 |
|
LANguard S.E.L.M
Brief product
description
LANguard S.E.L.M. is a centralised security
event log scanner that retrieves all event logs from servers and workstations
and alerts the administrator of security breaches for immediate intrusion
detection (host based). By analysing Windows NT/2000 event logs in real time,
LANguard S.E.L.M. can alert you about significant security events happening on
your workstations and servers (for example, a user attempting to log on as an
administrator, or a person being added to the administrator group). Because
LANguard analyses the system event logs, rather than sniffing network traffic
like traditional IDS products do, LANguard S.E.L.M. is not impaired by switches,
IP traffic encryption or high speed data transfer.
Architecture
Host-based
At what layer of the
protocol stack is the product working?�
N/A
Documentation
Product info: http://www.gfi.com/lanselm/index.html
Manual: http://www.gfi.com/lanselm/lanselmdownloads.htm
FAQs: http://www.gfi.com/lanselm/lanselmfaq.htm
Getting Started: http://www.gfi.com/lanselm/lanselmstart.htm
What are the
minimum/recommended console OS and hardware requirements?�
Is a dedicated machine
required/recommended?�
Will it work on Windows 2000?
System Requirements: Windows 2000 Pro or server
or Windows NT server to run LANguard S.E.L.M.; Servers & clients to monitor
must be running Windows NT or Windows 2000
What are the
minimum/recommended agent OS and hardware requirements?�
Is a dedicated machine required/recommended?�
Will it work on Windows 2000?
Windows NT or 2000
What components are
installed on a detector
None
Which network types
are supported
All
Any specific
recommendations for monitoring Gigabit networks with your product?�
None
Which OS platforms are
actively monitored?�
Windows NT/2000
Can sensors/detectors
be deployed and configured initially from a central console?
N/A
Once deployed and
configured, can sensors/detectors be managed from a central console?�
N/A
Authentication between
console and engines - Is it available? What algorithm/key lengths?�
N/A
Secure logon for
policy management?�
N/A
How are policies
distributed to engines?�
N/A
How are policy changes
handled? Will the central console detect which agents are using a changed policy
and redeploy automatically, or does the administrator have to do this manually?�
N/A
How many attack
signatures?�
N/A
Can the administrator
define custom attack signatures?�
Yes (event log entries)
How are new attack
signatures obtained and deployed?�
N/A
Frequency of signature
updates? Provide dates of all updates in the last year.�
N/A
What infrastructure do
you have behind the signature update process (i.e. dedicated team of engineers?
How many? Does it have a name?)�
N/A
Can one signature
update file be downloaded to the local network and used to update all IDS
engines from a central location, or is it necessary to initiate a live
connection to the Internet download server for each engine?
N/A
Can signature updates
be scheduled and fully automated?�
N/A
What network protocols
are analysed?�
N/A
What application-level
protocols are analysed?�
N/A
Can the product
perform protocol decodes?�
N/A
Can the product
perform session recording on suspect sessions?�
N/A
Block/tear down
session?�
N/A
Ability to monitor
user-defined connections (i.e. report on an FTP connection to a specific
server?)�
Yes
Monitor changes in
critical system files?�
Yes
Monitor changes in
user-defined files?�
Yes
Monitor changes in
Registry?�
Yes
Monitor unauthorised
access to files?�
Yes
Monitor administrator
activity (creation of new users, etc)?
Yes
Monitor excessive
failed logins?�
Yes
List any other
resources/locations that are monitored.
Any security event logs of any Windows NT 4.0 or higher or Windows
2000 OS (see also white paper attached).
Track successful
logins, monitoring subsequent file activity, etc?�
Yes
Detect network-level
packet based attacks?�
No
Detect all types of
port scans (full connect, SYN stealth, FIN stealth, UDP)?�
No
Detect and report on
nmap OS fingerprinting?�
No
Perform packet
reassembly? Resistance to known IDS evasion techniques?�
No
Reconfigure firewall?
If so, which firewall(s) and how?�
No
Option to record
everything for "forensic" investigation?��
Yes
Where is this data
stored? How is it secured from tampering?
Central database
Reporting from engine
to console - range of action/alert options (detail these)�
N/A
What provision is made
for temporary communications interruption between detector and console? Where
are alerts stored? Is the repository secure?�
Events are always stored in local event logs until retrieved by
LANguard
Can alerts be reported
to the central console in real time without the use of third party software? How
easy is it to filter and extract individual events?�
N/A
Does the software
offer advice on preventative action to ensure the attack does not happen
again?�
Yes
Integration with other
scanning/IDS products?�
No
Log file maintenance -
automatic rotation, archiving, reporting from archived logs, etc.�
Yes
Management reporting -
range of reports/custom reports/how easy is it to filter and extract detail?
Different reports for technicians and management/end users?�
Yes
Report management -
can they be scheduled for automatic production? Can they be e-mailed to
administrators or published straight to a Web site?
Yes
What are the
limitations and restrictions on enterprise-wide alerting and reporting? Can
reports consolidate output from every 1) server, 2) detector.
Only from server.
Define custom reports?
Please see manual.
How is it licensed?
How is the license enforced?
It is licensed per monitored workstation and server.
Any other unique
selling points?
Please see white paper and brochure text: http://www.gfi.com/lanselm/index.html).
End user pricing
information�
Please see http://www.gfi.com/lanselm/lanselmpricing.htm) for US$
pricing and http://www.gfi.com/lanselm/lanselmukpricing.htm for UK pricing.
Please note that, for example, a copy of LANguard S.E.L.M. for 3 servers ($350)
and 50 users/workstations ($595) would cost US$945
Ongoing cost of
maintenance/updates
20%
Click here
to return to the LANguard S.E.L.M Review
Click here to return to the IDS Index Section
Send mail to webmaster
with questions or�
|