OVAL - Compatibility Questionnaire: GFI LANguard Network Security Scanner

Compatibility Questionnaire: GFI LANguard Network Security Scanner — Archive

Important: The OVAL Compatibility Program was moved to "archive" status in December 2009, and replaced with the "OVAL Adoption Program." Under the OVAL Adoption Program product validation is performed by an external organization, allowing the OVAL Team to focus on educating vendors on best practices regarding the use and implementation OVAL and on how OVAL can continue to evolve as needed by the community.

Refer to the OVAL Adoption Program section for addition information and to review all products and services listed.

General Capability Questions | Accuracy Questions | Documentation Questions | Capability Specific Questions | Statements

Organizational Information

Name of Your Organization:

GFI Software Ltd.

Web Site:

http://www.gfi.com

Product Information

Product/Service Name:

GFI LANguard Network Security Scanner

Compatible Categories:

OVAL Definition Producer (Planned)
OVAL Definition Consumer (Beta)
OVAL Results Producer (Planned)
OVAL Results Consumer (Planned)

Product/Service Home Page:

http://www.gfi.com/lanss

General Capability Questions

Product Accessibility

Provide a short description of how and where your capability is made available to your customers and the public:

Product can be downloaded from our web site at http://www.gfi.com/lanss

Accuracy Questions

Language Version Indication

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content:

This point is not applicable to this product. The content is downloaded, processed, and outputted in proprietry formats by the GFI Labs. The processed content is packaged together with other updates for the product and made available on the GFI servers for downloading by clients.

This was done purposely to avoid inconsistencies when OVAL decides to update its definition file schemas. To this effect what was important to end users is to understand the source of the vulnerability check (OVAL ID), description and any other information which is relevant to this reported vulnerability by OVAL or other sources (including GFI).

Approach for Correction of Errors

Indicate how a user who discovers an error in the capability's use of OVAL can report the error:

Errors, updates and inconsistencies are reported through our support email address support@gfi.com who will escalate the issue to our GFI Security Labs for review.

Describe the approach to responding to the above error reports and how applicable fixes will be applied:

Once the submitted content/update details are reported, GFI Security Labs will process the report and were applicable issue an immediate update. Were applicable the reported content will be sent to the OVAL authority for updating of main source of data.

Documentation Questions

Compatibility Documentation

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Compatibility for any customers:

NOTE: Product is still in BETA. Documentation is presently being updated to contain necessary content and explanations by release of product.

Language Support

Indicate the component schemas and/or individual OVAL Tests that the capability does not support for each category of OVAL Compatibility being applied for:

----------------------------------------------
Windows
accesstoken_test activedirectory_test Supported
auditeventpolicy_test Not Supported
file_test Supported
fileauditedpermissions_test Not Supported
fileeffectiverights_test Not Supported
group_test Supported
interface_test Not Supported
lockoutpolicy_test Not Supported
metabase_test Supported
passwordpolicy_test Not Supported
port_test Not Supported
process_test Not Supported
registry_test Supported
regkeyauditedpermissions_test Not Supported
regkeyeffectiverights_test Not Supported
sid_test Not Supported
user_test Supported
volume_test Not Supported
wmi_test Not Supported
------------------------------------------
Unix
file_test Supported
inetd_test Supported
interface_test Not Supported
password_test Not Supported
process_test Supported
runlevel_test Not Supported
sccs_test Not Supported
shadow_test Not Supported
uname_test Supported
xinetd_test Not Supported
----------------------------------------------
Independent
family_test Supported
filemd5_test Supported
environmentvariable_test Not Supported
textfilecontent_test Supported
unknown_test Not Supported
xmlfilecontent_test Not Supported
filesha1_test Not Supported
variable_test Not Supported
----------------------------------------------
IOS
global_test Not Supported
interface_test Not Supported
line_test Not Supported
snmp_test Not Supported
tclsh_test Not Supported
version_test Not Supported
----------------------------------------------
MACOS
accountinfo_test Not Supported
inetlisteningservers_test Not Supported
nvram_test Not Supported
pwpolicy_test Not Supported
----------------------------------------------
Linux
dpkginfo_test Supported
inetlisteningservers_test Supported
rpminfo_test Supported
slackwarepkginfo_test Not Supported
----------------------------------------------
HPUX
getconf_test Not Supported
patch_test Not Supported
swlist_test Not Supported
trusted_test Not Supported
----------------------------------------------
SOLARIS
isainfo_test Supported
package_test Supported
patch_test Supported
----------------------------------------------
APACHE
version_test Not Supported
httpd_test Not Supported

Capability Specific Questions

Finding Elements Using OVAL

Provide details regarding how users can identify and find individual OVAL content (through OVAL-IDs) that is being consumed by the capability. For example, how can a user determine which definitions have been consumed and what the result of each definition is:

The product has integrated within it a browser which allows users to analyze, browse, search as well as maintain the vulnerability checks which are created based on the OVAL content. Each check is clearly identified through the related OVAL ID. Additional information sources such as CVE ID, Security Focus ID and MS Bulletin ID (were applicable) is also provided. Direct URL links to further information from any of the above sources (were applicable) are also provided.

Such information is also avaialble within the vulnerability reports and tools provided by the product.

OVAL Content Importation Process Explanation

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability:

GFI Labs have in place a system which constantly monitors for new updates released by the OVAL authority. Once a new update is detected, GFI Labs will download, process and upload the new definitions to its update servers for downloading by the users of the product. Update frequency will depend on nature of reported content as well as update schedule of GFI.

Users wanting to submit OVAL content for inclusion in the definition files distributed, are able to report content through our support and feedback lines on either support@gfi.com or feedbacklnss@gfi.com. These emails will be forwarded to the GFI Security Labs who will verify and update accordingly.

Were applicable reported updates will also be forwarded to the OVAL authority for review.

Statements

Statement of Compatibility

Have an authorized individual sign and date the following Compatibility Statement (required):

"As an authorized representative of my organization I agree that we will abide by all of the mandatory compatibility requirements as well as all of the additional mandatory compatibility requirements that are appropriate for our specific type of capability."

Name:		Andre' Muscat
Title:		Director, Network Security Products

Statement of Accuracy

Have an authorized individual sign and date the following accuracy Statement (recommended):

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of the OVAL Language and the interpretation of the logic."

Name:		Andre' Muscat
Title:		Director, Network Security Products

Statement on Follow-on Correctness Testing Support

Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."