NetCyte  Quick Deployment Document

1.      Summary

This document is a summary of quick deployment of netCyte NAC solution from preconfigured virtual appliances

2.      Objective

The objective of the quick deployment is to demonstrate discovery and analysis features of netCyte. netCyte is an agentless, 802.1X independent network access control and endpoint threat analytics solution to prevent unauthorised computer access to corporate networks. Please send a request to demo@cybercyte.com for a more detailed POC

3.      Components

For quick installation, NetCyte NAC is available with pre-configured VMWare or Hyper-V images. You need to deploy it to your environment and configure it. Virtual images contain all components required for discovery, analysis and management..

4.      System Requirements

 

Component	System Requirement	Software Version	Remarks
NAC Server Virtual Machine	4 Virtual Cores  8 GB RAM 60 GB HDD	All Required software are installed	Given for 50 Normalized user (*)

Table 1 System Requirement

*Number of Active Users in Domain for which Inventory Collection Will be Made.

5.      Installation Steps

a)             Download Virtual Machine Images and Deploy Your Environment

Please use below  link to download predefined Virtual Machine according to your virtualisation environment

For VmWare ESX Environment

http://download.netcyte.co/NetCyte/NetCyte-ESX.zip

For Hyper-V Environment:

http://download.netcyte.co/NetCyte/NetCyte-HyperV.zip

For deployment of virtual machine please  refer to your virtualisation platform guide. Once you finish deployment you can access Windows Server through console. 

To login to  Windows use:

Password:  ChangeMe123!!

After log in to your system please change Ip Address of server  suitable to you environment. Default IP address of Virtual Machine is 10.30.4.132. After setting up IP Address reboot the device.

b)             Access to Management Console And Request Demo License

After  setting up IP Address you can access management console using http://<IPAddress>/netcyte

To login to system:

User Name: admin

Before logging in, the system requires a valid license. To get the license, click on the license link on the record on-screen and click Generate License Request and send the generated string to demo@cybercyte.com and your license request will be processed as soon as possible. Once your demo license issued, please apply for a license from the same screen license key is generated.

                                                                                  

Figure 1 License Request Key and License Apply Screen

Once  you successfully login please click  button to show the particular main menu items on top of left pane  and click   
 picture next to NetCyte Logo to change menu from icon to menu names

c)              Define Your Network and Start Discovery

Once you login to the system you will see the all host page. Because no discovery is made yet, you would not see any device. There are many ways to discover connected devices to your network, but for a quick demo, we will use the "Network Scanning" method to identify the target network. In the “Network Discovery” process System starts with ICMP Echo Request (ping), please ensure that ICMP Echo request allowed from NAC Virtual Machine to Client Network.

Please refer to the “Getting Started” guide for other discovery methods like ARP Table Analysis available in http://docs.netcyte.co/

For starting discovery go to Inventory Management--> IP Based Discovery and click  button on the right corner and definition page appears. On this screen, define the IP address range for discovery, and how often your clients should be rediscovered (Scan Interval) and how many threads will be created during the discovery process. Also, you can limit the execution time, either setting Execution time or Exclusion time. Once you finished your settings do not forget to tick "Status". The status enables or disables the discovery process

                                               

Figure 2 Define IP Ranges for Discovery

Once your discovery process is finished you can see your host under All Host menu without enumeration. For enumeration please proceed to next step

                                            

Figure 3 All Host view after Discovery

d)             Define User Credential and Enable Enumeration

After discovery next step is Enumeration, or  classification of your devices. Enumeration process is agentless. You do not need to install any agent or any other software to authorise method. The system tries to create a connection to the discovered device by using provided credentials. So, before proceeding to enumeration you need to define a credential to connect to the discovered device. NetCyte NAC uses SSH connection for Linux based devices, WMI for Windows-based devices and SNMP for identifying network devices. For Windows devices, please make sure that your user belongs to Administrators group on the discovered device

Sample Credential Definition:

                                                Figure 4 Defining Credentials

Please select  your connection type and fill fields with suitable user and password information. All passwords are kept in encrypted.

Once you finished your Credential definition you need to enable Enumeration process. To do this

Go to Settings-->Global Settings and edit  settings by clicking pen icon on each row. There are two settings for enumeration process.

1.       1. Select credentials will be used in enumeration: CLIENT ENUMERATION CREDENTIAL NAME.

                                                             

Figure 5 Defining Enumeration User

Select the credentials that you define previous step and save it

    2.    Enable Enumeration Process:  ENUMERATE  CLIENT WITH REMOTE CONNECTION

                                                                  

Figure 6 Enable Enumeration

In this setting, tick the Setting value to enable it and save. Once you enable it, the enumeration process starts at the background. Please ensure that TCP/UDP ports are open as defined in Appendix Section of this document. Once enumeration is finished devices should be visible.

                                      

Figure 7 Sample All Host view after Enumeration

After the discovery process is finished, the next step is to check information about your devices. Please proceed to Inventory Policies..

e)             Enable Inventory Policies and Analyse Inventory

All checks related to your devices come under Inventory Management à Inventory Rules. There are 20 predefined standard policies, but you can add more policies according to your needs. For defining new policies, please refer to the product documentation. All rules are by default are disabled. To enable any rule, click the edit button (pen icon) on the related rule for editing and tick status button bottom of the editing screen.

                                                                               Figure 8 Enable Inventory Rule

Once you enable the Inventory Policy, it will be executed when the execution interval expired, and it will be re-executed in each execution interval.

The last step is to view your Inventory Policy Rules. For a visual representation of your inventory rule, please go to Visualization and Analysis

Thread Analysis: Analyse your Inventory Rules and shows potential Threads

Windows Malware Analysis : Show Potential Malware  Fingerprints

Compliance Analysis: Shows how your devices is  compliant with your security Policy

These are the analysis and visual representation of Inventory information which are collected form your devices. To access to detailed   information for each inventory rule go to Inventory Management --> Inventory Information  and select  inventory  rule type for view details.

                                                                  Figure 9 Sample Visual Inventory Analysis Screen

                                                                  Figure 10 Sample Inventory Information

6.      Appendix

Required Ports

From	To	Ports (Default)	Purpose
NAC Virtual Machine	Client Devices	TCP 135-139 UDP 135-139 TCP 445 TCP 1024-65535 (WMI) UDP 1024-65535 (WMI) TCP 3389 ICMP TCP 22 UDP 161-162	Enumeration and Inventory Policy execution.   WMI ports can be restricted through group policy.

Table 3  Network Access Requirements

Note 1: Default TCP/UDP ports are given as default access port. If you use different ports, please update the table according to it.