Configuring Node Information Scan
Genian NAC 6.0 can specify whether to enable port scan and service scan to detect a Node's platform.
Go to system in the top of panel
Go to System > Sensor in the left System Management panel
Find the Network Sensor and click CheckBox (multiple choice available)
Click Tasks > Edit Network Sensor Settings
Find Node Information Scan
Find the Port/Service Scan>, NetBIOS Name Queries
Click CheckBox and select ON
Click
Save
SNMP Information Scan
Configure Collecting the Node information using SNMP(Simple Network Management Protocol).
Note
For Configuring SNMP Information Scan, please refer to Browsing Switches
WMI Information Scan
Configure collecting the Node information using WMI if the node is authenticated through Active Directory integration. LDAP authentication integration settings(Bind DN, Bind Password) are used when performing WMI queries.
Note
For configuring WMI Information Scan, please refer to LDAP(Active Directory) on Integrating User Directories
NMAP Scan Mode
NMAP scan mode speeds can be modified. This settings are valuable when NMAP scanning is performed in sensitive environments such as OT networks.
The differences between each SCAN options are as below:
Scan Mode |
Description |
Details |
|---|---|---|
Fast Scan |
Use Insane(T5) template |
Enable NMAP fastest Mode |
Normal Scan |
Use Normal(T3) template |
NEnable NMAP default Mode |
Slow Scan |
Use Normal(T3) template + Scan delay 10seconds |
Enable NMAP Default Mode and Allow Scan delay times |
NMAP OS SCAN
Configure collecting the Node OS information using NMAP.
NMAP TCP SCAN
Configure collecting the Node TCP information using NMAP.
Oprtions |
Description |
Details |
|---|---|---|
TCP SYN Scan |
Scan by TCP Syn |
No TCP connection required |
TCP CONNECT Scan |
Scan by TCP connection process |
Twice as many packete as a SYN scan |
TCP FIN Scan |
Scan by TCP FIN BIT set packet |
Possible to bypass Stateless Firewall |
TCP ACK Scan |
Scan by TCP ACK BIT set packet |
Can distinguish between Stateful Firewall and Stateless Firewall |
TCP NULL Scan |
Scan by no BIT set on TCP flag header |
Possible to by pass Stateless Firewall |
NMAP UDP SCAN
Configure Collecting the Node UDP information using NMAP.