1. Overview
In this article, we'll discuss everything you need to be well-prepared for an ACSIA PoC installation.
2. Installation
2.1 Before the PoC installation
2.1.1 Creating an environment
In this section, we'll list some guidelines to help you prepare your environment so that everything will be correctly set up for the PoC installation.
2.1.2 Setting up the environment
We advise you to create a test environment that is separated from your production environment.
2.1.3 Verify the prerequisites
As with every software, you need to verify if your environment matches the prerequisites. Here are the ones for ACSIA:
- Hardware prerequisites. In this article, in paragraph 3.1.1, we discuss the minimum hardware requirements that your environment must match.
- Domains and reachability. It's important that your environment has full internet accessibility. Moreover, it must reach some specific domains. In this article, in paragraph 3.1.1, you find a list of domains. Please, verify that your environment can reach all the domains in the table and all the domains in the note following the table.
- Network configuration. You need to set up your network configuration for ACSIA. Please: verify the prerequisites in this article, in paragraphs 3.1.2 and 3.1.3.
2.1.4 Update and upgrade instance
Your instance must be updated and upgraded before installing ACSIA.
Please: kindly verify to do so before the PoC meeting.
2.2 During the PoC installation
2.2.1 Referring to the documentation
Please: note that the installation follows the main guide. You'll have to refer to it here.
2.2.2 deleting the standard user and creating a new one
Please, consider that the abovementioned paragraph 3.2 of the main guide is very important.
Here we want to underline the fact that at the end of it, below the "gif" image we describe a procedure that allows you to delete the standard user and creates a new one.
We kindly inform you that you have to perform it.
3. Adding a client on a device
2) Before installing the agent on the device, make sure the CPU is not under stress.
If your machine is under Linux, then add a Linux client.
If your machine is under Windows, then add a Windows client.
4. ACSIA dashboard presentation; possible setups and configurations to improve your experience with ACSIA
During the PoC call, we'll present you with the dashboard with all its functionalities.
We may also ask you to modify some setups and configurations to improve your experience with ACSIA.
5. Test detection
With our help and suggestions, you'll need to run the following commands to test your infrastructure and see the benefits of ACSIA:
1 | This command will perform a port scan on the first 1000 ports and ACSIA will detect it but it will not trigger an automatic ban. The detection is done only when more than 50 ports are scanned. The automatic ban will be triggered if many port scans are running in 5 minutes, one scan is not enough. Here is the list of commands I used and some information about them: | nmap ip_address -Pn -vvv |
2 | This command will scan all the ports of a machine in an aggressive way, scanning also the OS version. This command will trigger an auto-ban, so you will not find the notification in the live notification but only in the banned IP list if the Public IP Ban is enabled. | nmap -A -p- -T4 ip_address -Pn -vvv |
3 | This command will perform an RDP brute force and it will trigger an alert or an auto-ban depending on the aggressivity (how many passwords are tried in 5 minutes). For this scenario, they will need to provide us with the log files and we could try to build a parser for them. | hydra -l username -P /usr/share/wordlists/dirb/small.txt rdp://ip_address |
4 | This command will do a directory scanning attack and it will generate an alert or an auto-ban depending on the aggressivity (how many folders are checked in 5 minutes). | dirb http://ip_address_or_url /usr/share/wordlists/dirb/small.txt |