Click on the Options button on the Continuous Scan window or select Continuous Scan>Options from the Monitor menu to set the Continuous Scan options.
Scanning Options
Use Scanning options to set the scanning interval. Scan every sets the amount of time between scanning the specified or open maps. If the interval is less than the time it takes to scan the maps, LANsurveyor will scan immediately after the previous scan.
You can also discover rogue nodes that mask their IP addresses and show up only when their network activity can be detected through their Ethernet address. Select Expose rogue Ethernet addresses to discover masked nodes and report on those nodes if they change the switch or the switch port they connect through. You can also attempt to authenticate rogue Ethernet addresses using the methods you select in the Ethernet Address Responses tab.
The Responses options allow you to establish authentication criteria and alert settings.
When a new node is encountered, LANsurveyor can authenticate the node through a variety of methods.
If you have deployed Responder clients, you can ensure the discovered node is part of your network with a check of the Responder client password. Nodes with the correct password are authenticated, and nodes without the correct password are unauthenticated. Similarly, you can use SNMP community strings to authenticate new network hardware.
Continuous Scan is also integrated with a variety of third party solutions, including Symantec's NetRecon, Qualys' QualysGuard, and Microsoft's Baseline Security Analyzer (MBSA). These options are covered more completely under the Application Integration section of the manual.
You can receive different alerts when LANsurveyor encounters either an authenticated or unauthenticated node. You can also automatically disable network access for nodes that appear on the Threat List if the node is directly connected to a managed switch and LANsurveyor knows your read/write SNMP community string.
If you have selected Expose rogue Ethernet addresses to discover masked nodes on the Scanning tab, select the response for newly discovered nodes on the Ethernet Address Responses tab. You can receive alerts when new addresses are discovered, the Ethernet address uses a different switch, or the switch port changes. You can optionally disable network access if the node is directly connected to a managed switch and LANsurveyor knows your read/write SNMP community string.
Criteria Options
If your network uses DHCP, it is possible for a node to obtain a different IP address after your baseline map was created. Rather than report numerous false positives, LANsurveyor can use several different naming criteria to determine if it is the same node or a new node.
Since switch re-configuration is relatively rare, LANsurveyor allows you to specify the number of scans a switch-to-switch connection is maintained on the map given the connection has not been re-discovered.
You can automatically save LANsurveyor maps in either LANsurveyor or Visio format to create archival reference views of your network. The archival diagrams are useful for troubleshooting and before/after scenarios. In addition, some auditors require documentation of network modifications, and archival diagrams make the process easier.
Specify the rate for saving the maps in hours, days, or weeks in addition to the target directories for your map archives.
