Minimum Resource Requirements;
Gereksinim | Açıklama |
Platform Requirement | Vmware ESXi 5.0 or above Hyper-V |
Operating System | Ubuntu 20.04 LTS (Ready Template) |
Processor | 8 cores or above (up to 1000 devices) |
Memory | 16 GB or more (up to 1000 devices) |
Storage | 750 GB or more (up to 2500 devices) |
Recommended Resource Requirements;
Gereksinim | Açıklama |
Platform Requirement | Vmware ESXi 5.0 or higher Hyper-V |
Operating System | Ubuntu 20.04 LTS (Ready Template) |
Processor | 16 cores or above (up to 2500 devices) |
Memory | 24 GB or more (up to 2500 devices) |
Storage | 750 GB or more (up to 2500 devices) |
Port Access List
The port list that must be allowed for SECHARD to manage network devices and retrieve information is as follows.
SecHard to Devices | ||||
Port | Protocol | Source | Description | Module Name |
22(SSH) | TCP | Network Devices - Linux Resources | Used to control network devices and Linux operating systems. | Security Hardening - Privilege Access Management |
53(DNS) | UDP | Active Directory | Used for DNS name resolution. | Security Hardening |
88(Kerberos) | UDP - TCP | Active Directory | Used for Kerberos communication. - It must be opened towards Domain Controller Servers. | Security Hardening |
389(LDAP) | TCP | Active Directory | Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers. | Zero Trust Orchestrator |
636(LDAPS) | TCP | Active Directory | Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers. | Zero Trust Orchestrator |
123(NTP) | UDP | Active Directory - NTP Server | Used for time synchronisation. | Security Hardening |
23(Telnet) | TCP | Network Devices | Used to connect to network devices. | Privilege Access Management |
161(SNMP) | UDP | Network Devices | Used to collect information from network devices. | Operations Management |
162(SNMP-Trap) | UDP | Network Devices | Used for notifications from network devices. | Operations Management |
443(API) | TCP | API | Virtualisation, Cloud Systems etc. Used for environments with API support. | Security Hardening |
9100(Node_Exporter) | TCP | Linux Resources | Used to monitor Linux operating systems. | Operations Management |
25(SMTP) | TCP | Mail Server | Used for sending e-mails. | Zero Trust Orchestrator |
Ping (echo) | ICMP | All Sources | Used for ping control for all attached devices. | Zero Trust Orchestrator |
445(SMBv3) | TCP | Windows Resources | Used to send and receive files to and from Windows operating systems. | Privilege Access Management |
3389(RDP) | TCP | Windows Resources | Used for remote Remote Desktop connection to Windows servers. | Privilege Access Management |
5985(WinRM) | TCP | Windows Resources | Used to remotely control Windows operating systems with WinRM. | Security Hardening |
5986(WinRM) | TCP | Windows Resources | Used to remotely control Windows operating systems with WinRM. | Security Hardening |
9182(WMI_Exporter) | TCP | Windows Resources | Used to monitor Windows operating systems. | Operations Management |
To Sechard from devices | ||||
Port | Protokol | Source | Description | Module Name |
49(Tacacs) | TCP | Network Devices | Used for Tacacs enquiry. | Privilege Access Management |
69(TFTP) | UDP | Network Devices | Used for Firmware Upgrade of network devices. | Operations Management |
443(HTTPS) | TCP | Windows Resources - Linux Resources | Web GUI used for access / Exporter used for installation. | Operations Management |
445(SMB) | TCP | Windows Resources | Used for Patch requirements of resources. | Patch Management |
514(Syslog) | UDP | Network Devices | Used for Syslog notifications from network devices. | Operations Management |
1645(Radius) | UDP | Network Devices | Used for Radius Aut query. | Privilege Access Management |
1646(Radius) | UDP | Network Devices | Used for Radius Acc query. | Privilege Access Management |
Sechard Container, Vulnerability and Exploit List Update Needs;
Sechard’dan İnternete | ||||
URL | Direction | Protocol / Port | Description | Module Name |
Sechard ->Internet | TCP 443 | It is used for container updates in Sechard. | Zero Trust Orchestrator - Security Hardening -Privilege Access Management - Operations Management - Patch Management | |
Sechard ->Internet | TCP 443 | It is used for updates of vulnerability lists in Sechard. | Operations Management | |
Sechard ->Internet | TCP 443 | It is used to retrieve patch information of Windows operating systems. | Patch Management | |
Sechard ->Internet | TCP 443 | It is used for updates of exploit (MITRE) lists in Sechard. | Operations Management |
Hesap Yetki Gereksinimleri;
Gereksinim | Açıklama | Erişim yöntemi |
Linux İşletim Sistemi - Only Audit | Sudo gurubuna üye bir linux user / ad user | SSH |
Linux İşletim Sistemi - Audit + Remediation + Rollback | Root yetkisine sahip bir linux user / ad user | SSH |
Windows İşletim Sistemi (Domain üye - Server / Client) - Only Audit | WinRM grubuna üye bir AD User gerekmektedir (winrm configSDDL default - read + execute) | WinRM (Kerberos, NTLM, Cert) |
Windows İşletim Sistemi (Domain üye - Server / Client) - Audit + Remediation + Rollback | Local Administrators grubuna üye bir AD User gerekmektedir | WinRM (Kerberos, NTLM, Cert) |
Windows İşletim Sistemi (Domain üye değil - Server / Client) - Only Audit | WinRM grubuna üye bir Local User gerekmektedir (winrm configSDDL default - read + execute) | WinRM (NTLM, Basic) |
Windows İşletim Sistemi (Domain üye değil - Server / Client) - Audit + Remediation + Rollback | Local Administrators grubuna üye bir Local User gerekmektedir | WinRM (NTLM, Basic) |
Windows Domain Controller - Only Audit | WinRM grubuna üye bir AD User gerekmektedir (winrm configSDDL default - read + execute) | WinRM (Kerberos, NTLM, Cert) |
Windows Domain Controller - Audit + Remediation + Rollback | Administrators / Domain Administrators grubuna üye bir AD User gerekmektedir | WinRM (Kerberos, NTLM, Cert) |
Ağ Cihazları - Only Audit | Monitoring, Read Only User vb. kısıtlı yetkiye sahip bir kullanıcı gerekmektedir.(switchlerde sh run çalıştırabilme yetkisi gerekmektedir) | SSH |
Ağ Cihazları - Audit + Remediation + Rollback | Admin, super_user, super_admin, sysadmin, vb. yetkiye sahip bir kullanıcı gerekmektedir. | SSH |
SQL Database - Only Audit | Aşağıda ki belirtilen maddeler haricinde serveradmin / aynı permissionlara sahip custom bir user
| DB Connection |
SQL Database - Audit + Remediation + Rollback | sysadmin / Control Server / aynı permissionlara sahip custom bir user | DB Connection |
MongoDB - Only Audit | dbAdmin | DB Connection |
MongoDB - Audit + Remediation + Rollback | dbAdmin | DB Connection |
Oracle Database - Only Audit | Audit_Admin, thin mode uyumlu account desteklenmektedir. | DB Connection |
Oracle Database - Audit + Remediation + Rollback | DBA, thin mode uyumlu account desteklenmektedir. | DB Connection |
PostgreSQL Database - Only Audit | dbuser | DB Connection |
PostgreSQL Database - Audit + Remediation + Rollback | superuser | DB Connection |
Other Resources - Only Audit | Monitoring, Read Only User vb. kısıtlı yetkiye sahip bir kullanıcı gerekmektedir. | Native Protocol |
Other Resources Audit + Remediation + Rollback | Admin, super_user, super_admin, sysadmin, root, administrator vb. yetkiye sahip bir kullanıcı gerekmektedir. | Native Protocol |
How To Enable WinRM with Domain Group Policy for PowerShell Remoting
0 Comments