Review: LANGuard Network Security Scanner

The system is agentless and uses integral Server Message Blocks services to query Windows and Unix systems. This allows access to the inventory for each machine. The user interface is split and scans list found resources in the discovery pane while scan progress is followed in the debug pane.

Scanning can be executed for a computer through its IP address or host name, but wider scans can cover IP address ranges, a list of computers, or a selection from specific domains. When a grouping is defined, it can be saved.

An updated list of patches and security bulletins is kept on the server (downloaded from Microsoft's website; GFI keeps a list of BugTraq vulnerabilities for Unix).

The product, as well as patching, checks for services running on Windows machines, open ports and manages a password policy. It provides alerts and suggests actions for security issues relating to email services and registry issues.

Advanced users can use the script engine for customized security routines to automate scan schedules. The script editor includes a debugger and a syntax checker to help the developer. One feature is to package customized software to issue fixes for in-house software or adapt non-Microsoft updates and patches for deployment. Reports are generated in HTML and XML so they can be viewed with a browser, but LANGuard does not provide the necessary website structure.

The software was easy to install and easy to follow. It did a solid job even though the interface is not as jazzy as Ecora's or Shavlik's.

For:

Easy to install, has a reasonable scope for defining scans and gives extra information on system security.

Basic user interface. Discovery-pane tree structure can be confusing when too many branches are open.

LANGuard's role in a broader management framework means that patching services lack sophistication.