• Using GFI LANguard to find open network shares

    04 Nov 2010

    Have you see what your users are sharing up on your network? What about your server shares – are they divulging too much PII and intellectual property to any Joe Blow on the network?

    Outside of mobile security (smartphone weaknesses, lack of laptop encryption, etc.) the problem of unstructured information scattered about the network is a very predictable high priority finding in any given security assessment.

    The reality is you cannot secure what you don’t acknowledge. How do you know what’s in your environment just sitting there for the taking? You could very well have experienced an internal data breach and not know anything about it.

    Enter GFI LANguard.

    I’ve used LANguard for years to uncover open shares on networks and it works just dandy for this purpose.

    Do yourself a favor and download the trial version of LANguard and run the share finder tool in your environment to see just what’s being shared out – and exposed. It’s as simple as the following:

    1. Select Launch Custom Scan
    2. Select Network & Software Audit
    3. Select the Share Finder profile
    4. Select Scan a range of computers or Scan a domain or workgroup and enter your network information
    5. Enter the login credentials of a basic user representative of most domain users in your environment
    6. Select Scan and let the tool do it’s thing
    7. Once complete, select Analyze scan results
    8. Select Results Filtering (upper left)
    9. Select Open Shares (middle left)
    10. Scroll down and look* for shares with permissions granted to BUILTINUsers or Everyone
    11. Login to the network with the basic user credentials from above and see what you can see. I’ve found both FileLocator Pro and Identity Finder to work very well for rooting out sensitive information. I also recommend manual browsing for files/content/context that automated tools may have trouble uncovering.

    That’s it!

    I cannot stress enough that sensitive files readily-accessible on open shares is one of the greatest risks on your network. It’s screaming for your attention right now. So track down your open shares, set permissions on a need to know basis or remove the shares altogether, and get your arms around this beast before it grows even larger.

    *I wish LANguard had the ability to filter down into open shares even further by only showing shares that are open to specific groups or users that you specify. It’s a hassle to have to manually sort through things… Hint, hint. 🙂