Filtering with N.S.S. 8.0 (Full Version)

All Forums >> [Network Security] >> GFI LANguard Network Security Scanner



Message

ed gallagher -> Filtering with N.S.S. 8.0 (9.Apr.2008 1:20:48 PM)

I setup a scan to look for open ports which works fine, but I want to be able to filter so that I ONLY see suspicious ports i.e. ports that are not open by default like 139, 445 or 3389.  Is there a way to setup a filter to show all open ports except for these?

thanks



Sven Berger -> RE: Filtering with N.S.S. 8.0 (15.Apr.2008 2:38:14 AM)

Hi ed,

i think the problem here is the definition of "suspicious". Depending on the OS and the role that the machine is used for, there can be many more open ports than just "open by default" ones.

You COULD create a scanning profile that would only scan for those ports that are not open by default, but since there is currently no way to invert a selection of the port scanner (would be nice to have though, I feel another feature request coming on...) I'd suggest the following:

- run a complete port scan. This will return a list of all the open ports. Most of them are hopefully known to you as legitimate.
- create a new scanning profile based on the complete port scan and UNSELECT those that you know are legitimately open ports in your network. This way, such a scan will only ever return open Ports that you don't know as being "kosher".



kderenard -> RE: Filtering with N.S.S. 8.0 (28.Apr.2008 2:46:13 PM)

I am trying to run a scan that looks for shares with the "everyone" group. But if create a new filter and try to filter it by one of the choices I get no results, when I know the scan has some shares with everyone. Any ideas? 



DrewE -> RE: Filtering with N.S.S. 8.0 (28.Apr.2008 3:18:20 PM)

Could you please let us know what filter criteria you are using to to perform this check? Also, does GFI Languard Network Security Scanner accurately detect the shares without the filtering criteria?



kderenard -> RE: Filtering with N.S.S. 8.0 (28.Apr.2008 3:24:11 PM)

Sure, I created a new filter under Results Filtering and for the Conditions I added where Group Is found 'Everyone'. That is the only Querie listed in the filter. If I remove it I get the full report including all the shares with and without Everyone.




DrewE -> RE: Filtering with N.S.S. 8.0 (28.Apr.2008 4:08:34 PM)

The group criteria that you are using can only search if a certain group is found on the remote computer.  Currently, it cannot be used to search the groups that a share can access.   There is currently no filter criteria which allows you to search on which groups are allowed access to shares.



kderenard -> RE: Filtering with N.S.S. 8.0 (28.Apr.2008 4:12:04 PM)

That stinks. Seems like a simple enough request.



Page: [1]