Complete. Simple. Affordable Copyright 2015 AlienVault. All rights reserved.
AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.
CONTENTS 1. INTRODUCTION... 4 2. HOW A VPN IS SET IN A 4.9 VERSION AND PREVIOUS... 4 2.1. Configure the Sensor to report through a VPN... 5 2.2. Configure the Logger through a VPN... 5 3. HOW A VPN IS SET IN VERSION 4.10 AND LATER... 5 3.1. Configure the VPN Server... 5 3.2. Configure the Sensor to report through a VPN... 7 3.3. Configure the Logger through a VPN... 12 4. HOW TO VISUALIZE THE INFORMATION ABOUT ALIENVAULT COMPONENTS... 17 DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 3 of 18
1. INTRODUCTION A virtual private network (VPN) extends a private network across a public network, such as the Internet. This kind of net is useful to encode all communications between all AlienVault Components. For each environment, an only VPN Server is supported. 2. HOW A VPN IS SET IN A 4.9 VERSION AND PREVIOUS In 4.9 version these are the steps to follow to set VPN tunnels (to validate this process two 4.9 AIOs and a 4.9 virtual sensor were used). 1. Enter in the appliance where you want to mount the Openvpn server the following command, if you want to add a remote sensor: ossim-reconfig -c -v -d --add_vpnnode=<sensor_admin_ip> And enter the following command if you want to add a remote logger: ossim-reconfig -c -v -d --add_vpnnode=<logger_admin_ip> 2. Copy the config files to each appliance by entering the following commands: scp /etc/openvpn/nodes/<sensor_admin_ip>.tar.gz root@<sensor_admin_ip>: scp /etc/openvpn/nodes/<logger_admin_ip>.tar.gz root@<logger_admin_ip>: 3. Decompress, in the remote appliance, those files into /etc/openvpn: <remote_ip>: mv <remote_ip>.tar.gz /etc/openvpn/; cd /etc/openvpn/; tar xvzf <remote_ip>.tar.gz 4. Restart OpenVPN in the Client appliances: <remote_ip>: /etc/init.d/openvpn restart DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 4 of 18
2.1. CONFIGURE THE SENSOR TO REPORT THROUGH A VPN 1. Connect by ssh to the sensor using admin IP. 2. Select the option Configure Sensor. Press Enter to accept the selection (<OK>). 3. Select the option Configure Alienvault server IP. Accept the selection (<OK>) and enter the server IP Address. Accept the selection (<OK>). 4. Select the option Configure Alienvault Framework IP. Accept the selection (<OK>) and enter the Framework IP Address. Accept the selection (<OK>). 5. In the AlienVault Setup menu, select the option Apply all Changes. Accept the selection (<OK>). 6. Open the web browser using the web IP and login with admin credentials. 7. Navigate to Configuration > Deployment. Accept the new connection from the sensor by VPN (the VPN IP is displayed). 2.2. CONFIGURE THE LOGGER THROUGH A VPN 1. Go to the logger web and add a new server using the VPN server IP. 2. Go to the server and set the forwarding up to the target logger. 3. Apply the changes and wait until the API upload the configuration from the Server to the Logger. 3. HOW A VPN IS SET IN VERSION 4.10 AND LATER 3.1. CONFIGURE THE VPN SERVER 1. Connect by ssh to the appliance that is going to be the VPN Server. 2. Move to option System Preferences, then option Configure Network and, finally, option Configure VPN server. Press Enter to accept the selection (<OK>). The appliance must be registered to see all options in the menu. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 5 of 18
3. Enable the VPN Server by selecting yes and press Enter to accept the selection (<OK>): 4. Enter a virtual net to use. By default, it will always be 10.67.68. Press Enter to accept the selection (<OK>): DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 6 of 18
5. Enter a VPN Netmask. Press Enter to accept the selection (<OK>). 6. Enter a VPN Port. Press Enter to accept the selection (<OK>). 7. Select the option Apply all Changes. Press Enter to accept the selection (<OK>). 3.2. CONFIGURE THE SENSOR TO REPORT THROUGH A VPN 1. Connect by ssh to the server that is going to be the VPN server using admin IP. 2. Move to option System Preferences, then Configure Network and, finally, Configure VPN client. Press Enter to accept the selection (<OK>). DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 7 of 18
3. Enter the requested IP Address and accept the selection (<OK>): 4. Enter the root password of the remote sensor and press Enter to accept the selection (<OK>). DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 8 of 18
5. Press Enter to accept the selection (<Yes>). 6. Connect by SSH to the sensor using its Admin IP. 7. Select the option Configure Sensor and then Configure Alienvault server IP. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 9 of 18
8. Enter the VPN IP Address of the server and accept the selection (<OK>). 9. Select the option Configure Alienvault Framework IP. Enter the VPN IP Address of the server. Accept the selection (<OK>). 10. Select the option Apply all Changes. Press Enter to accept the selection (<OK>). 11. Open the web browser using the web IP and login with admin credentials. 12. Navigate to Configuration > Deployment > Sensors. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 10 of 18
13. Click on Insert to add the new sensor. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 11 of 18
14. Fill the form out. Do not forget to use the root password of the sensor. 15. Click on SAVE. The main window appears including the new sensor. 3.3. CONFIGURE THE LOGGER THROUGH A VPN 1. Open the web browser of the Logger using the web IP and login with admin credentials. 2. Navigate to Configuration > Deployment > Servers. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 12 of 18
3. Click on NEW. Fill the form out using the admin IP of the server. Do not forget to use the root password of the sensor. Click on SAVE. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 13 of 18
Keep in mind where the server is registered. It must be in the upper level of the hierarchy. For instance, if the USM sends events to the Logger, the USM must be registered in the Logger. Automatically, the server will be registered in the other side. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 14 of 18
4. Select the option Apply all Changes. Press Enter to accept the selection (<OK>). 5. Connect by ssh to the VPN Server using admin IP. 6. Move to option System Preferences, then Configure Network and, finally, Configure VPN client. 7. Press Enter to accept the selection (<OK>). DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 15 of 18
8. Enter the requested IP Address and accept the selection (<OK>): 9. Enter the root password of the remote sensor and press Enter to accept the selection (<OK>). DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 16 of 18
10. Press Enter to accept the selection (<Yes>). 11. Go to the server and set the forwarding up to the target logger. 12. Apply the changes and wait until the API upload the configuration from the Server to the Logger. 4. HOW TO VISUALIZE THE INFORMATION ABOUT ALIENVAULT COMPONENTS 1. Navigate to Configuration > Deployment > Components > AlienVault Center. DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 17 of 18
DC-00152 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 18 of 18