How-To: Remote assessments using Secutor Prime Professional

General support questions for the Secutor Prime product.
Randy
Site Admin
Posts: 28
Joined: Sat Feb 24, 2007 9:48 am

How-To: Remote assessments using Secutor Prime Professional

Postby Randy » Thu Mar 20, 2008 8:39 am

System requirements for the computer running Secutor Prime
  • Windows-based PC
  • 256MB RAM recommended
  • 10-63MB Hard Drive space (depending on configuration)
  • LAN Manager authentication level compatible with remote assessment targets (for Prime Professional)
How to Install Secutor Prime
Run the Secutor_Prime_Setup.exe program to launch the automated installer.

Remote Assessments (Secutor Prime Professional feature)
Below describes the configuration requirements to perform remote agentless assessments with Secutor Prime Professional (and Secutor Magnus and S-CAT). The instructions assume the target is locked-down according to the FDCC requirements. However, these instructions should apply to any XP or Vista implementation.

Microsoft Windows Configuration Requirements

  • Local security option "Network access: Sharing and security model for local accounts" must be set to "Classic - local users authenticate as themselves"
  • If a firewall is being used, make sure TCP port 445 or 139 is accessible between the computer running Secutor Prime Professional and the target machine. If using the Windows Firewall, activate the "File and Print Sharing" exception. That exception can be edited to only open TCP port 445 or 139
  • The Remote Registry service must be started
  • Network Security: LAN Manager authentication level must be compatible between the machine being assessed and the machine running Secutor Prime Professional
  • Microsoft Vista/7 only: The registry value LocalAccountTokenFilterPolicy must exist and be set to "1"
  • local Security Policy "Microsoft network client: Digitally sign communications (always)" must be set to "Disable" on the machine from which the assessment is being run
Unix Configuration Requirements
  • Secure Shell listening on port 22
  • SSH permits remote root logons form the Secutor Prime Pro workstation
Account Used for Assessment

Unix: Root-level account

Windows:
Remote Assessments using a domain account:
Scan as a member of Domain Admins group

Remote Assessments using a local account:
Use the local administrator account (Disabled on Vista/7 by default)
-- OR --
Disable the "Run all administrators in Admin Approval Mode" UAC (on Vista)
Scan as a member of the local Administrators group

Configuration Details and Instructions:

FDCC VISTA/USGCB Windows 7 agentless scan as a member of a domain
  • Turn on remote registry service
  • Firewall Configuration: Open the Local Security Policy MMC Snapin and configure the following inbound firewall rule for TCP port 445.
    Navigate to \Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security - Local Group Policy Object\Inbound Rules\
    Right click and select "New Rule".
    Select "Predefined"
    Select "File and Printer Sharing" on the drop-down list then click the "Next" button.
    Check "File and Printer Sharing (SMB-In)" for profiles "Private, Public" and "Domain".
    Click the "Next" button.
    Reboot to force the settings.
FDCC VISTA/USGCB Windows 7 agentless scan as a standalone workstation
  • Turn on remote registry service
  • Use regedt32.exe to add: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\
    Create DWORD value named: LocalAccountTokenFilterPolicy With value: 1
  • Firewall Configuration: Open the Local Security Policy MMC Snapin and configure the following inbound firewall rule for TCP port 445.
    Navigate to \Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security - Local Group Policy Object\Inbound Rules\
    Right click and select "New Rule".
    Select "Predefined"
    Select "File and Printer Sharing" on the drop-down list then click the "Next" button.
    Check "File and Printer Sharing (SMB-In)" for profiles "Private, Public" and "Domain".
    Click the "Next" button.
    Reboot to force the settings.
FDCC XP agentless scan as a member of a domain
No modifications of the FDCC are required

FDCC XP agentless scan as a standalone workstation
  • Firewall Configuration: In the GPO Editor \Local Computer Policy\Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile configure the following:
    Windows Firewall: Do not allow exceptions is "Not Configured"
    Windows Firewall: Allow file and print sharing exception is Enabled (Add the IP address of the scanning server or the subnet).
-- Randy
ThreatGuard, Inc.

Johnbii
Posts: 4
Joined: Thu May 19, 2011 8:27 am

Postby Johnbii » Fri Jun 17, 2011 9:40 am

Thank you will check these settings.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: No registered users and 4 guests