“GFI LANguard Tecnology”
Name : Widi Rahman Adiat
Rangga Dias
Faculty : Mr. Musawarman
Semester : 4 ( Four )
Quarter : 6 ( Six )
Gedung Pascasarjana Lantai 1 Engineering Universitas Indonesia
Kampus Baru UI Depok 19424
CHAPTER 1
Introduction
1.1. Background
For years a lot of office administrator faces several networking security problems such as Network Auditing, Patch, and Vulnerability Management. Many company whatever they are small or large domain network had face a networking security problems such as hacking, unauthorized application, and irresponsible users, of course is it became very dangerous if it can be effecting an important data.
So the network administrator must installed software which can manage and resolve this problem. There are many applications which have an ability to resolve these networking security problems. And one of these kind applications is GFI LANguard which contains several functions: such as scanning, managing and auditing network structure, so the security issue can be resolved.
1.2. Objective
Hopefully all of us understand how GFI LANguard can resolve many networking security problems, then how it works on a network.
1.3. Problem Definition
We just explain what are GFI LANguard, how it works, features of it and the implementation and benefit of this technology.
1.4. Writing Structure
In this paper, we will divide become four Chapter. We will formulate to become three chapters so that the readers more understand. There is:
CHAPTER 1 INTRODUCTION
1.1.Background
1.2.Objective
1.3.Problem Definition
1.4.Writing Structure
CHAPTER 2 BASIC THEORY
CHAPTER 3 DISCUSSION
3.1.Problem Statement
3.2.Problem Solution
3.3.Features of this Application
3.4.How the Application Works and Resolve The problems
CHAPTER 4 SUMMARY
3.1. Conclusion
CHAPTER 2
About The Application
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale.
GFI LANguard Security Event Log Monitor (S.E.L.M.) performs event log based intrusion detection and network-wide event log management. GFI LANguard S.E.L.M. archives and analyzes the event logs of all network machines and alerts you in real time to security issues, attacks and other critical events. GFI LANguard S.E.L.M.'s intelligent analysis means you do not need to be an 'Event Guru' to be able to: Monitor users attempting to access secured shares and confidential files; Monitor critical servers and create alerts for specific events and conditions occurring on your network; Back up and clear event logs automatically on remote machines; Detect attacks using local user accounts; and much more.
CHAPTER 3
Problem Analysis
3.1. Problem Statement
In this case PT. Karya Abadi Sentosa as distribution services company which use small domain network, they face three main security problems, the first problem is their network has been interrupted with irresponsible person, who suddenly known as an employee of this company to, he interrupt some data in database which is must be restricted and secure, what if that person is a people from opponent company, of course is it very dangerous if he can see and steal an important data, the second is sometimes several employees install unknown application which caused many problems like networking error, system fail, data loss, and many more and can be effected security issue, then the last is that they even ever have auditing their network structure since it built for a years.
3.2. Problem Solution
So the administrator must installing software or application which can manage and resolve this problem. Then the administrator installing GFI LANguard which has an ability to scan and manage networking structure. This application has much ability to resolve it such as scanning, managing and auditing network infrastructure. When a network scan is complete, GFI LANguard’s patch management capabilities give you all the functionality and tools you need to effectively deploy and manage patches on all machines across different Microsoft operating systems and products in 38 languages. Apart from automatically downloading missing Microsoft security updates, you can also automatically deploy the missing Microsoft patches or service-packs throughout your network at the end of scheduled scans.
GFI LANguard’s network auditing function tells you all you need know about your network by retrieving hardware information on memory, processors, display adapters, storage devices, motherboard details, printers, and ports in use. Using baseline comparisons you can check whether any hardware was add/removed since last scan. GFI LANguard can also identify and report on unauthorized software installations and provide alerts or else automatically uninstall these unauthorized applications whenever they are detected on the network.
3.3. Features of this Application
This Application integrated vulnerability management ability such as: security scanning patch management and network auditing trough a single integrated console. By scanning entire networks, it can identify all possible security issues and extensive reporting. It also provides you with tools you need to detect assess report and rectify any threats.
1. Vulnerability scanning
During security audits, over 15,000 vulnerability assessments are made and networks are scanned IP by IP. GFI LANguard gives you the capability to perform multi-platform scans (Windows, Mac OS, and Linux) across all environments including Virtual Machines and to analyze your network’s security set-up and status.This ensures that you are able to identify and rectify any threats before hackers manage to do so.
· Detection of Virtual Machines
· Set-up your own custom vulnerability checks
· Extensive, industrial-strength vulnerabilities database
· Identify security vulnerabilities and take remedial action
· Ensures that third party security applications such as anti-virus and anti-spy ware offer optimum protection
· Easily creates different types of scans and vulnerability tests
o Open ports
o Blacklisted applications
o Dangerous USB devices, wireless nodes and links
· Easily analyze and filter scan results
2. Patch management and remediation
When a scan is complete, GFI LANguard gives you all the functionality and tools you need to effectively install and manage patches on all machines across different Microsoft operating systems and products in 38 languages. GFI LANguard also allows auto-downloads of missing patches as well as patch roll-back. Custom software can also be deployed. This results in a consistently configured environment that is secure against all vulnerabilities
· Automatically deploy network-wide patch and service pack management
· Automatic remediation of unauthorized applications
3. Network and software auditing
GFI LANguard’s auditing function tells you all you need know about your network – what USB devices are connected, what software is installed, any open shares, open ports and weak passwords in use and hardware information. The solution’s in-depth report gives you an important and real-time snapshot of your network’s status. Scan results can be easily analyzed using filters and reports, enabling you to proactively secure the network by closing ports, deleting users or groups no longer in use or disabling wireless access point.
· Extended Hardware auditing facility
3.4. How to deploy the Application?
To resolve the problems faced we use GFI LANguard S.E.L.M. The main design concept behind GFI LANguard S.E.L.M. is to make event log monitoring possible without installing an agent or client on each machine to be monitored. This way, the administrator can avoid a lot of extra configuration and maintenance.
GFI LANguard S.E.L.M. has operational components and user interface components. By default, both are installed but it is possible to install only the operational components (except if you use Microsoft Access as a backend). Here is a list of the components that are installed:
Operational components (not visible/accessible by the user)
1. GFI LANguard S.E.L.M. collector agent service
2. GFI LANguard S.E.L.M. alerter agent service
3. GFI LANguard S.E.L.M. archiver agent service.
User interface components (visible/accessible by the user)
1. GFI LANguard S.E.L.M. Configuration MMC snap-in
2. GFI LANguard S.E.L.M. Event Viewer MMC snap-in
3. GFI LANguard S.E.L.M. Reporter MMC snap-in
4. GFI LANguard S.E.L.M. support tools.
The image below shows how GFI LANguard S.E.L.M. components work together.
Overview of how GFI LANguard S.E.L.M. works
When GFI LANguard S.E.L.M. uses MS SQL Server as a database, that SQL Server need not be located on the same machine as GFI LANguard S.E.L.M. Also, if using SQL or MSDE, you can have multiple GFI LANguard S.E.L.M.s writing on the same SQL backend. The advantage of this is that, in large networks, you can deploy multiple collectors/analyzers but still have one consolidated database of events.
For small sites where low information volume is to be collected, GFI LANguard S.E.L.M. can be configured to use the MS Access database as a backend.
When the information size grows, then GFI LANguard S.E.L.M. should be configured to use an MS SQL Server as a backend. MS SQL Server allows for better scalability, management of the database as well as increased performance.
GFI LANguard S.E.L.M. identifies computers via computer name or IP. If NETBIOS-compatible computer names are used, you have to ensure that your DNS service is properly configured for name resolutions. Unreliable name resolution will downgrade system performance dramatically. Note that if you disable NETBIOS over TCP/IP, you can still use GFI LANguard S.E.L.M, however you must specify computer name by IP.
Deploying examples
If you have a larger network, for example 50 servers and 1,000 workstations, it is best to deploy multiple GFI LANguard S.E.L.M. installations. In order to keep data centralized, we recommend using a single SQL server as a backend and having each GFI LANguard S.E.L.M. installation write to the same SQL server backend.
For 50 servers and 1,000 workstations, for example, you can use 5 GFI LANguard S.E.L.M. installations, each monitoring 10 servers and 200 workstations, writing to the same SQL database.
Single/multiple domain environment
If you have multiple domains, then we recommend – both for bandwidth and security reasons – that you have at least one GFI LANguard S.E.L.M. installation for each domain. Each installation would write to its own database backend. If you want to connect these databases to one single database, use the GFI LANguard S.E.L.M. connector.
Ports and protocols used by GFI LANguard S.E.L.M.
GFI LANguard S.E.L.M. uses RPC over SMB to retrieve events, and therefore requires ports 445 and 139 to communicate with the target machine. (If GFI LANguard S.E.L.M. is using its WAN Connector - which uses DTS in order to retrieve the data - or a SQL Server database, then it also requires the SQL port, which by default is 1433.) This traffic is secured by default using Windows 2000/XP Kerberos or Windows NT LM2. Therefore, the traffic and the event data cannot be tampered with. Traffic from the queried machine travels back to the original machine on the initial source port.
Computer identification considerations
GFI LANguard S.E.L.M. identifies computers via computer name or IP. If NETBIOS-compatible computer names are used, you have to ensure that your DNS service is properly configured for name resolutions. Unreliable name resolution will downgrade system performance dramatically. Note that if you disable NETBIOS over TCP/IP, you can still use GFI LANguard S.E.L.M., however you must specify computer name by IP.
CHAPTER 4
Summary
4.1. Conclusion
This application is very suited for resolving kinds of network security problem, because it contains many compatible features for taking scan, audit, and monitoring network process.
Using this application for maintaining a network can caused many benefit such as;
1) Powerful network security and port scanner with network auditing capabilities.
2) Over 15,000 vulnerability assessments carried out across your network, including virtual environment.
3) Reduces the total cost of ownership by centralizing vulnerability scanning, patch management and network auditing
4) Automated options help to retain a secure network state with minimal administrative effort.
5) A network-wide auditing function provides a complete picture of network and port security set-up.
6) #1 Windows commercial security scanner (voted by Nmap users for two years running) and Best of TechEd 2007 (security).
The administrator should use this application for resolving all problems faced, consider with all this benefits that contained in this application, and it is very recommended for people who looking a secure networking environment for saving important data.
Bibliography
http://www.gfi.com/lannetscan/
Tidak ada komentar:
Posting Komentar