SecHard

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Minimum Resource Requirements;

Gereksinim

Açıklama

Platform Requirement

Vmware ESXi 5.0 or above Hyper-V

Operating System

Ubuntu 20.04 LTS (Ready Template)

Processor

8 cores or above (up to 1000 devices)

Memory

16 GB or more (up to 1000 devices)

Storage

750 GB or more (up to 2500 devices)

Recommended Resource Requirements;

Gereksinim

Açıklama

Platform Requirement

Vmware ESXi 5.0 or higher Hyper-V

Operating System

Ubuntu 20.04 LTS (Ready Template)

Processor

16 cores or above (up to 2500 devices)

Memory

24 GB or more (up to 2500 devices)

Storage

750 GB or more (up to 2500 devices)

 

Port Access List

The port list that must be allowed for SECHARD to manage network devices and retrieve information is as follows.

SecHard to Devices

Port

Protocol

Source

Description

Module Name

22(SSH)

TCP

Network Devices - Linux Resources

Used to control network devices and Linux operating systems.

Security Hardening - Privilege Access Management

53(DNS)

UDP

Active Directory

Used for DNS name resolution.

Security Hardening 

88(Kerberos)

UDP - TCP

Active Directory

Used for Kerberos communication. - It must be opened towards Domain Controller Servers.

Security Hardening 

389(LDAP)

TCP

Active Directory

Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers.

Zero Trust Orchestrator 

636(LDAPS)

TCP

Active Directory

Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers.

Zero Trust Orchestrator 

123(NTP)

UDP

Active Directory - NTP Server

Used for time synchronisation.

Security Hardening 

23(Telnet)

TCP

Network Devices

Used to connect to network devices.

Privilege Access Management 

161(SNMP)

UDP

Network Devices

Used to collect information from network devices.

Operations Management 

162(SNMP-Trap)

UDP

Network Devices

Used for notifications from network devices.

Operations Management 

443(API)

TCP

API

Virtualisation, Cloud Systems etc. Used for environments with API support.

Security Hardening 

9100(Node_Exporter)

TCP

Linux Resources

Used to monitor Linux operating systems.

Operations Management 

25(SMTP)

TCP

Mail Server

Used for sending e-mails.

Zero Trust Orchestrator 

Ping (echo)

ICMP

All Sources

Used for ping control for all attached devices.

Zero Trust Orchestrator 

445(SMBv3)

TCP

Windows Resources

Used to send and receive files to and from Windows operating systems.

Privilege Access Management 

3389(RDP)

TCP

Windows Resources

Used for remote Remote Desktop connection to Windows servers.

Privilege Access Management 

5985(WinRM)

TCP

Windows Resources

Used to remotely control Windows operating systems with WinRM.

Security Hardening 

5986(WinRM)

TCP

Windows Resources

Used to remotely control Windows operating systems with WinRM.

Security Hardening 

9182(WMI_Exporter)

TCP

Windows Resources

Used to monitor Windows operating systems.

Operations Management 

To Sechard from devices

Port

Protokol

Source

Description

Module Name

49(Tacacs)

TCP

Network Devices

Used for Tacacs enquiry.

Privilege Access Management 

69(TFTP)

UDP

Network Devices

Used for Firmware Upgrade of network devices.

Operations Management 

443(HTTPS)

TCP

Windows Resources - Linux Resources

Web GUI used for access / Exporter used for installation.

Operations Management 

445(SMB)

TCP

Windows Resources

Used for Patch requirements of resources.

Patch Management

514(Syslog)

UDP

Network Devices

Used for Syslog notifications from network devices.

Operations Management 

1645(Radius)

UDP

Network Devices

Used for Radius Aut query.

Privilege Access Management 

1646(Radius)

UDP

Network Devices

Used for Radius Acc query.

Privilege Access Management 

Sechard Container, Vulnerability and Exploit List Update Needs;

Sechard’dan İnternete

URL

Direction

Protocol / Port

Description

Module Name

Sechard ->Internet

TCP 443

It is used for container updates in Sechard.

Zero Trust Orchestrator - Security Hardening -Privilege Access Management - Operations Management - Patch Management

Sechard ->Internet

TCP 443

It is used for updates of vulnerability lists in Sechard.

Operations Management

Sechard ->Internet

TCP 443

It is used to retrieve patch information of Windows operating systems.

Patch Management

Sechard ->Internet

TCP 443

It is used for updates of exploit (MITRE) lists in Sechard.

Operations Management

Hesap Yetki Gereksinimleri;

Gereksinim

Açıklama

Erişim yöntemi

Linux İşletim Sistemi - Only Audit

Sudo gurubuna üye bir linux user / ad user

SSH

Linux İşletim Sistemi - Audit + Remediation + Rollback

Root yetkisine sahip bir  linux user / ad user

SSH

Windows İşletim Sistemi (Domain üye - Server / Client) - Only Audit

WinRM grubuna üye bir AD User gerekmektedir (winrm configSDDL default - read + execute) 

WinRM (Kerberos, NTLM, Cert)

Windows İşletim Sistemi (Domain üye - Server / Client) - Audit + Remediation + Rollback

Local Administrators grubuna üye bir AD User gerekmektedir 

WinRM (Kerberos, NTLM, Cert)

Windows İşletim Sistemi (Domain üye değil - Server / Client) - Only Audit

WinRM grubuna üye bir Local User gerekmektedir (winrm configSDDL default - read + execute) 

WinRM (NTLM, Basic)

Windows İşletim Sistemi (Domain üye değil - Server / Client) - Audit + Remediation + Rollback

Local Administrators grubuna üye bir Local User gerekmektedir 

WinRM (NTLM, Basic)

Windows Domain Controller - Only Audit

WinRM grubuna üye bir AD User gerekmektedir (winrm configSDDL default - read + execute) 

WinRM (Kerberos, NTLM, Cert)

Windows Domain Controller - Audit + Remediation + Rollback

Administrators / Domain Administrators grubuna üye bir AD User gerekmektedir 

WinRM (Kerberos, NTLM, Cert)

Ağ Cihazları - Only Audit

Monitoring, Read Only User vb. kısıtlı yetkiye sahip bir kullanıcı gerekmektedir.(switchlerde sh run çalıştırabilme yetkisi gerekmektedir)

SSH

Ağ Cihazları - Audit + Remediation + Rollback

Admin, super_user, super_admin, sysadmin, vb. yetkiye sahip bir kullanıcı gerekmektedir.

SSH

SQL Database - Only Audit

Aşağıda ki belirtilen maddeler haricinde serveradmin / aynı permissionlara sahip custom bir user

2.11 Ensure SQL Server is configured to use non-standard ports (Automated)

3.3 Ensure Orphaned Users are Dropped From SQL Server Databases (Automated)

3.11 Ensure the public role in the msdb database is not granted access to SQL Agent proxies (Automated)

5.3 Ensure Login Auditing is set to failed logins (Automated)

5.4 Ensure SQL Server Audit is set to capture both failed and successful logins (Automated)

7.4 Ensure Network Encryption is Configured and Enabled (Automated)

DB Connection

SQL Database - Audit + Remediation + Rollback

sysadmin / Control Server  / aynı permissionlara sahip custom bir user

DB Connection

MongoDB - Only Audit

dbAdmin

DB Connection

MongoDB - Audit + Remediation + Rollback

dbAdmin

DB Connection

Oracle Database - Only Audit

Audit_Admin, thin mode uyumlu account desteklenmektedir.

DB Connection

Oracle Database - Audit + Remediation + Rollback

DBA, thin mode uyumlu account desteklenmektedir.

DB Connection

PostgreSQL Database - Only Audit

dbuser

DB Connection

PostgreSQL Database - Audit + Remediation + Rollback

superuser

DB Connection

Other Resources - Only Audit

Monitoring, Read Only User vb. kısıtlı yetkiye sahip bir kullanıcı gerekmektedir.

Native Protocol

Other Resources  Audit + Remediation + Rollback

Admin, super_user, super_admin, sysadmin, root, administrator vb. yetkiye sahip bir kullanıcı gerekmektedir.

Native Protocol

How To Enable WinRM with Domain Group Policy for PowerShell Remoting

How do I configure and troubleshoot WinRM?

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.