Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

ControlCase CDD scanning guide Version 1.0 Sept 23, 2013 History Log Version Da

ControlCase CDD scanning guide Version 1.0 Sept 23, 2013 History Log Version Date Author Draft Version 1.0 September 23, 2013 Samir Mondal 1 ControlCase Contents Hardware Pre-requisites.............................................................................................3 Installation..................................................................................................................3 Running a scan...........................................................................................................4 Scan Pre-requisites..................................................................................................4 Configure a scan.....................................................................................................4 Windows Services required for CDD Scans...........................................................5 Domain/Network Share...........................................................................................6 Firewall Ports........................................................................................................6 High Level Windows Settings required.................................................................6 License usage......................................................................................................6 Debugging Steps..................................................................................................6 UNIX (Linux, Solaris, HP, AIX, MAC OS etc.).............................................................8 Firewall Ports required..........................................................................................8 High Level OS Settings required...........................................................................8 License usage......................................................................................................8 Debugging Steps..................................................................................................8 Database...............................................................................................................10 Firewall Ports required........................................................................................10 High Level Database Settings required..............................................................10 License usage....................................................................................................10 Debugging Steps................................................................................................10 Other sensitive data.................................................................................................12 Regular Expression search....................................................................................12 Custom Word Search.............................................................................................13 2 ControlCase Hardware Pre-requisites 1. The CDD Installation machine (scanner machine) needs to be a “brand new install” of Windows 2008 R2 or Windows 7 Enterprise. 2. Windows Operating system should be in the English language (other languages are not supported at this time). 3. The scanner machine should be a 1 or 2 core 2.4 GHz CPU or better with at least 200GB disk space free and 4 GB RAM. If Windows can run well on the hardware, so can CDD. 4. We need administrator credentials on the scanner machine to install the software and this administrator account should be a “true” administrator and have ALL access rights to the machine including but not limited to “Run as Service”, “Install scheduled tasks”, “Access the network”, “RDP inbound”. 5. The scanner machine should allow standard Windows Networking, Administrative shares (ADMIN$ etc.) and RPC ports. Network Discovery and Windows File sharing needs to be enabled on this machine. The NetBIOS ports 139 and 445 should be open on this machine. Port 745 should to be open on this machine if CDD needs to be accessed remotely. Installation Double click on the EXE and provide credentials when asked. The package will install web server, application, database server and scheduled task (cdd_T ask). Once installed the application can be accessed with a web browser – http://localhost:745/cdd/ Default user name: cdduser Default password: cddpassword Debug steps for installation issues: 1. Credentials not accepted Please provide correct Administrative credentials. The installer checks the credentials before it starts to install services and copy files 2. Apache service blocked This may blocked by Windows firewall, UAC or any third party antivirus/firewall. Please allow this service to be installed 3. Zend optimizer error on first logon Please make sure no other Apache/PHP installation is present on the scanner machine. 4. Windows task scheduler error a. Please make sure the credentials provided at the installation time can run and execute the CDD scheduled task 3 ControlCase b. The above user has write permission on target folder where CDD is chosen to be installed c. CDD is not installed on any other operating system other than the allowed platforms Running a scan There are 6 steps involved in configuring and running a CDD scan. 1. Configure scan - In this step user creates/edits the scans or adds/deletes the scan items. User can add as many file system and database items as he want in a single scan. 2. Validate Credentials - In this step the tool validates the various credentials provided by the user and marks the process as pass or fail based on the results. The processes which are marked as success will be considered for running in next phase. 3. Running T ools - In this step tool invokes various executables required to scan the database/file system for the cardholder/sensitive data. 4. Collect output/result files - In this step tool collects the output/result file generated by the various executables and insert them into the database for further processing. 5. Parse the output/result files – In this step the tool parse the output file generated as a result of the running the tool and populate the data in various tables to generate the reports on the fly. 6. Generate reports – In this step the tool generate the various PDF and Excel reports and keep it ready for the user to download as zip. The reporting of PDF and Excel file usually takes the time. Scan Pre-requisites ControlCase Data Discovery utilizes native protocols, ports and access to perform data discovery searches on remote systems. We neither use a custom protocol nor custom ports to perform the scans. We use regular Windows Networking for our Windows File System scans, SSH based scans for Unix based (and MAC OS) scans and use regular client access protocols and libraries for all Database scans. The information below will help customers who work in excessively controlled environments to troubleshoot why the scans fail. Configure a scan Users can add or modify the partially configured scan by clicking on “New Scan” tab. 4 ControlCase Configuring a scan requires a valid License. If you don’t have valid license then you will not be able to configure a new scan. There are 2 different types of scans supported by CDD. In terms of Database scanning both the scans are same but in terms of File System scanning they are different. 1. Normal Scan – In this type of scan tool detects 2 (Configurable item for support user from settings tab) card data from each file. 2. Proximity Scan – In this type of scan tool detects the chosen no of card data from each file. A scan can be schedule to run later. For more details please see the section “Scheduling a scan”. Following screenshots will explain how to configure a new scan. Enter a name (so that you can distinguish between the scans) for the scan and click NEXT. There are two types of scans:  File System Scans – Used to scan hard drives on local and network computers  Database Scans – Used to scan databases Windows Services required for CDD Scans o NetLogon o Network Store Interface Service o Remote Procedure Call (RPC) o RPC Endpoint Mapper o Server o T ask Scheduler o TCP/IP NetBIOS Helper o User Profile Service o Workstation o DCOM Server Process Launcher o Computer Browser 5 ControlCase o Group Policy Client 6 ControlCase Domain/Network Share For Domain level scans (i.e. scan an entire domain from our scanner) we need an account that has “Domain Administrator” level privileges. We will need the domain name, username and password. For Network share we require share name in UNC format, username and password. Firewall Ports TCP outbound AND inbound ports 139 or 445 from CDD Scanner to each T arget and back (Windows NT/2000 may require ports 135-137 UDP too) High Level Windows Settings required File Sharing and Network Discovery enabled both on CDD Scanner machine and T argets Administrative shares such as ADMIN$, C$, D$ etc. need to be available both on CDD Scanner machine and T argets Any host based firewalls also need to allow Windows traffic Windows Local or Domain Administrator both on CDD Scanner machine and T argets. With every new version of Windows, it is getting harder to perform any of these activities using a non-administrative account. HIDS or Application Whitelisting Software need to whitelist our executables. The current list and checksums can be obtained through support. License usage Only successful scan will count to license usage. For Network share it’s one scan per one share. For Domain it’s one scan per one drive for one IP . If for one IP a drive scan failed due to some reason it won’t count to the license usage. Debugging Steps The scanner should be able to connect to the machines it is scanning (targets) using regular Windows networking. Please ensure that this access is possible at the TCP/IP and NetBIOS levels before we attempt scanning these machines with a scanner. A good way to test this is to type the target machine name \\target_machine_name\C$ in the Windows Run box. If that connects with the provided credentials, we will be able to scan the machine. The target machine should also be able to connect back to the scanner to return the results of the scan. This connection is made over Windows (NetBIOS/SMB) networking and using the credentials that CDD was installed with (or if they have changed since then, the credentials in the Advanced -> Windows Account/User Credentials screen). These same credentials are also used to execute the Windows scheduled task named (cdd_T ask). 7 ControlCase A good way to test this is to type the scanner machine name \\scanner_machine_name\C$ in the Windows Run box of the target machine and use the credentials used in the CDD -> Advanced -> Windows Account/User Credentials screen. If that connects with the provided credentials, we will be able to scan the machine and return the results. An antivirus/antimalware/application whitelisting or HIDS program on the target is not letting our scan process execute. Please verify that such programs are not interfering with our execution. 1. “Not able to execute CCConn on remote machine” The scanner is not able to connect back to the CDD machine. Please ensure that the credentials provided under the Windows Account/User credentials has the right to connect back to CDD machine. uploads/Industriel/ cdd-scanning-guide.pdf