Announcing NetFort LANGuardian 14.4.1
NetFort are delighted to announce the availability of the latest major LANGuardian release, V14.4.1. This release introduces some changes and new features to help with compliance monitoring, including a new compliance section presents reports for monitoring technical security compliance with CIS CSC 20 and GDPR. Highlights of this release include:
- SMB fileshare alerts on failed attempts to map network shares, create or read files and folders.
- Encrypted sessions analysis of SSL/TLS/QUIC versions and ciphers used
- Detect new server ports in use on your network
- New Applications in use black/whitelist.
- Allign report names more with compliance standards.
SMB fileshare alerts on failed attempts to map network shares, create or read files and folders
For some time now we have included a file activity monitoring feature in our LANGuardian product. It passively generates an audit trail of file and folder activity using network traffic as a data source. LANGuardian 14.4.1 extends this monitoring to now include the capture of failed access attempts. Many compliance standards require this so that you can detect anomalous activity where a user or device is attempting to access sensitive data.
You can read more about this feature in this blog post which looks at why is it important to monitor for failed access attempts. The screen shot below shows an example of the report output.
Encrypted sessions analysis of SSL/TLS/QUIC versions and ciphers used.
Since the mid 1990’s, SSL/TLS encryption has underpinned much of online security and is the defacto choice for encrypting our web based online shopping and payment transactions. SSL/TLS keeps our transactions private and unaltered. However, researchers and attackers have identified and published weaknesses in the aging versions of the protocols, from SSL2.0, SSL3.0, TLS1.0 and TLS1.1. and in the ciphers that they use.
LANGuardian 14.4.1 includes features that are useful for monitoring the status of SSL/TLS on your network. They include:
- Inventory of SSL/TLS servers
- Report on all the SSL/TLS sessions that have occurred on the network
- A filter is also provided for the ciphers that are used
Learn more in this blog post which looks at how to detect weak SSL/TLS encryption on your network. The sample report below shows how LANGuardian can be used to show use of weak SSL/TLS versions.
Detect new server ports in use on your network
Opening new ports on a server increases that servers attack surface. Keeping the attack surface as small as possible is a basic security measure. New ports become active if you install new software or if you enable a new service on the server. For important servers on your network you should have an inventory of what applications or services are running so that changes can be detected.
If compliance standards such as GDPR are a concern then server monitoring is not just a nice to have, it becomes mandatory. You must maintain an inventory of who is connecting to what if you store sensitive or personal data. LANGuardian 14.4.1 now logs certain information when a port becomes active on a server for the first time. Read more in this blog post which looks at how to detect new server ports in use on your network using LANGuardian. The screen shot below shows an example of the report output.
Applications in use. Build white or black lists
LANGuardian uses an advanced application recognition engine to report on network activity. Instead of matching up port numbers with application names, it analyzes packet payloads to work out what applications are in use. LANGuardian 14.4.1 now includes new report filters which allow you to build lists of white or blacklists. You can then use these lists to detect new applications in critical areas such as your server VLAN.
You can access these new filters in the Applications in Use report. Click on the Protocol dropdown to start to build application lists.
Select multiple protocols or applications to build white or black lists.
You can include or exclude certain applications.
One you have made your selection, you can save this as a custom report which will include the filter.
In my example I selected a series of email protocols which I can then use to watch out for any new email protocols in use.
Combine the application lists with an IP range to focus in on your server VLAN for example.
Align report names more with compliance standards.
LANGuardian 14.4.1 includes a new compliance section which groups reports for monitoring technical security compliance with CIS CSC 20 and GDPR standards. Many reports have been renamed so that they are more aligned with compliance standards. For example Top DNS Servers was renamed to DNS Servers. A full list of reports which were renamed can be found within the 14.4.1 release notes.