SecHard

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Minimum System Requirements;

Requirement

Description

Platform

Vmware ESXi 5.0+, Hyper-V

Operating System

Ubuntu 20.04 LTS (OVF Template)

CPU

8 cores (up to 1000 resources)

Memory

16 GB (up to 1000 resources)

Disk Space

750 GB or more (up to 2500 resources)

 

Recommended System Requirements;

Requirement

Description

Platform

Vmware ESXi 5.0+, Hyper-V

Operating System

Ubuntu 20.04 LTS (Prepared Template)

CPU

16 cores or more (up to 2500 resources)

Memory

24 GB or more (up to 2500 resources)

Disk Space

750 GB or more (up to 2500 resources)

 

Port Requirements

From SecHard to Resources

Port

Protocol

Description

Container Name

22(SSH)

TCP

SSH connection to network devices and Linux OS

Console

23(Telnet)

TCP

Telnet connection to network devices

Console

25(SMTP)

TCP

SMTP connection to e-mail server

Agent

53(DNS)

UDP

DNS queries to DNS server

Winrm_Api

88(Kerberos)

UDP

Kerberos authentication for Windows Servers

Winrm_Api

123(NTP)

UDP

NTP connection for time synchronization

All Linux Servers

161(SNMP)

UDP

SNMP connection to get information from network devices and notification

SNMP Exporter

162(SNMP-Trap)

UDP

SNMP connection to get information from network devices and notification

SNMP Exporter

389(LDAP)

TCP

Used for AD, RADIUS and TACACS+

Agent

443(API)

TCP

Used for environments with API support such as Virtualization, Cloud Systems, etc.

Agent

445(SMBv3)

TCP

Windows operating systems are used for file time and to receive

Agent

636(LDAPS)

TCP

Used for AD, RADIUS and TACACS+

Agent

3389(RDP)

TCP

RDP connection to Windows servers

Remote Gateway Server

5985(WinRM)

TCP

WinRM connection to remotely control Windows systems

Winrm_Api

5986(WinRM)

TCP

WinRM connection to remotely control Windows systems

Winrm_Api

8000(File Share)

TCP

Used to share Exporter and Accessschk files to Windows and Linux servers.

Agent

9100(Node_Exporter)

TCP

Monitoring Linux OS

Agent

9182(WMI_Exporter)

TCP

Monitoring Windows OS

Agent

Ping (echo)

ICMP

ICMP connection to check systems availability

All Linux Servers

From Resources to SecHard

Port

Protokol

Description

Container Name

49(Tacacs)

TCP

TACACS queries for network devices

TACACS

69(TFTP)

UDP

Updating firmware on network devices

TFTP

443(HTTPS)

TCP

Web GUI access

Web

514(Syslog)

UDP

Syslog communication from network devices

Syslog

1645(Radius)

UDP

Radius Aut queries for network devices

RADIUS

1646(Radius)

UDP

Radius Acc queries for network devices

RADIUS

 

From SecHard to Internet

 

URL

Direction

Protokol / Port

Description

Sechard ->Internet

TCP 443

Used for container updates in Sechard

https://nvd.nist.gov

Sechard ->Internet

TCP 443

Used for updates of vulnerability lists in Sechard.

https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html

Sechard ->Internet

TCP 443

Used for updates of exploit (MITRE) lists in Sechard.

Account Authorization Requirements;

Requirement

Description

Linux OS

If Remediation / Rollback will be applied on Linux servers, an account with root ( /etc/sudoers ) authority is required.

Windows OS (Domain member)

If Remediation / Rollback will be implemented on the Windows Server / Client side, an AD User who is a member of the Local Administrators group is required (AD User is mandatory for Kerberos Auth.)

Windows OS(Domain not member)

If Remediation / Rollback will be applied on the Windows Server / Client side, a Local User member of the Local Administrators group is required (Local User is used for Basic Auth.)

Network Devices

If Remediation / Rollback will be applied on Switch, Router, Firewall, Wireless Controller, Load Balancer devices, Priv 15 (Config Mode), admin, super_user etc. A user with authorization is required.

Application

Applications require a User who is a member of the Administrators group.

SQL Database

If SQL Database Remediation/Rollback are to be applied, the 'sysadmin' role is recommended. If it's just for auditing, the 'serveradmin' role is recommended.

How To Enable WinRM with Domain Group Policy for PowerShell Remoting

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.