. Quite honestly, I have never made changes to these settings, and all is well. The Devices section allows to configure warnings for allowed or "blacklisted" USB and Network Devices. In this day of flash Drives, iPods, PDA's and so on it’s a great way to stay on top of these network treats. The daily e-mail report get tells me what machine has a blacklisted device attached. I strongly advise that you consider GFi EndPoint Security to work with N.S.S.7. It makes a great team, and can ease your mind that your valuable data is protected. Finally, the Applications section is where you can add programs that you don't want installed on client PC's such as KAZA, Bear Share and the like. N.S.S.7 will also advise you that certain anti spyware applications are in need of updating. As soon as Network Security Scanner 8 is released, I will be providing some information on the major differences (a new interface is in the offing). As you can see N.S.S.7 is a critical part of network management, and by using this tool provides a high level of protection at low cost. Next we look at the N.S.S.7 Report Pack |
