What are it's uses? I read the blurb about it on the website. It seems to be similar to a firewall because it detects intrusions.
Is this something that I can use in addition to my sygate firewall to secure my PC?
Are there any precautions I need to take while using it?
LANGuard: is it a firewall software?
LANguard
I am assuming you are referring to GFI LANguard. No, it is not a firewall. It is more like a network auditing sofware. It scans your network for possible security risks, and reports each one. The purchased version will patch certain vendor software.
Re: LANguard
Yes. I am referring to GFI Languard.Originally posted by burneco
I am assuming you are referring to GFI LANguard. No, it is not a firewall. It is more like a network auditing sofware. It scans your network for possible security risks, and reports each one. The purchased version will patch certain vendor software.
Will it also report security risks on a single PC connected to a cable modem? Sorry if this is a dumb question.
-
overheated
- New Member
- Posts: 11
- Joined: Sun Dec 29, 2002 12:51 am
yes it will....
it's actually rather neat. you can direct it to scan your public subnet and it'll return all the info on the machines connected to the same ISP subnet... really actually kind of amazing what you might find.... of course you would never use that information to your advantage if you wanted to keep in the good graces of your ISP
it's actually rather neat. you can direct it to scan your public subnet and it'll return all the info on the machines connected to the same ISP subnet... really actually kind of amazing what you might find.... of course you would never use that information to your advantage if you wanted to keep in the good graces of your ISP
Thanks for the info. Actually I want to keep my security checks only within my own LAN and not outside it. My replacement Nexland router just arrived by UPS and my network is in operation now.
Are there any precautions that I can take to avoid scanning any PCs other than my own? I dont want to get in trouble with my ISP. I havent even installed the software due to this fear. But I hear it is good to enhance security and I am eager to try it.
Are there any precautions that I can take to avoid scanning any PCs other than my own? I dont want to get in trouble with my ISP. I havent even installed the software due to this fear. But I hear it is good to enhance security and I am eager to try it.
-
Old Fart
- Regular Member
- Posts: 259
- Joined: Wed Jun 12, 2002 11:24 am
- Location: Jacksonville, Florida
I use languard from my office to scan our high speed users (DSL and T-1 customers) to be able to help them secure their systems. Also like to know who is running p2p software so they can be dealt with.
Actually from my perspective, I really like it, but it can be easily misused by those in the black hats.
Funny story - Scanned a subnet (DSL) one day and found a c:\ share on a customer's machine. Open to the world
Holy Jeebus! And Win98 to boot. Screaming HACK ME! So I tried to call, got no answer, and decided to leave a .txt note on her desktop for her to call me. No call. Did the same thing for 2 weeks every day, then decided to shut her circuit down, maybe then she'll return a call.......nope. A week later she calls, not about her DSL being down, but about some strange icons on her desktop...................
Actually from my perspective, I really like it, but it can be easily misused by those in the black hats.
Funny story - Scanned a subnet (DSL) one day and found a c:\ share on a customer's machine. Open to the world
Holy Jeebus! And Win98 to boot. Screaming HACK ME! So I tried to call, got no answer, and decided to leave a .txt note on her desktop for her to call me. No call. Did the same thing for 2 weeks every day, then decided to shut her circuit down, maybe then she'll return a call.......nope. A week later she calls, not about her DSL being down, but about some strange icons on her desktop...................I have all the money I'll ever need...... if I die by 4 this afternoon - Groucho Marx
When I think of those whom I respect the most, you are there.....serving them drinks.
Expectations Vs. Reality
Run a web-based antivirus scan
HELP!! I have a virus, how do I get rid of it????
Minimum permissions REQUIRED for running IIS5
When I think of those whom I respect the most, you are there.....serving them drinks.
Expectations Vs. Reality
Run a web-based antivirus scan
HELP!! I have a virus, how do I get rid of it????
Minimum permissions REQUIRED for running IIS5
-
cruelsun
LANGuard
Old Fart is correct (not that I ever doubted him), it will show open shares as well as other vulnerabilities on your network machines. Don't wory about scanning other machines on the WAN of your provider. Scan only the IP addresses of your machines.
You'll find out what ports are open on your machines as well.
LANGuard also makes nice HTML reports per scan. Which can be great for future reference.
Install it. It's great. I believe the newest version, 3 is not free, but the older version..... 2.0 is free for personal use.
You'll find out what ports are open on your machines as well.
LANGuard also makes nice HTML reports per scan. Which can be great for future reference.
Install it. It's great. I believe the newest version, 3 is not free, but the older version..... 2.0 is free for personal use.
-
Old Fart
- Regular Member
- Posts: 259
- Joined: Wed Jun 12, 2002 11:24 am
- Location: Jacksonville, Florida
Good point Cruelson
DON'T use Languard to scan random IP addresses or subnets outside your network.
Anyone running a half decent firewall will get a report of you attempting to connect to every common port on their machine, including your IP address and what you scanned them with.
This can be and IS an intrusion attempt on your part. A mini hacking attempt. It can be grounds for your ISP to decide they no longer want your business. I am a SysAdmin for a small local ISP. I use the program to scan the subnets that we own to make sure my customers are protected from themselves. It is way too easy to set up a webserver improperly.
Anyone running a half decent firewall will get a report of you attempting to connect to every common port on their machine, including your IP address and what you scanned them with.
This can be and IS an intrusion attempt on your part. A mini hacking attempt. It can be grounds for your ISP to decide they no longer want your business. I am a SysAdmin for a small local ISP. I use the program to scan the subnets that we own to make sure my customers are protected from themselves. It is way too easy to set up a webserver improperly.
I have all the money I'll ever need...... if I die by 4 this afternoon - Groucho Marx
When I think of those whom I respect the most, you are there.....serving them drinks.
Expectations Vs. Reality
Run a web-based antivirus scan
HELP!! I have a virus, how do I get rid of it????
Minimum permissions REQUIRED for running IIS5
When I think of those whom I respect the most, you are there.....serving them drinks.
Expectations Vs. Reality
Run a web-based antivirus scan
HELP!! I have a virus, how do I get rid of it????
Minimum permissions REQUIRED for running IIS5
-
cruelsun
Caught in the act
I learned that not too long back. In an attempt to learn more about networking a friend had scanned a few different networks and was warned by their ISP when one network admin/user complained.
Have any of you used GFI's S.E.L.M.? How is it?
I know that it audits internal LAN users misusing system resources. But does it detect external hackers unauthorizedly logging into your machine?
Edited to add: This post probably belongs in the security forum. Mods please feel free to move if necessary. Thanks.
I know that it audits internal LAN users misusing system resources. But does it detect external hackers unauthorizedly logging into your machine?
Edited to add: This post probably belongs in the security forum. Mods please feel free to move if necessary. Thanks.
I installed SELM yesterday.
Today I got the following scary warning from it regarding my NT machine:
----
LANguard S.E.L.M. critical security level warning :
Event Origin Details:
S.E.L.M. Event ID: XXXXXX
Date & Time: 1/7/2003 - 12:40:33 AM
Within N.O.Time: No
Source: Security
Computer: XXXXXXX
User: NT AUTHORITY\SYSTEM
The audit log was cleared
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (xxx)
Client User Name: Administrator
Client Domain: XXXXXXXX
Client Logon ID: (xxx)
The Audit Log on machine XXXXXX was cleared by user Administrator on domain XXXXXX.
Possible causes for the generation of this event are
(1) When a certain limit is exceeded the event log is cleared
(2) This could be an attempt to hide an intrusion.
--------
Is it normal for audit logs on NT4.0 server to be cleared automatically?
Today I got the following scary warning from it regarding my NT machine:
----
LANguard S.E.L.M. critical security level warning :
Event Origin Details:
S.E.L.M. Event ID: XXXXXX
Date & Time: 1/7/2003 - 12:40:33 AM
Within N.O.Time: No
Source: Security
Computer: XXXXXXX
User: NT AUTHORITY\SYSTEM
The audit log was cleared
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (xxx)
Client User Name: Administrator
Client Domain: XXXXXXXX
Client Logon ID: (xxx)
The Audit Log on machine XXXXXX was cleared by user Administrator on domain XXXXXX.
Possible causes for the generation of this event are
(1) When a certain limit is exceeded the event log is cleared
(2) This could be an attempt to hide an intrusion.
--------
Is it normal for audit logs on NT4.0 server to be cleared automatically?