SecHard
2.1. System Requirements
- seda peker
Minimum Resource Requirements;
Gereksinim | Açıklama |
Platform Requirement | Vmware ESXi 5.0 or above Hyper-V |
Operating System | Ubuntu 20.04 LTS (Ready Template) |
Processor | 8 cores or above (up to 1000 devices) |
Memory | 16 GB or more (up to 1000 devices) |
Storage | 750 GB or more (up to 2500 devices) |
Recommended Resource Requirements;
Gereksinim | Açıklama |
Platform Requirement | Vmware ESXi 5.0 or higher Hyper-V |
Operating System | Ubuntu 20.04 LTS (Ready Template) |
Processor | 16 cores or above (up to 2500 devices) |
Memory | 24 GB or more (up to 2500 devices) |
Storage | 750 GB or more (up to 2500 devices) |
Port Access List
The port list that must be allowed for SECHARD to manage network devices and retrieve information is as follows.
SecHard to Devices |
| |||
Port | Protocol | Source | Description | Module Name |
22(SSH) | TCP | Network Devices - Linux Resources | Used to control network devices and Linux operating systems. | Security Hardening - Privilege Access Management |
53(DNS) | UDP | Active Directory | Used for DNS name resolution. | Security Hardening |
88(Kerberos) | UDP - TCP | Active Directory | Used for Kerberos communication. - It must be opened towards Domain Controller Servers. | Security Hardening |
389(LDAP) | TCP | Active Directory | Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers. | Zero Trust Orchestrator |
636(LDAPS) | TCP | Active Directory | Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers. | Zero Trust Orchestrator |
123(NTP) | UDP | Active Directory - NTP Server | Used for time synchronisation. | Security Hardening |
23(Telnet) | TCP | Network Devices | Used to connect to network devices. | Privilege Access Management |
161(SNMP) | UDP | Network Devices | Used to collect information from network devices. | Operations Management |
162(SNMP-Trap) | UDP | Network Devices | Used for notifications from network devices. | Operations Management |
443(API) | TCP | API | Virtualisation, Cloud Systems etc. Used for environments with API support. | Security Hardening |
9100(Node_Exporter) | TCP | Linux Resources | Used to monitor Linux operating systems. | Operations Management |
25(SMTP) | TCP | Mail Server | Used for sending e-mails. | Zero Trust Orchestrator |
Ping (echo) | ICMP | All Sources | Used for ping control for all attached devices. | Zero Trust Orchestrator |
445(SMBv3) | TCP | Windows Resources | Used to send and receive files to and from Windows operating systems. | Privilege Access Management |
3389(RDP) | TCP | Windows Resources | Used for remote Remote Desktop connection to Windows servers. | Privilege Access Management |
5985(WinRM) | TCP | Windows Resources | Used to remotely control Windows operating systems with WinRM. | Security Hardening |
5986(WinRM) | TCP | Windows Resources | Used to remotely control Windows operating systems with WinRM. | Security Hardening |
9182(WMI_Exporter) | TCP | Windows Resources | Used to monitor Windows operating systems. | Operations Management |
To Sechard from devices |
| |||
Port | Protokol | Source | Description | Module Name |
49(Tacacs) | TCP | Network Devices | Used for Tacacs enquiry. | Privilege Access Management |
69(TFTP) | UDP | Network Devices | Used for Firmware Upgrade of network devices. | Operations Management |
443(HTTPS) | TCP | Windows Resources - Linux Resources | Web GUI used for access / Exporter used for installation. | Operations Management |
445(SMB) | TCP | Windows Resources | Used for Patch requirements of resources. | Patch Management |
514(Syslog) | UDP | Network Devices | Used for Syslog notifications from network devices. | Operations Management |
1645(Radius) | UDP | Network Devices | Used for Radius Aut query. | Privilege Access Management |
1646(Radius) | UDP | Network Devices | Used for Radius Acc query. | Privilege Access Management |
Sechard Container, Vulnerability and Exploit List Update Needs;
Sechard to Internet |
| |||
URL | Direction | Protocol / Port | Description | Module Name |
Sechard ->Internet | TCP 443 | It is used for container updates in Sechard. | Zero Trust Orchestrator - Security Hardening -Privilege Access Management - Operations Management - Patch Management | |
Sechard ->Internet | TCP 443 | It is used for updates of vulnerability lists in Sechard. | Operations Management | |
Sechard ->Internet | TCP 443 | It is used to retrieve patch information of Windows operating systems. | Patch Management | |
Sechard ->Internet | TCP 443 | It is used for updates of exploit (MITRE) lists in Sechard. | Operations Management | |
Account Authorisation Requirements;
Requirement | Description | Access Method |
Linux Operating System - Only Audit | A linux user / ad user who is a member of the Sudo group | SSH |
Linux Operating System - Only Audit | A linux user / ad user with root authorisation | SSH |
Windows Operating System (Domain member - Server / Client) - Only Audit | You need an AD User who is a member of the WinRM group (winrm configSDDL default - read + execute) | WinRM (Kerberos, NTLM, Cert) |
Windows Operating System (Domain member - Server / Client) - Audit + Remediation + Rollback | You need an AD User who is a member of the Local Administrators group | WinRM (Kerberos, NTLM, Cert) |
Windows Operating System (Domain not a member - Server / Client) - Only Audit | A Local User who is a member of the WinRM group is required (winrm configSDDL default - read + execute) | WinRM (NTLM, Basic) |
Windows Operating System (Domain not member - Server / Client) - Audit + Remediation + Rollback | A Local User who is a member of the Local Administrators group is required | WinRM (NTLM, Basic) |
Windows Domain Controller - Only Audit | You need an AD User who is a member of the WinRM group (winrm configSDDL default - read + execute) | WinRM (Kerberos, NTLM, Cert) |
Windows Domain Controller - Audit + Remediation + Rollback | You need an AD User who is a member of the Administrators / Domain Administrators group | WinRM (Kerberos, NTLM, Cert) |
Network Devices - Only Audit | Monitoring, Read Only User etc. a user with limited authorisation is required (sh run authorisation is required on switches) | SSH |
Network Devices - Audit + Remediation + Rollback | Admin, super_user, super_admin, sysadmin, etc. A user with authorisation is required. | SSH |
SQL Database - Only Audit | serveradmin / a custom user with the same permissions except for the following items
| DB Connection |
SQL Database - Audit + Remediation + Rollback | sysadmin / Control Server / a custom user with the same permissions | DB Connection |
MongoDB - Only Audit | dbAdmin | DB Connection |
MongoDB - Audit + Remediation + Rollback | dbAdmin | DB Connection |
Oracle Database - Only Audit | Audit_Admin, thin mode compatible account is supported | DB Connection |
Oracle Database - Audit + Remediation + Rollback | DBA, thin mode compatible account is supported | DB Connection |
PostgreSQL Database - Only Audit | dbuser | DB Connection |
PostgreSQL Database - Audit + Remediation + Rollback | superuser | DB Connection |
Other Resources - Only Audit | Monitoring, Read Only User etc. A user with limited authorisation is required | Native Protocol |
Other Resources Audit + Remediation + Rollback | Admin, super_user, super_admin, sysadmin, root, administrator etc. A user with authorisation is required | Native Protocol |
How To Enable WinRM with Domain Group Policy for PowerShell Remoting
How do I configure and troubleshoot WinRM?
SecHard