Configuring Node Information Scan

Genian NAC can specify whether to enable port scan and service scan to detect a Node's platform.

  1. Go to system in the top of panel
  2. Go to System > Sensor in the left System Management panel
  3. Find the Network Sensor and click CheckBox (multiple choice available)
  4. Click Tasks > Edit Network Sensor Settings
  5. Find Node Information Scan
  6. Find the Port/Service Scan>, NetBIOS Name Queries
  7. Click CheckBox and select ON
  8. Click Save

SNMP Information Scan

Configure Collecting the Node information using SNMP(Simple Network Management Protocol).

Note

For Configuring SNMP Information Scan, please refer to Browsing Switches

WMI Information Scan

Configure collecting the Node information using WMI if the node is authenticated through Active Directory integration. LDAP authentication integration settings(Bind DN, Bind Password) are used when performing WMI queries.

Note

For configuring WMI Information Scan, please refer to LDAP(Active Directory) on Integrating User Directories

NMAP Scan Mode

NMAP scan mode speeds can be modified. This settings are valuable when NMAP scanning is performed in sensitive environments such as OT networks.

The differences between each SCAN options are as below:

Scan Mode Description Details
Fast Scan Use Insane(T5) template Enable NMAP fastest Mode
Normal Scan Use Normal(T3) template NEnable NMAP default Mode
Slow Scan Use Normal(T3) template + Scan delay 10seconds Enable NMAP Default Mode and Allow Scan delay times

NMAP OS SCAN

Configure collecting the Node OS information using NMAP.

NMAP TCP SCAN

Configure collecting the Node TCP information using NMAP.

Oprtions Description Details
TCP SYN Scan Scan by TCP Syn No TCP connection required
TCP CONNECT Scan Scan by TCP connection process Twice as many packete as a SYN scan
TCP FIN Scan Scan by TCP FIN BIT set packet Possible to bypass Stateless Firewall
TCP ACK Scan Scan by TCP ACK BIT set packet Can distinguish between Stateful Firewall and Stateless Firewall
TCP NULL Scan Scan by no BIT set on TCP flag header Possible to by pass Stateless Firewall

NMAP UDP SCAN

Configure Collecting the Node UDP information using NMAP.