NetCyte Quick Deployment Document
This document is a summary of quick
deployment of netCyte NAC solution from preconfigured virtual appliances
The objective of the quick deployment is to demonstrate discovery and analysis features of netCyte. netCyte is an agentless, 802.1X independent network access control and endpoint threat analytics solution to prevent unauthorised computer access to corporate networks. Please send a request to demo@cybercyte.com for a more detailed POC
For quick
installation, NetCyte NAC is available with pre-configured VMWare or Hyper-V
images. You need to deploy it to your environment and configure it. Virtual
images contain all components required for discovery, analysis and management..
Component |
System Requirement |
Software Version |
Remarks |
NAC Server Virtual Machine |
4 Virtual
Cores 8 GB RAM 60 GB HDD |
All Required
software are installed |
Given for 50 Normalized user (*) |
Table 1 System Requirement
*Number of Active Users in Domain for which Inventory Collection Will be
Made.
Please use below link to download predefined Virtual Machine
according to your virtualisation environment
For VmWare ESX Environment
http://download.netcyte.co/NetCyte/NetCyte-ESX.zip
For Hyper-V Environment:
http://download.netcyte.co/NetCyte/NetCyte-HyperV.zip
For deployment of virtual machine please refer to your virtualisation platform guide. Once you finish deployment you can access Windows Server through console.
To login to Windows use:
Password: ChangeMe123!!
After log in to your
system please change Ip Address of server suitable to you environment. Default IP
address of Virtual Machine is 10.30.4.132. After setting up IP Address reboot
the device.
After setting up IP Address you can access
management console using http://<IPAddress>/netcyte
To login to
system:
User
Name: admin
Before logging in, the system requires a valid license. To get the license, click on the license link on the record on-screen and click Generate License Request and send the generated string to demo@cybercyte.com and your license request will be processed as soon as possible. Once your demo license issued, please apply for a license from the same screen license key is generated.
Figure
1 License
Request Key and License Apply Screen
Once you successfully login please click button to show the particular main menu items on top of left pane
and click
picture next to NetCyte
Logo to change menu from icon to menu names
Once you login to the system you will see the all host page. Because no discovery is made yet, you would not see any device. There are many ways to discover connected devices to your network, but for a quick demo, we will use the "Network Scanning" method to identify the target network. In the “Network Discovery” process System starts with ICMP Echo Request (ping), please ensure that ICMP Echo request allowed from NAC Virtual Machine to Client Network.
Please refer to the “Getting Started” guide for other discovery methods like ARP Table Analysis available in http://docs.netcyte.co/
For
starting discovery go to Inventory Management--> IP Based Discovery and click button on the right
corner and definition page appears. On
this screen, define the IP address range for discovery, and how often your
clients should be rediscovered (Scan Interval) and how many threads will be
created during the discovery process. Also, you can limit the execution time,
either setting Execution time or Exclusion time. Once you finished your
settings do not forget to tick "Status". The status enables or
disables the discovery process
Figure
2 Define
IP Ranges for Discovery
Once your discovery process is finished you can see your host under All Host menu without enumeration. For enumeration please proceed to next step
Figure
3 All Host
view after Discovery
After discovery next step is Enumeration, or classification of your devices. Enumeration process is agentless. You do not need to install any agent or any other software to authorise method. The system tries to create a connection to the discovered device by using provided credentials. So, before proceeding to enumeration you need to define a credential to connect to the discovered device. NetCyte NAC uses SSH connection for Linux based devices, WMI for Windows-based devices and SNMP for identifying network devices. For Windows devices, please make sure that your user belongs to Administrators group on the discovered device
Sample
Credential Definition:
Please
select your connection type and fill
fields with suitable user and password information. All passwords are kept in
encrypted.
Once you
finished your Credential definition you need to enable Enumeration process. To
do this
Go to
Settings-->Global
Settings and edit settings by clicking
pen icon on each row. There are two settings for enumeration process.
1. 1. Select credentials will be used in enumeration: CLIENT ENUMERATION CREDENTIAL NAME.
Figure
5 Defining Enumeration User
Select the credentials that you define previous step and save it
2. Enable Enumeration Process: ENUMERATE CLIENT WITH REMOTE CONNECTION
Figure
6 Enable Enumeration
In this setting, tick the Setting value to enable it and save. Once you enable it, the enumeration process starts at the background. Please ensure that TCP/UDP ports are open as defined in Appendix Section of this document. Once enumeration is finished devices should be visible.
Figure
7 Sample All Host view after Enumeration
After the discovery
process is finished, the next step is to check information about your devices.
Please proceed to Inventory Policies..
All checks related to your devices come under Inventory Management à Inventory Rules. There are 20 predefined standard policies, but you can add more policies according to your needs. For defining new policies, please refer to the product documentation. All rules are by default are disabled. To enable any rule, click the edit button (pen icon) on the related rule for editing and tick status button bottom of the editing screen.
Once you enable the Inventory Policy, it will be executed when the execution interval expired, and it will be re-executed in each execution interval.
The last step is to view your Inventory Policy Rules. For a visual representation of your inventory rule, please go to Visualization and Analysis
Thread Analysis:
Analyse your Inventory Rules and shows potential Threads
Windows Malware Analysis : Show Potential Malware
Fingerprints
Compliance Analysis: Shows how your devices is compliant
with your security Policy
These are the analysis and visual representation of Inventory information which are collected form your devices. To access to detailed information for each inventory rule go to Inventory Management --> Inventory Information and select inventory rule type for view details.
From |
To |
Ports (Default) |
Purpose |
NAC Virtual Machine |
Client Devices |
TCP 135-139 UDP 135-139 TCP 445 TCP 1024-65535 (WMI) UDP 1024-65535 (WMI) TCP 3389 ICMP TCP 22 UDP 161-162 |
Enumeration and Inventory
Policy execution. WMI ports can be restricted
through group policy. |
Table
3 Network Access Requirements
Note 1: Default
TCP/UDP ports are given as default access port. If you use different ports,
please update the table according to it.