Cymmetria MazeRunner INSTALLATION GUIDE

Similar documents
Cymmetria MazeRunner USER GUIDE

MazeRunner COMMUNITY EDITION USER GUIDE

Cymmetria MazeRunner COMMUNITY EDITION USER GUIDE

Cisco Modeling Labs OVA Installation

Deploy the ExtraHop Discover Appliance with VMware

FileCruiser VM Quick Configuration Guide For Trial Version V1.0

Install and Configure FindIT Network Manager and FindIT Network Probe on a VMware Virtual Machine

Deploy the ExtraHop Discover Appliance with VMware

F5 iworkflow and Citrix XenServer: Setup. Version 2.0.1

VMware ESX ESXi and vsphere. Installation Guide

F5 iworkflow and Linux KVM: Setup. Version 2.0.2

Product Version 1.1 Document Version 1.0-A

HiveManager Virtual Appliance QuickStart

Ixia Developer KVM over CentOS deployment and configuration steps:

Installing or Upgrading ANM Virtual Appliance

Version 2.3 User Guide

Installing the Cisco Nexus 1000V Software Using ISO or OVA Files

OS10 Virtualization Guide. Enterprise Edition

Redhat OpenStack 5.0 and PLUMgrid OpenStack Networking Suite 2.0 Installation Hands-on lab guide

Installing Cisco Virtual Switch Update Manager

Configure RSPAN with VMware

ARCSERVE UDP CLOUD DIRECT DISASTER RECOVERY APPLIANCE VMWARE

Preparing Virtual Machines for Cisco APIC-EM

Preparing Virtual Machines for Cisco APIC-EM

Plexxi HCN Plexxi Connect Installation, Upgrade and Administration Guide Release 3.0.0

Installing Cisco MSE in a VMware Virtual Machine

If you re not using VMware vsphere Client 4.1, your screens may vary. ITEM Example s Values Your Values

Easy Setup Guide. Cisco FindIT Network Probe. You can easily set up your FindIT Network Probe in this step-by-step guide.

F5 iworkflow and Microsoft Hyper-V: Setup. Version 2.2.0

Configuring High Availability for VMware vcenter in RMS All-In-One Setup

VMware vfabric Data Director Installation Guide

FusionHub. Evaluation Guide. SpeedFusion Virtual Appliance. Version Peplink

LiveNX All- In- One on ESXi INSTALLATION GUIDE

Remote PC Guide Series - Volume 2

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

F5 BIG-IQ Centralized Management andlinux KVM: Setup. Version 5.0

Installing and Configuring vcenter Support Assistant

Quick Start Guide: TrafficWatch

BIG-IP Virtual Edition and VMware ESXi: Setup. Version 12.1


Installing VMware vsphere 5.1 Components

Installing and Upgrading Cisco Network Registrar Virtual Appliance

FusionHub. SpeedFusion Virtual Appliance. Installation Guide Version Peplink

Reset the Admin Password with the ExtraHop Rescue CD

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

Configure RSPAN with VMware

CA Agile Central Administrator Guide. CA Agile Central On-Premises

Deploy IBM Spectrum Control Virtual Appliance into VMware ESXi V5.1 IBM

How to Deploy Axon on VMware vcenter

Installing the Cisco CSR 1000v in VMware ESXi Environments

All - In - One for Hyper- V

BIG-IQ Cloud and VMware ESXi : Setup. Version 1.0

Installing the Cisco Virtual Network Management Center

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

VMware vfabric Data Director Installation Guide

Securing Containers Using a PNSC and a Cisco VSG

ISO Installation Guide. Version 1.2 December 2015

Cisco Integrated Management Controller (IMC) Supervisor is a management system that allows you to manage rack mount servers on a large scale.

KEMP360 Central - VMware vsphere. KEMP360 Central using VMware vsphere. Installation Guide

Quick Start Guide ViPR Controller & ViPR SolutionPack

SteelCentral AppResponse 11 Virtual Edition Installation Guide

UDS EVALUATION VERSION Installation, Administration and User Manual

Quick Start Guide ViPR Controller & ViPR SolutionPack

Deploying the Cisco Tetration Analytics Virtual

vrealize Network Insight Installation Guide

How to Install ESX 4.0 on Workstation as a VM

Emulator Virtual Appliance Installation and Configuration Guide

Hands-on Lab Manual. Introduction. Dell Storage Hands-on Lab Instructions. Estimated Completion Time: 30 minutes. Audience. What we will be doing

VIRTUAL CENTRAL LOCK

Cisco VDS Service Broker Software Installation Guide for UCS Platforms

Implementing Infoblox Data Connector 2.0

EventTracker: Virtual Appliance

EventTracker: Virtual Appliance

Installation of Cisco Business Edition 6000H/M

Deploy the ExtraHop Trace Appliance with VMware


VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

How to Install ESXi 4.0 on Workstation as a VM

ECDS MDE 100XVB Installation Guide on ISR G2 UCS-E and VMWare vsphere Hypervisor (ESXi)

EventTracker: Virtual Appliance

CA Agile Central Installation Guide On-Premises release

SRA Virtual Appliance Getting Started Guide

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

Installing Cisco VTS in a Linux - OpenStack Environment

Deploying Cisco UCS Central

Creating Application Containers

Deploying the LANGuardian Virtual Appliance on VMware ESXi 6.5

BIG-IP Virtual Edition Setup Guide for VMware ESXi. Version 11.5

Getting Started with ESXi Embedded

Free Download: Quick Start Guide

efolder BDR for Quest Rapid Recovery / VMware Continuity Cloud Guide

Neutron Series OCTOBER 2015

Scrutinizer Virtual Appliance Deployment Guide Page i. Scrutinizer Virtual Appliance Deployment Guide. plixer

VMware vsphere: Install, Configure, and Manage v6.5 Pod. Installation and Configuration Guide

akkadian Provisioning Manager Express

Dell Storage Compellent Integration Tools for VMware

ElasterStack 3.2 User Administration Guide - Advanced Zone

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Wanos on XenServer. Complete Lab Setup Guide

Transcription:

Cymmetria MazeRunner INSTALLATION GUIDE September 12, 2016

Supported environments (all must have nested virtualization enabled follow the links below to learn more) VMware Player (7 or higher) VMware Workstation (11 or higher) ESXi server (5.1 or higher) KVM hypervisor Not supported: VirtualBox Requirements Minimum requirements for installation: 150GB minimum storage, 500GB recommended 2GB of RAM (add 2GB for each additional nested decoy) 1 x CPU @ 2 GHz (add another CPU core for each additional nested decoy) VMware hypervisor (Player 7 or higher; Workstation 11 or higher; ESXi server 5.1 or higher) or KVM hypervisor, with nested virtualization enabled Additional requirements Nested virtualization Promiscuous mode Cymmetria MazeRunner 2 www.cymmetria.com

CONTENTS Introduction What is MazeRunner?... 4 Installation and setup... 5 Virtual appliance (VMware Player)... 5 Virtual appliance (VMware Workstation)... 7 Virtual appliance (VMware ESXi)... 11 Enabling nested virtualization using vcenter... 15 Enabling nested virtualization using VMware Workstation (version 11 and up)... 17 Enabling nested virtualization using SSH... 19 Powering on your virtual machine... 21 Virtual appliance (KVM)... 24 MazeRunner network configuration... 27 Static IP... 27 VLAN support... 28 Cymmetria MazeRunner 3 www.cymmetria.com

INTRODUCTION WHAT IS MAZERUNNER? MazeRunner is a platform for creating effective deception stories. Attackers making lateral movement will first collect information on their next targets. At that time, they will find breadcrumbs deployed by MazeRunner that point to decoys. Once the attackers connect to the decoys, they are led to believe that they have successfully gained access to a target machine. Having gained a false sense of security, attackers reveal their attack tools and methods, which defenders are then able to document and analyze. Finally, MazeRunner communicates with an organization's existing defense infrastructure, exporting threat information that allows for the creation of attack signatures. For a more detailed overview of MazeRunner, please read our product whitepaper, which can be downloaded for free from our website. Cymmetria MazeRunner 4 www.cymmetria.com

INSTALLATION AND SETUP This section will guide you through the installation and setup of Cymmetria's MazeRunner solution. It includes information on MazeRunner's platform and deployment. VIRTUAL APPLIANCE (VMWARE PLAYER) To begin, make sure you have VMware Player installed on your computer. Then, navigate to the directory in which the MazeRunner OVA file is stored and proceed according to the following instructions: 1. To import MazeRunner into VMware Player, double-click on the OVA file (if you have multiple hypervisors installed on your computer, you will need to right-click on the OVA file, select "Open with", and then select "VMware Player"). You will need to provide a name and local storage path for the new virtual machine, and then click "Import": 2. Before powering on your new virtual machine, you must enable nested virtualization support in order to run MazeRunner with nested decoys. To do this: a. Make sure the virtual machine is turned off, and then right-click on it and select "Settings ": b. Select the Processors option and make sure the "Virtualize Intel VT-x/EPT or AMD-V/RVI" and "Virtualize CPU performance counters" boxes are checked, then click "OK": Cymmetria MazeRunner 5 www.cymmetria.com

c. Nested virtualization is now enabled. 3. Now you can power on your virtual machine by clicking "Play virtual machine": 4. Once your virtual machine finishes booting, you will see its assigned IP address displayed on the console: Cymmetria MazeRunner 6 www.cymmetria.com

Save this IP address; you will need to use it later. That's it! MazeRunner is now ready for use. By default, MazeRunner obtains its network configuration through DHCP. If you would like to change MazeRunner's network configuration, see the section entitled "MazeRunner network configuration" on page 27 of this guide. Learn more about how to get started with MazeRunner by reading the MazeRunner User Guide for Community Edition v1.1.0. VIRTUAL APPLIANCE (VMWARE WORKSTATION) To begin, make sure you have VMware Workstation installed on your computer. Then, navigate to the directory in which the MazeRunner OVA file is stored and proceed according to the following instructions: 1. To import MazeRunner into VMware Workstation, double-click on the OVA file. You will need to provide a name and local storage path for the new virtual machine, and then click "Import": Cymmetria MazeRunner 7 www.cymmetria.com

2. Before powering on your new virtual machine, you must enable nested virtualization support in order to run MazeRunner with nested decoys. To do this: a. Make sure the virtual machine is turned off, and then right-click on it and select "Settings ": b. Select the Processors option and make sure the "Virtualize Intel VT-x/EPT or AMD-V/RVI" and "Virtualize CPU performance counters" boxes are checked, then click "OK": Cymmetria MazeRunner 8 www.cymmetria.com

c. Nested virtualization is now enabled. 3. Now you can power on your virtual machine by clicking "Power on this virtual machine": 4. Once your virtual machine finishes booting, you will see its assigned IP address displayed on the console: Cymmetria MazeRunner 9 www.cymmetria.com

Save this IP address; you will need to use it later. That's it! MazeRunner is now ready for use. By default, MazeRunner obtains its network configuration through DHCP. If you would like to change MazeRunner's network configuration, see the section entitled "MazeRunner network configuration" on page 27 of this guide. Learn more about how to get started with MazeRunner by reading the MazeRunner User Guide for Community Edition v1.1.0. Cymmetria MazeRunner 10 www.cymmetria.com

VIRTUAL APPLIANCE (VMWARE ESXI) To begin, open your vsphere Client and connect to your ESXi server by entering your username and password. From the File drop-down menu, choose "Deploy OVF Template" and open the MazeRunner OVA file supplied. Move through the stages of deploying the OVF Template: 1. Choose a name for your virtual machine (for example, "Cymmetria MazeRunner"). 2. Choose your specific datacenter as the Host / Cluster on which to run the deployed template. 3. Select a destination for storing the virtual machine files. 4. Use the default values that appear in the Disk Format section. 5. Notice that the source network is shown as "bridged". Click "Next" to review all parameters and finish the virtual machine creation: After your virtual machine has finished being deployed (this will take some time), select your virtual machine from the side bar on the left-hand side of the screen, then navigate to Home Inventory Hosts and Clusters: Cymmetria MazeRunner 11 www.cymmetria.com

Open the Configuration tab and choose "Networking" by clicking on the link located in the Hardware box to the left: To make the nested virtual machines accessible from the network, enable Promiscuous Mode for the Virtual Machine Port Group, where your virtual machine is connected (in our example, Maze ). To do this, go to Properties, select your virtual machine's port group, and then click Edit : Cymmetria MazeRunner 12 www.cymmetria.com

Go to the Security tab and make sure both Promiscuous Mode and Forged Transmits are enabled ("Accept"). Click "OK": Why do we need Promiscuous Mode and Forged Transmits? In order for the nested virtual machines to receive data packets, we need to enable these functions. If you do not enable Promiscuous Mode and Forged Transmits, you will only be able to use OVA decoys, which are not nested. Now you must enable nested virtualization support, in order to run MazeRunner with nested decoys. There are three common methods used to enable nested virtualization in ESXi products: 1. using vcenter 2. using VMware Workstation 3. using SSH Cymmetria MazeRunner 13 www.cymmetria.com

To find out which of these three methods you will need to use, you must look at which VMware hypervisor you are running. To do this, open vsphere Client and go to Help About VMware vsphere: If you see the following pop-up window, it means you are using vcenter: If you see the following pop-up window, it means you are using ESXi: Cymmetria MazeRunner 14 www.cymmetria.com

If you are using vcenter, see the instructions provided in the section entitled "Enabling nested virtualization using vcenter", below. If you are using ESXi, you have two options for enabling nested virtualization: via VMware Workstation or SSH (see the relevant sections on page 17 and 19 of this guide). ENABLING NESTED VIRTUALIZATION USING VCENTER The following steps will guide you through enabling nested virtualization using vcenter. 1. Open vsphere Web Client in your web browser by navigating to the IP address of your vcenter server (using HTTPS), and log in with the same credentials you used to log in to your vsphere client: 2. Make sure your virtual machine is turned off, then select "VMs and Templates" from the Home menu: Cymmetria MazeRunner 15 www.cymmetria.com

3. Right-click on your virtual machine and select "Edit Settings ": 4. Expand the CPU drop-down options, check the Hardware virtualization and Performance counters checkboxes, and click "OK": Cymmetria MazeRunner 16 www.cymmetria.com

Nested virtualization is now enabled. Please continue to the "Powering on your virtual machine" section of this guide. ENABLING NESTED VIRTUALIZATION USING VMWARE WORKSTATION (VERSION 11 AND UP) The following steps will guide you through enabling nested virtualization using VMware Workstation (version 11 and up). 1. Open VMware Workstation and navigate to File Connect to Server : 2. Enter your login details (your ESXi credentials) and navigate to your MazeRunner virtual machine. Make sure the virtual machine is turned off, and then right-click on it and select "Settings " (you may have to double-click on your virtual machine name before right-clicking): Cymmetria MazeRunner 17 www.cymmetria.com

3. Select the Processors option and make sure the "Virtualize Intel VT-x/EPT or AMD-V/RVI" and "Virtualize CPU performance counters" boxes are checked, then click "OK": Nested virtualization is now enabled. Please continue to the "Powering on your virtual machine" section of this guide. Cymmetria MazeRunner 18 www.cymmetria.com

ENABLING NESTED VIRTUALIZATION USING SSH The following steps will guide you through enabling nested virtualization using SSH. 1. In your vsphere client, under the Configuration tab, choose "Security Profile" from the Software box on the bottom left of the screen, and then click "Properties": 2. Enable the ESXi Shell by selecting it from the list of labels, and then clicking on Options Start OK: 3. Follow the same steps to enable the SSH service: Cymmetria MazeRunner 19 www.cymmetria.com

4. Once finished, click "OK". 5. Log in to the ESXi Shell via an SSH client (PuTTY, for example), using your ESXi root user's credentials. To do this: a. Open PuTTY. In PuTTY, click "Open" to open a new SSH console: Cymmetria MazeRunner 20 www.cymmetria.com

b. In the SSH console, enter your username and password. Your shell should look like this: 6. Navigate to the MazeRunner virtual machine directory, located in /vmfs/volumes/<datastore_name>/<virtual_machine_name>/. For example: 7. Make sure your MazeRunner virtual machine is turned off. Then, use your editor of choice to edit the.vmx file (for example, "MazeRunner_release.vmx") in this directory by adding the following flags to the end of the file: vhv.enable = "TRUE" vpmc.enable = "TRUE Nested virtualization is now enabled. Please continue to the "Powering on your virtual machine" section of this guide. POWERING ON YOUR VIRTUAL MACHINE Once you have enabled nested virtualization, you can power on your new virtual machine. To do this, open vsphere Client and navigate to Home Inventory VMs and Templates: Cymmetria MazeRunner 21 www.cymmetria.com

Use the search bar to find your virtual machine, select it, and then click "Power on the virtual machine": Switch to the Console tab to see the virtual machine powering on. Once it finishes booting, you will see its assigned IP address displayed on the console: Cymmetria MazeRunner 22 www.cymmetria.com

Save this IP address; you will need to use it later. That's it! MazeRunner is now ready for use. By default, MazeRunner obtains its network configuration through DHCP. If you would like to change MazeRunner's network configuration, see the section entitled "MazeRunner network configuration" on page 27 of this guide. Learn more about how to get started with MazeRunner by reading the MazeRunner User Guide for Community Edition v1.1.0. Cymmetria MazeRunner 23 www.cymmetria.com

VIRTUAL APPLIANCE (KVM) To begin, open a terminal, navigate to the directory in which the MazeRunner DSK file is stored (in QCOW2 format), and proceed according to the following instructions: 1. Enable promiscuous mode Check if promiscuous mode is enabled on the network interface to which MazeRunner's virtual machine bridge will be connected (if you know that it is already enabled, you can skip to step 3 of this section now): a. Run the command 'netstat -i'. b. If the network interface to which you are going to connect the virtual machine bridge has 'P' in its flag (as shown in Figure A), promiscuous mode is already enabled and you can skip to step 3 of this section now: Figure A. netstat -i command output with promiscuous mode off/on. 2. If promiscuous mode is off, you will need to enable it according to the following instructions (depending on which OS you are using). To enable promiscuous mode: a. On Red Hat/CentOs: i. Open /etc/sysconfig/network-scripts/ifcfg-x (replace X with the name of the network interface to which MazeRunner's virtual machine bridge will be connected). ii. Add the line 'PROMISC=yes' to the end of the file. b. On Ubuntu/Debian: i. Open the "interfaces" file located in /etc/network. ii. Add the following lines under the configuration for the network interface to which MazeRunner's virtual machine bridge will be connected: up ifconfig $IFACE up up ip link set $IFACE promisc on down ip link set $IFACE promisc off down ifconfig $IFACE down Cymmetria MazeRunner 24 www.cymmetria.com

3. Import the MazeRunner image (DSK file) using the following command (run as root): virt-install -n <name> -r <amount_of_ram> --os-type=linux --os-variant= ubuntu14.04 --disk MazeRunnerVirt.dsk,bus=virtio -w bridge=<name_of_network_bridge>,model=virtio --vnc -- noautoconsole --import --cpu=host For example: virt-install -n MazeRunner -r 16384 --os-type=linux --os-variant=ubuntu14.04 --disk MazeRunnerVirt.dsk,bus=virtio -w bridge=virbr0,model=virtio --vnc --noautoconsole --import -- cpu=host *NOTE: On some older virt-install versions, the os-variant argument for "ubuntu14.04" was "ubuntutrusty". You can check the available variants on your system using the command 'osinfoquery os'. Parameters Detailed: -n [an internal name for your virtual machine] -r [the amount of RAM, in MB, for your virtual machine] --os-type [the type of OS Linux or Windows] --os-variant [the distribution or version for a full list, run command 'man virtinstall'] --disk [specifies media to use as storage for the guest, with various options] -w [the network configuration] --vnc [configures the graphics card to use VNC, allowing you to use virt-viewer or virt-manager to see the desktop] --noautoconsole [configures the installer to NOT automatically try to open virtviewer to view the console in order to complete the installation this is helpful if you are working on a remote system through SSH] 4. Check that the virtual machine was created successfully (we will use Virtual Machine Manager to do this in our example): a. Open Virtual Machine Manager and find the name you gave to the MazeRunner virtual machine in step 3: b. Click on the Open button and wait for the MazeRunner virtual machine to boot. Once it finishes booting, you will see its assigned IP address displayed on the console: Cymmetria MazeRunner 25 www.cymmetria.com

c. Save this IP address; you will need to use it later. That's it! MazeRunner is now ready for use. By default, MazeRunner obtains its network configuration through DHCP. If you would like to change MazeRunner's network configuration, see the section entitled "MazeRunner network configuration" on page 27 of this guide. Learn more about how to get started with MazeRunner by reading the MazeRunner User Guide for Community Edition v1.1.0. Cymmetria MazeRunner 26 www.cymmetria.com

MAZERUNNER NETWORK CONFIGURATION This section includes information on configuring static IP and VLAN support. STATIC IP By default, MazeRunner automatically obtains its network configuration through DHCP. If you would like to change MazeRunner's network configuration, follow these steps: 1. Open the server's console. The console can be accessed using your hypervisor UI. 2. Log in as "usern": a. Enter 'usern' as the MazeRunner login. For example: b. Enter the password 'Password1!' 1 and then enter static. For example: Enter the details relevant to your network (IP address, netmask, default gateway, nameserver IP address). If you do not know your network details, contact your IT administrator. That's it! MazeRunner is now configured and ready for use. Learn more about how to get started with MazeRunner by reading the MazeRunner User Guide for Community Edition v1.1.0. 1 You will be prompted to change this password on first use. Cymmetria MazeRunner 27 www.cymmetria.com

VLAN SUPPORT VLAN support can be enabled by following the steps outlined below (note that these steps assume you are using a VMware hypervisor): 1. Make sure that your port group is configured to accept VLAN tagging. If you already know that this is configured correctly, skip to step 2. a. In your vsphere control panel, access the Properties menu of the switch to which MazeRunner is connected by navigating to Configuration Networking Properties : b. Under the Ports tab, select the appropriate switch name and click "Edit ": c. Under the General tab, select "All (4095)" as the VLAN ID: Cymmetria MazeRunner 28 www.cymmetria.com

d. To make sure that the network adapter "sees" the VLAN network, expand the Networks list under the Status area in Configuration Networking Properties Network Adapters: Cymmetria MazeRunner 29 www.cymmetria.com

2. In MazeRunner (see "Using MazeRunner" on page 38 of the MazeRunner User Guide for Community Edition v1.1.0 before proceeding), click on the gear icon on the top right navigation bar to access the system menu, and select "Configure": 3. On the Networking tab, check the "Enable VLAN support" box, and then click "Save configuration": 4. Next, click the Add VLAN button: Cymmetria MazeRunner 30 www.cymmetria.com

5. Enter a VLAN ID (for example, "2"). NOTE: VLAN ID must use numbers, not letters or other characters. If you are using static IP in your network, please assign the Cymmetria management server a static IP address in the space provided, then click "Create": That's it! MazeRunner is now configured and ready for use. NOTE: When you define a new decoy in MazeRunner (when building your deception campaign), you will need to select your VLAN ID from the dropdown list: Learn more about how to get started with MazeRunner by reading the MazeRunner User Guide for Community Edition v1.1.0. We're here to help. If you have any questions, please contact us at support@cymmetria.com. Cymmetria MazeRunner 31 www.cymmetria.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback