SecHard

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Current »

Minimum System Requirements;

Requirement

Description

Platform

Vmware ESXi 5.0+, Hyper-V

Operating System

Ubuntu 20.04 LTS (OVF Template)

CPU

8 cores (up to 1000 resources)

Memory

16 GB (up to 1000 resources)

Disk Space

750 GB or more (up to 2500 resources)

 

Recommended System Requirements;

Requirement

Description

Platform

Vmware ESXi 5.0+, Hyper-V

Operating System

Ubuntu 20.04 LTS (Prepared Template)

CPU

16 cores or more (up to 2500 resources)

Memory

24 GB or more (up to 2500 resources)

Disk Space

750 GB or more (up to 2500 resources)

 

Port Requirements

From SecHard to Resources

Port

Protocol

Description

Container Name

22(SSH)

TCP

SSH connection to network devices and Linux OS

Console

23(Telnet)

TCP

Telnet connection to network devices

Console

25(SMTP)

TCP

SMTP connection to e-mail server

Agent

53(DNS)

UDP

DNS queries to DNS server

Winrm_Api

88(Kerberos)

UDP

Kerberos authentication for Windows Servers

Winrm_Api

123(NTP)

UDP

NTP connection for time synchronization

All Linux Servers

161(SNMP)

UDP

SNMP connection to get information from network devices and notification

SNMP Exporter

162(SNMP-Trap)

UDP

SNMP connection to get information from network devices and notification

SNMP Exporter

389(LDAP)

TCP

Used for AD, RADIUS and TACACS+

Agent

443(API)

TCP

Used for environments with API support such as Virtualization, Cloud Systems, etc.

Agent

445(SMBv3)

TCP

Windows operating systems are used for file time and to receive

Agent

636(LDAPS)

TCP

Used for AD, RADIUS and TACACS+

Agent

3389(RDP)

TCP

RDP connection to Windows servers

Remote Gateway Server

5985(WinRM)

TCP

WinRM connection to remotely control Windows systems

Winrm_Api

5986(WinRM)

TCP

WinRM connection to remotely control Windows systems

Winrm_Api

9100(Node_Exporter)

TCP

Monitoring Linux OS

Agent

9182(WMI_Exporter)

TCP

Monitoring Windows OS

Agent

Ping (echo)

ICMP

ICMP connection to check systems availability

All Linux Servers

From Resources to SecHard

Port

Protokol

Description

Container Name

49(Tacacs)

TCP

TACACS queries for network devices

TACACS

69(TFTP)

UDP

Updating firmware on network devices

TFTP

443(HTTPS)

TCP

Web GUI access / Used for exporter installation

Web

514(Syslog)

UDP

Syslog communication from network devices

Syslog

1645(Radius)

UDP

Radius Aut queries for network devices

RADIUS

1646(Radius)

UDP

Radius Acc queries for network devices

RADIUS

 

From SecHard to Internet

 

URL

Direction

Protokol / Port

Description

Sechard ->Internet

TCP 443

Used for container updates in Sechard

https://nvd.nist.gov

Sechard ->Internet

TCP 443

Used for updates of vulnerability lists in Sechard.

https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html

Sechard ->Internet

TCP 443

Used for updates of exploit (MITRE) lists in Sechard.

Account Authorization Requirements;

Requirement

Description

Access Method

Linux OS - Only Audit

A Linux user / AD user who is a member of the sudo group.

SSH

Linux OS - Audit + Remediation + Rollback

A Linux user / AD user with root privileges.

SSH

Windows OS (Domain Member - Server / Client) - Only Audit

An AD User who is a member of the WinRM group is required (winrm configSDDL default - read + execute) 

WinRM (Kerberos, NTLM, Cert)

Windows OS (Domain Member - Server / Client) - Audit + Remediation + Rollback

An AD User who is a member of the Local Administrators group is required.

WinRM (Kerberos, NTLM, Cert)

Windows OS (Not a member of the domain - Server / Client) - Only Audit

A Local User who is a member of the WinRM group is required (winrm configSDDL default - read + execute).

WinRM (NTLM, Basic)

Windows OS (Not a member of the domain - Server / Client) - Audit + Remediation + Rollback

A Local User who is a member of the Local Administrators group is required.

WinRM (NTLM, Basic)

Windows Domain Controller - Only Audit

An AD User who is a member of the WinRM group is required (winrm configSDDL default - read + execute)

WinRM (Kerberos, NTLM, Cert)

Windows Domain Controller - Audit + Remediation + Rollback

An AD User who is a member of the Administrators / Domain Administrators group is required.

WinRM (Kerberos, NTLM, Cert)

Network Devices - Only Audit

A user with restricted privileges such as Monitoring, Read Only User, etc. is required. (Permission to execute 'sh run' on switches is required.)

SSH

Network Devices - Audit + Remediation + Rollback

An admin, super_user, super_admin, sysadmin, etc. user with necessary privileges is required.

SSH

SQL Database - Only Audit

serveradmin 

DB Connection

SQL Database - Audit + Remediation + Rollback

sysadmin / Control Server

DB Connection

MondoDB Database - Only Audit

dbAdmin

DB Connection

MondoDB Database - Audit + Remediation + Rollback

dbAdmin

DB Connection

Oracle Database - Only Audit

Audit_Admin

DB Connection

Oracle Database - Audit + Remediation + Rollback

DBA

DB Connection

PostgreSQL Database - Only Audit

dbuser

DB Connection

PostgreSQL Database - Audit + Remediation + Rollback

superuser

DB Connection

Other Resources - Only Audit

A user with limited privileges such as Monitoring, Read Only User, etc. is required.

Native Protocol

Other Resources  Audit + Remediation + Rollback

An user with privileges such as Admin, super_user, super_admin, sysadmin, root, administrator, etc. is required.

Native Protocol

How To Enable WinRM with Domain Group Policy for PowerShell Remoting

  • No labels