WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES



Similar documents
Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

SOA Software API Gateway Appliance 7.1.x Administration Guide

Active Directory Integration: Install and Setup Guide. Insights

Enterprise. Insights. Active Directory Integration: Installation and Setup Guide. v1.0.5

Quick Start Guide for VMware and Windows 7

SevOne NMS Download Installation and Implementation Guide

Installing and Using the vnios Trial

Virtual Appliance Setup Guide

F-Secure Messaging Security Gateway. Deployment Guide

F-SECURE MESSAGING SECURITY GATEWAY

Set Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

User Guide. Cloud Gateway Software Device

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Product Version 1.0 Document Version 1.0-B

VELOCITY. Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Quick Start Guide for Parallels Virtuozzo

Virtual Managment Appliance Setup Guide

vrealize Air Compliance OVA Installation and Deployment Guide

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Installing and Configuring vcenter Support Assistant

Virtual Appliance Setup Guide

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

Chapter 1 Configuring Basic Connectivity

Configuration Guide. Websense Web Security Solutions Version 7.8.1

Virtual Web Appliance Setup Guide

V Series Rapid Deployment Version 7.5

Discovery Guide. Secret Server. Table of Contents

Active Directory: Setup Guide for Umbrella. Active Directory

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Administrator Guide. v 11

CommandCenter Secure Gateway

Thinspace deskcloud. Quick Start Guide

F-Secure Internet Gatekeeper Virtual Appliance

Appendix B Lab Setup Guide

Trial environment setup. Exchange Server Archiver - 3.0

Perforce Helix Threat Detection OVA Deployment Guide

How To - Implement Single Sign On Authentication with Active Directory

Acano solution. Virtualized Deployment R1.1 Installation Guide. Acano. February B

Installing the Operating System or Hypervisor

Installing, Uninstalling, and Upgrading Service Monitor

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

WatchGuard Dimension v1.1 Update 1 Release Notes

Getting Started with ESXi Embedded

Setup Cisco Call Manager on VMware

FireSIGHT User Agent Configuration Guide

Core Protection for Virtual Machines 1

PHD Virtual Backup for Hyper-V

Installing and Configuring vcloud Connector

Required Virtual Interface Maps to... mgmt0. bridge network interface = mgmt0 wan0. bridge network interface = wan0 mgmt1

VMware Identity Manager Connector Installation and Configuration

Introduction to Mobile Access Gateway Installation

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Guide to the LBaaS plugin ver for Fuel

Getting Started Guide

Altor Virtual Network Security Analyzer v1.0 Installation Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

OnCommand Performance Manager 1.1

Savvius Insight Initial Configuration

HP Client Automation Standard Fast Track guide

Penetration Testing LAB Setup Guide

ISERink Installation Guide

Request Manager Installation and Configuration Guide

OnCommand Performance Manager 1.1

Quick Note 052. Connecting to Digi Remote Manager SM Through Web Proxy

Installing and Configuring vcloud Connector

Table of Contents. Contents

PineApp Surf-SeCure Quick

NetIQ Sentinel Quick Start Guide

I N S T A L L A T I O N M A N U A L

OnCommand Unified Manager 6.3

How to install/upgrade the LANDesk virtual Cloud service appliance (CSA)

Clearswift SECURE Exchange Gateway Installation & Setup Guide. Version 1.0

Security Provider Integration Kerberos Authentication

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Using WhatsUp IP Address Manager 1.0

VMware vcenter Log Insight Getting Started Guide

Penetration Testing LAB Setup Guide

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager

Setting Up Scan to SMB on TaskALFA series MFP s.

Chapter 1 Configuring Internet Connectivity

VMware vcenter Support Assistant 5.1.1

Using RADIUS Agent for Transparent User Identification

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

System Administration Training Guide. S100 Installation and Site Management

OnCommand Performance Manager 2.0

EMC Data Domain Management Center

Using DC Agent for Transparent User Identification

Wazza s QuickStart 1. Leopard Server - Install & Configure DNS

Installation of MicroSoft Active Directory

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Amahi Instruction Manual

SonicWALL SRA Virtual Appliance Getting Started Guide

Fasthosts Internet Parallels Plesk 10 Manual

Faculty Details. : Assistant Professor ( OG. ),Assistant Professor (OG) Course Details. : B. Tech. Batch : : Information Technology

Quick Start Guide. Version R91. English

WatchGuard Training. Introduction to WatchGuard Dimension

Transcription:

BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES WEBTITAN CLOUD User Identification Guide This guide explains how to install and configure the WebTitan Cloud Active Directory components required to report on users, groups and internal networks.

2 Overview The Active Directory user identification integration consists of two components that must be installed on your network: 1. The WebTitan DNS Proxy, which is responsible for: Securely uploading user and computer group info to the WebTitan Cloud service. Redirecting all local DNS queries to your existing internal DNS servers Redirecting all external DNS queries along with metadata to WebTitan Cloud 2. The WebTitan Active Directory Agent (WADA), which is responsible for: Maintaining a list of active logon sessions, mapping an IP to a username. Securely transferring this information to the WebTitan DNS Proxy The information is gathered from 3 different sources (LDAP, Event Logger and Network sessions) a) The LDAP mechanism is gathering a list of computers in the domain and based on the lastlogon parameter will contact each computer using WMI protocol to check for active logon session and eventually get the username. Not all computers are checked, only those with lastlogon field within the range defined in the configuration (1 year by default). b) The Event Logger mechanism is listening on special event that contains information about username and IP. c) Additionally network sessions are enumerated (by default each 10 seconds) to discover active sessions. This method is important especially when there are users on the network that don t turn-off their computers for a very long time and for some reason their computers are not reachable with WMI.

3 Workflow 1. Install WebTitan DNS Proxy on either a hypervisor or on bare-metal. The WebTitan DNS Proxy will import all users and groups (currently we re only importing the users) from active directory. 2. These will then be securely transmitted to WebTitan Cloud. In return, the DNS Proxy will receive a unique user id for each user. 3. Install WebTitan Active Directory Agent (WADA) on the Active Directory Server (or on another server in the domain). WADA will user several techniques to discover who is logged on where. 4. The discovered user-ip mappings will be continuously transmitted to the WebTitan DNS Proxy. 5. All internal computers must route their DNS traffic via the WebTitan DNS Proxy. Upon receipt of a DNS query, the WebTitan DNS Proxy will check to see if it has a user associated with the source IP address of the query. The WTC user id for that user (if found) will be appended to the query as metadata along with the internal source IP address. 6. The request containing the metadata will then be forwarded onto the WebTitan Cloud server where each request can be successfully logged with user identification.

4 WebTitan DNS Proxy Once configured, WebTitan DNS Proxy collects user and group data from your directory service and at scheduled intervals securely sends it to WebTitan Cloud. It will receive a unique user id for each user which will be used to form the metadata that will be attached to all DNS queries that are routed through the WebTitan DNS Proxy. If a query is for a local domain, then the request will be forwarded to the appropriate internal DNS server. Prerequisites Before you install the WebTitan Cloud AD components, you will need to meet following requirements: VMware ESXi 4.1 or newer (alternatively may be installed on bare metal). Minimum requirements for the DNS Proxy appliance are 1 CPU core, 512MB RAM, 6GB disk space. Install DNS Proxy Appliance The following outline the steps of installing WebTitan DNS Proxy from a CD image (ISO). 1. After deploying the ISO or OVA image, you will be prompted to configure the appliance.

5 2. Keyboard Layout The Keymap Selection screen will be displayed, allowing you to select the keyboard layout that most closely represents the mapping of the keyboard attached to the system. If unsure, then use the default keymap or choose United States of America ISO-8859-1. 3. Setting the hostname The installer will prompt for the hostname to be given to the newly installed appliance. The hostname should be a fully-qualified hostname.

6 4. Confirmation to proceed Choose <Yes> to proceed. 5. Partitioning WebTitan DNS Proxy will automatically partition the disk. Choose <Commit> to proceed and partition the disk. This is the last chance for aborting installation to prevent changes to the hard drive. After verifying the integrity of the distribution files to ensure that they have not been misread from the installation media, the installer will extract the distributed files to disk. 6. Configuring the Network Interface

7 A list of all network interfaces found on the computer is shown next. Select one to be configured. The application must be configured with a static IP address and does not provide the option to configure the interface using DHCP. Static configuration of the network interface requires some IPv4 information: IP Address: The manually assigned IPv4 address to be assigned to this computer. This address must be unique and not already in use elsewhere on the local network. Subnet Mask: The subnet mask used for the local network. Typically, this is 255.255.255.0. Default Router: The IP address of the default router/gateway on this network. 7. Configuring DNS The Domain Name System (DNS) resolver converts hostnames to and from network addresses. Enter the local network s domain name in the Search field. DNS #1 and DNS #2 addresses for the local DNS servers. At least one DNS server is required.

8 8. Setting the Time Zone Setting the time zone for your application will allow it to automatically correct for any regional time changes and perform other time zone related functions properly. Select <Yes> or <No> according to how the machine s clock is configured. If you don t know whether the system uses UTC or local time, select <No> to choose the local region and country. 9. Install Packages

9 The installer will then proceed with installation of packages and perform some further installation tasks. After everything has been installed and configured, the installer will prompt to reboot into the new appliance. Select <Reboot> to reboot the computer and start the new WebTitan DNS Proxy application. Don t forget to remove the installation media, or the computer may boot from it again. 10. Completing the installation After the application has rebooted, use the displayed URL to connect your browser to the WebTitan DNS Proxy web-based user interface. The user interface will allow you to complete the configuration of you WebTitan DNS Proxy application setup. Log in with the following credentials: Administrator: admin Password: hiadmin Note: If your internet browser does not connect to the application, it is likely because the network settings are misconfigured. You can fix the configuration by logging into the console.

10 Configuring the WebTitan DNS Proxy Once logged in to the user interface you navigate to the Configuration tab to complete the configuration of the DNS Proxy appliance. Under the Network -> DNS Settings tab, you must configure the appliance to route local DNS queries to your existing DNS servers. The DNS Settings table lists those queries that should be redirected to local DNS servers for resolution. It is also possible to specify queries that should always be dropped. The table should list all internal zones (e.g. mydomain.com) and any reverse zones. For instance, if your network is 192.168.1/24, then the domain to add would be 1.168.192.in-addr.arpa. All other requests will be forwarded to WebTitan cloud for resolution. Active Directory In order for WebTitan Cloud to report on users, you must first import all your users from your active directory server. These are then securely uploaded to WebTitan Cloud, and in return unique identifiers will be returned for each user. Subsequently, when the DNS proxy receives DNS requests, if it has a username -> IP mapping (from WebTitan Active Directory Agent) for the source address of the DNS request, then these unique identifiers will be used to form the metadata which is attached to the query that is forwarded to WebTitan Cloud. Navigate to the Active Directory tab under the Configuration section to add an Active Directory Domain. Click Add and input your Active Directory Server details and save. In order to be able to synchronize users with WebTitan Cloud, you must specify your WebTitan Cloud Credentials.

11 WebTitan Active Directory Agent (WADA) The WebTitan Active Directory Agent (WADA) is responsible for discovering who is logged into what machines on your active directory network. WADA must be installed on the domain controller or on a machine from which it can communicate with: Windows Active Directory WebTitan DNS Proxy WADA Installation As Admin, launch an elevated command prompt and run WADA.msi with administrator privileges and follow the steps in installation wizard. You will be prompted to provide your WebTitan DNS Proxy hostname or IP address and port number.

12 Next you will be prompted to enter username and password for WebTitan AD Agent. This user must be a member of the Event Log Readers group and Distributed COM users group. The WADA.ini configuration file can be located at C:\ProgramData\WebtitanADAgent. The file contains the WebTitan DNS Proxy IP and looks like this: WebTitanServers is the only required parameter and may contain a list of URLs separated with, that will receive IP/users list in HTTP POST requests.

13 Other parameters are optional but maybe useful for debugging or customizing specific needs: DiscoveryThreads (default 10) - number of child threads used in the WMI discovery process, each thread connects to a computer using WMI and it is done in parallel to speed-up the initial discovery process. DiscoveryIntMin (30) - number of minutes between discoveries (LDAP queries that read list of available computers and then WMI checks). LastLogonDays (365) - max number of days of the last logon to a machine so it is checked against existing sessions with WMI, it is based on lastlogon LDAP attribute, computers with higher number of idle days will be omitted. TTLMin (60) - number of minutes after which an IP/user pair is removed from the map if the active login session wasn t found on given IP during this period (either using WMI checks, events from Event Logger or Network sessions enumerator). EnumSessIntS (10) - number of seconds between enumerating Network Sessions, note that Windows XP sessions are showing only for about 15 seconds, so don t change this setting to a higher value or you may lose some information about active logon sessions. WMICheckIntS (60) - number of seconds between single WMI check on a specific computer, this is to avoid flooding of Windows computers, so we don t hit them too often. WMIMaxCheckRetry (10) - number of retries when a WMI query to a specific computer is failing, if after this number of retries it is still failing an error is logged to a file waderror.log and the computer is not checked for active sessions with WMI unless there is some activity from other sources (Event Logger or Network Sessions). DC - name of the remote domain controller, may be used to run WADA on a different computer on the network then the Domain Controller itself. LogMinLevel Debug level. 0 = Full debugging Route all DNS traffic via the WebTitan DNS Proxy In order to report and enforce policies on user activity, all DNS traffic from all clients on the network must be routed through the WebTitan DNS Proxy. If using DHCP, then this can be easily accomplished by changing the DNS settings for DHCP. You will have to wait until client computers renew their lease before the new settings are applied, or until a user logs in.

14 If you have any questions or would like some assistance with set up, one of our engineers will be happy to help. Please contact us by email at helpdesk@webtitan.com or Tel : +1 813 501 3610 (US), +44 2037341040 (UK) or +353 91 545555 (IRL).

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information