Security Audit How-To

• Network Setup

Monday, March 21, 2005

You will need to be connected to the network, and have GFI LanGuard N.S.S. installed in order to perform these tasks. If you don’t have these installed, get one of the internal engineers to assist you in the installation and configuration. Once you are setup, at your client’s location, you will have to connect to a network, probably through a CAT 5 connection in their server-room at a switch/hub, or at another location in the office area. It is necessary to be connected to the LAN that the rest of the workstations on the domain are connected to. You will also need a domain administrator’s username and password. If the clients IP addresses are served via DHCP, then you can simply start scanning with GFI. If not, you will have to find out what the address scheme is from a workstation on the LAN. The easiest way to do this is by going to Start, Run…, and type cmd in the open box. Then click the OK button.

Once your CMD window is open, type the command ipconfig /all. You should get a screen that looks a little like this one. You may have to click the “maximize” button to see all of it. The Maximize button-----

The best way to change your IP is to go to Start, Control Panel. Once in control panel, go to Network and Internet Connections in Category View (Windows XP), or Network Connections in Classic View (Windows XP, 2000). Find the device called Local Area Connection, right click, and choose Properties. You should see a window like this.

Next, highlight Internet Protocol (TCP/IP), and click the Properties button.

Click the “Use the following IP address, and type in similar settings to that of the machine you checked, but make sure that the last number of the IP is different. No two machines with the same IP address are allowed on the network, so you may get an error if you choose one that already exists. If so, just change the last digit of the IP until you get no error. Duplicate all the rest of the settings, like Subnet Mask, Default Gateway, and DNS servers.

GFI Setup

If you don’t have GFI set up for reporting, you need to do this step. Open GFI LanGuard N.S.S. rightclick Scan Filters and click New, Filter…

Give your filter a meaningful name, like MyCompany. Then, exclude your workstation from all scan reports by clicking Add and selecting the Hostname option and clicking next. Change the condition to read “Not Equal To”, fill in your machine name, then click Add.

Now you must select the correct items to report on. Select all the items pictured below. The left screen shows the first few items, and the right is simply a scrolled view. Make sure everything beneath Vulnerabilities is selected. Click Ok when you are done.

The next step is to perform the GFI security scan. Run GFI LanGuard Networks Security Scanner. If you are in a domain, choose alternative credentials, supplied by the contact, i.e. the domain admin in the Using box. Next, type in the domain\username in the User Name box. Finally type in the password in the Password box. If you are NOT in a domain, select “A Null Session” from the Using box. Then in the Scan Target box, type in the IP range of the network, discovered by setting up your PC manually, as shown on page one, or open a CMD window, and obtain that information, again as outlined on page one. Enter the IP range, as in the example below. Press the Scan button.

It will take approximately 40 minutes for a 25 PC environment. Once it is completed, you will see something that looks like this. Click on the MyCompany Scan Report and review your new scan.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.