
Transcription
Fidelis Network /Fidelis Deception CommandPostQuick Start GuideRev-K (HPE DL360 Gen10) PlatformsAbout Fidelis CybersecurityFidelis Cybersecurity, the industry innovator in Active XDR and proactive cyber defense solutions, safeguardsmodern IT environments with unparalleled detection, deception, response, cloud security, and compliancecapabilities. We offer full visibility across hybrid environments via deep, dynamic asset discovery, multi-facetedcontext, and risk assessment. These features help minimize attackable surface areas, automate exposureprevention, threat detection, and incident response, and provide the context, accuracy, speed, and portabilitysecurity professionals need to find and neutralize adversaries earlier in the attack lifecycle. Fidelis Cybersecurityis dedicated to helping clients become stronger and more secure. Fidelis is trusted by many top commercial,enterprise, and government agencies worldwide. For more information, please visit www.fidelissecurity.comCopyright 2022 Fidelis Cybersecurity , Inc. All rights reserved.www.fidelissecurity.com
21. System OverviewThe Fidelis CommandPost appliance is the central component for command and control of FidelisNetwork/Fidelis Deception components. With CommandPost, you create and edit sensor rules, craftmetadata analytics and automation, view alerts from connected sensors and Collector components, anddefine and deploy Deception decoys.Figure 1: Fidelis Network/Fidelis Deception CommandPost Appliance – Rev-KCommandPost Setup Checklist Fidelis CommandPost – Appliance RequirementsAppropriate rack space, power, and cooling (Appendix B)Rack tools, rails, and connectorsKeyboard and video monitor / KVM switch for temporary appliance setupPower cables – two per appliance, appropriate power source and regionEthernet cables (cat5e) for Admin and iLO ports (Section 3)Network switches with enough physical ports (Section 4)Logical network information: IP addresses, hostnames (Section 5, Appendix A)2. Documentation, Passwords, and Technical SupportProduct DocumentationYou can find Fidelis Network/Fidelis Deception product documentation, appliance specifications, andinstructions at https://support.fidelissecurity.com or through theCommandPost user interface.navigation item in theAppliance Default PasswordsSystemAccountDefault PasswordSSH / Appliance ConsolefidelisfidelispassCommandPost user interfaceadminsystemiLOadministrator(printed on label, top of server).Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
3Technical SupportFor all technical support related to this product, check with your site administrator to determine supportcontract details. For support of your product, contact your reseller. If you have a direct support contractwith Fidelis Cybersecurity, contact Fidelis Cybersecurity Technical support at: Phone: 1.301.652.7190 Toll-free in the US and Canada: 1.800.652.4020 Email: [email protected] Web: https://support.fidelissecurity.com3. CommandPost: Network Port and CablingRequirementsYou must connect each appliance to the various networks using appropriate cables, and in some cases,also transceivers.Port LabelPhysical Connection Type (default)Cable Type (minimum)AdminGbE RJ45 (Copper)Cat 5e patch cableiLOGbE RJ45 (Copper)Cat 5e patch cableFigure 2: CommandPost Rear Port Assignments (Rev-K).Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
44. CommandPost Networking EnvironmentThe CommandPost appliances use the Admin network for service and inter-node communication.CommandPost appliances offer the iLO / IPMI interface for optional out-of-band management of theappliance.Use the tables below to determine the count and type of switch ports required to support the number ofappliances for your deployment.Admin NetworkThe Admin network connects the CommandPost to Fidelis sensors, Collectors, and on-premises Sandboxcomponents.ApplianceSwitch Port TypeQtyCommandPostGbE RJ45 (Copper)1iLO / IPMI NetworkThe iLO / IPMI network is an optional network for remote/out-of-band server administrationApplianceSwitch Port TypeQtyCommandPostGbE RJ45 (Copper)1.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
55. Appliance – Logical Network ConfigurationYou must assign logical network information to each physical connection. Build a table of the logicalinformation for each appliance (sample below) that you can reference during configuration. You willreference this table multiple times during the cluster setup. Appendix A has a worksheet you can use.Sample ConfigurationNetwork SettingInterfaceAssignmentsAdmin/eth0Hostname (FQDN)Static IP AddressSubnet MaskGatewayiLO / 255.255.255.0255.255.255.010.1.2.1Proxy Server10.5.6.7DNS Servers8.8.4.4, 8.8.8.8NTP Servers0.pool1.ntp.orgTime ZoneUTC ( 0)6. Appliance InstallationRack InstallationInstall each appliance in an enclosure/location that has necessary power and cooling. Ensure that theinstallation environment is within the operating temperature of the appliance. See Appendix B forappliance operating temperature requirements.PowerConnect power cables to the power supplies in the back of the appliance. See Appendix B for appliancepower requirements.Network CablingUsing the connectors and cables described in sections 3 and 4, begin to connect the appliances to thenetworks.Cable the CommandPost appliance(s) to the switches:1. Connect the Admin (eth0) port to the Admin switch port.2. Optionally, connect the iLO port to the Admin (or iLO) switch port.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
67. Appliance Network ConfigurationStart the Appliance Network Configuration1. Power on the appliance(s).2. Connect to the component CLI using either of the following:‒Via KVM Console, see Option 1: Connect to the Component CLI Using KVM Console‒Via iLO, see Option 2: Connect to the Component CLI Using iLOOption 1: Connect to the Component CLI Using KVM Console1. Connect a keyboard and monitor to the appliance.2. Continue with Complete the Appliance Network Configuration.Option 2: Connect to the Component CLI Using iLOiLO supports DHCP by default. If you need a static IP address, before performing this procedure, firstfollow Configuring iLO to Use a Static IP Address.1. Log into the iLO console:https:// IP address where IP address is the iLO IP address2. Specify the credentials:‒‒‒Username - AdministratorPassword - A random eight-character stringDNS name - ILOXXXXXXXXXXXX, where the X characters represent the server serialnumber.The iLO firmware is configured with a default username, password, and DNS name. The defaultinformation is on the serial label pull tab attached to the server that contains the iLO managementprocessor. Use these values to access iLO remotely from a network client by using a webbrowser.3. In the iLO web interface, navigate to iLO Integrated Remote Console.4. Select Power & Thermal.5. Click Reset.The system shuts down and restarts. For Fidelis Network appliances version 9.4.1 or later, ascreen similar to below is displayed. If you do not see this screen, contact Fidelis CustomerSupport.6. Continue with Complete the Configuration.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
7Configuring iLO to Use a Static IP AddressUse this procedure only if you want to connect to the component CLI using iLO and you need a static IPaddress. Note that iLO supports DHCP by default.1. Directly attach an ethernet cable from a client system, such as a laptop to the iLO port on theappliance.2. Restart the machine.3. Press F9 in the server POST screen.The UEFI System Utilities start.4. Click System Configuration.5. Click iLO 5 Configuration Utility.6. Disable DHCP:a. Click Network Options.b. Select OFF in the DHCP Enable menu.The IP Address, Subnet Mask, and Gateway IP Address boxes become editable. When DHCPEnable is set to ON, you cannot edit these values.7. Enter values in the IP Address, Subnet Mask, and Gateway IP Address boxes. (See Section 5/ Appendix A)8. To save the changes and exit, press F12.The iLO 5 Configuration Utility prompts you to confirm that you want to save the pendingconfiguration changes.9. To save and exit, click Yes - Save Changes.The iLO 5 Configuration Utility notifies you that iLO must be reset in order for the changes to takeeffect.10. Click OK.iLO resets, and the iLO session is automatically ended. You can reconnect in approximately 30seconds.11. Resume the normal boot process:a. Start the iLO remote console.The iLO 5 Configuration Utility is still open from the previous session.b. Press ESC several times to navigate to the System Configuration page.c.To exit the System Utilities and resume the normal boot process, click Exit and resumesystem boot.iLO is configured to use a static IP address. Continue with Option 2: Connect to the Component CLIUsing iLO.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
8Complete the Appliance Network Configuration1. After connecting using either KVM Console or iLO, you should see this screen for Fidelis Networkappliances version 9.4.1 or later.If you do not see the screen shown above, contact Fidelis Technical Support.2. With Perform Initial Install or Factory Reset selected, press Enter.3. Use the Up and Down arrow keys to select CommandPost , and press Enter.The system displays a screen with the message Congratulations, your CentOS installation iscomplete. The system will automatically reboot.4. Directly attach an ethernet cable from a client system such as a laptop to the Admin/eth0 port onthe appliance. The default IP address is 192.168.42.11/24. Assign a static IP from the samesubnet to the network interface on the client system and connect to the appliance using SSH.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
95. Use the following credentials at the login prompt. You will be required to change the passwordimmediately.‒‒user: fidelisdefault password: fidelispass6. From the command line, run:sudo /FSS/bin/setupYou will be prompted for the fidelis password.7. With Setup, select Network Settings.8. Configure the network parameters for the system and each active network interface.‒Use the Network Configuration table you prepared earlier (Appendix A).‒When complete, return to the top menu.9. When complete, select OK to leave Setup.10. From the command line, reboot the system:sudo /fss/bin/shutdown.pl --user admin –reboot8. Fidelis LicensingThe Fidelis CommandPost comes with a 60-day evaluation license. The CommandPost user interfaceshows the Host ID for the Fidelis Network hardware, the current license key, and the expiration date.To access the License page1. Log into the CommandPost.2. Access the License page.For versions 9.4 and latera. Navigate to: Administration System License & SystemFor versions 9.3.xa. Navigate to: Administration System Componentsb. In the row for the CommandPost, click thec.icon.Click License.3. If your license key shows no license or invalid , see Request a License below.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
10Request a License1. From the License page, click Request License to start an email to [email protected] email will contain the information required to generate a license for your appliance, includingthe Host ID, product type, and serial number.2. In the body of the email, add the following:‒‒Contact name and phone numberOrganization name and site locationFidelis Cybersecurity Support will respond within one business day with a license key.Enter a License KeyAfter receiving a response to your license request:1. Copy the license key from the response.2. In the CommandPost, navigate to the License page.3. Paste the license key or type it exactly into the License Key box.4. Click Save.When complete, Fidelis CommandPost is operational and ready for additional Fidelis components.Appendix A: Network Configuration WorksheetNetwork SettingInterfaceAssignmentsAdmin/eth0iLO / IPMIHostname (FQDN)Static IP AddressSubnet MaskGatewayProxy ServerDNS ServersNTP ServersTime Zone.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
11Appendix B: System SpecificationsCommandPost (Rev-K)Form Factor1U rack-mount chassis SFFCPUSingle Intel Xeon Gold 6246R16-core 3.4GhzTPMTPM 2.0Memory128GBECC DDR4 2933MhzStorage Capacity & Configuration6x HDD 600GB RAID-5 (3 TB Effective)Network Adapters (Default Config)4x 1GbEOut-of-Band ManagementIntegrated Lights Out Management (iLO)Power SupplyDual hot-swap800W High EfficiencyAC power suppliesDimensionsH: 4.29 cm ( 1.69 in)W: 43.46 cm (17.11 in)D: 70.7 cm (27.83 in)Weight (approx.)16.27 kg (35.86 lb)Operating Temperature10 to 35 C (50 to 95 F) at sea levelAC Input Requirements100 - 120 VAC200 - 240 VACBTU Rating (max)1902 BTU/hr (100 VAC)1840 BTU/hr (200 VAC)1832 BTU/hr (240 VAC).Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
12Appendix C: System TypesFor versions 9.4.1 and later, the table below shows the software to apply based on the appliance SKU.(Note the SKU typically starts with “FNH”). You can find the SKU in the following locations: Appliance lid UID decal (see sample on right)Shipping carton decal (see sample on right)Packing listPurchase orderMaintenance certificateAppliance SKUFNH-CPSystem TypeCommandPost.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com
QSG CP Rev-K 20220331Source: Technical SupportAbout Fidelis CybersecurityFidelis Cybersecurity, the industry innovator in Active XDR and proactive cyber defense solutions, safeguardsmodern IT environments with unparalleled detection, deception, response, cloud security, and compliancecapabilities. We offer full visibility across hybrid environments via deep, dynamic asset discovery, multi-facetedcontext, and risk assessment. These features help minimize attackable surface areas, automate exposureprevention, threat detection, and incident response, and provide the context, accuracy, speed, and portabilitysecurity professionals need to find and neutralize adversaries earlier in the attack lifecycle. Fidelis Cybersecurityis dedicated to helping clients become stronger and more secure. Fidelis is trusted by many top commercial,enterprise, and government agencies worldwide. For more information, please visit www.fidelissecurity.comCopyright 2022 Fidelis Cybersecurity , Inc. All rights reserved.www.fidelissecurity.com
‒ DNS name - ILOXXXXXXXXXXXX, where the X characters represent the server serial number. The iLO firmware is configured with a default username, password, and DNS name. The default information is on the serial label pull tab attached to the server that contains the iLO management processor.