Coda Footprint Internal Scanner is now part of the AWS Marketplace
https://aws.amazon.com/marketplace/pp/prodview-qntaqfnnakfsw
Prerequisites:
Have a running MSP Console instance that is reachable on HTTPS from the Internal Scanner that is to be deployed.
Configure a FQDN for the MSP Console that can be resolved by the Internal Scanner.
Have IP [OSI Layer 3] reachability from the AWS Subnet where the scanner is provisioned to the future Scan Target / Destination Subnets.
Allow access from the Scanner to the Console Machine over HTTPS, TCP/15671, TCP/15672, TCP/5671, TCP/5672
Note: Restricting traffic would should inaccurate Scan Results as not all ports would be reachable
Attention: Scanning over VPN or Firewall may produce overhead and performance issues. Make sure to configure scans to run outside business hours.
Deployment:
In order to deploy an Internal Scanner in the AWS Marketplace you would need to follow the below instructions:
Connect to your AWS Management Console and choose “Launch instance”.
This would take you the the following screen:
Step 1: Browse to the search bar an look-up “Footprint Cloud Appliance”
Note that the AMI is listed under AWS Marketplace AMIs
Click “Select” and proceed to the next step.
The minimum specifications for the Footprint Cloud Appliance are 2 CPUs and 8 GB of RAM. The Recommended ones are 4 CPUs and 8(16) GB of RAM. Ideally we would want a machine with at least 4 CPUs and 16 GB of RAM for a larger Scan Surface target. So in this case we would proceed with the t3.large option.
Step 2: Choose an Instance Type
For this deployment we may choose a t3.large.
Step 3: Choose a key pair. This is optional but choosing a key pair would help future debugs if needed to connect on the SSH port
Step 4: Network Settings
Select the correct VPC and Subnet. If needed also assign a Public IP.
Make sure to assign an IP and write it down for later. Otherwise we will look for the DHCP IP after the deployment.
You would want to allow SSH and HTTP/8080 traffic from your Management Subnets or Jump Hosts. SSH is needed for troubleshooting purposes and HTTP/8080 is needed for the First Time Setup wizard to register your appliance to the console.
In terms of Subnet and VPC you may choose any of the options that provide suitable access to your future scan targets. Below values are just an example:
Make sure to allow SSH and HTTP TCP/8080 traffic inbound in order to configure the scanner. Later you may remove the ports or add restrictions to access only from your organizations source IPs.
Important: Make sure to edit the Security Group and add your own real source IPs as the default AWS is to allow access only from 1.2.3.4 Custom. You need to provision at least HTTP 8080
You will also need to allow all outbound ports for better visibility into scans. Remember to also allow access into other Security Groups from the Internal Scanners IP address in order to be able to scan other subnets.
Note: The Internal Scanner needs to be able to reach it’s Scan Targets over as many ports as the possible, but at least the well known services ports and especially the ports that you know your are using for your provisioned applications.
Step 5: “Configure Storage”
You need at least 120GB of disk according to the minimal requirements.
After going through the recommended settings you may proceed and click “Launch”
Kindly wait for the instance to finish launching.
After the process is finished you can now connect to the instance and configure the initial startup wizard.
The instance is being provisioned and when it is ready either connect from a Bastion Host o it’s Private IP or from an Elastic Public IP to it’s TCP/8080 interface using HTTP.
Remember to Edit the Security Group and allow access to the console machine or “FQDN URL” for HTTPS and TCP/15671, TCP/15672, TCP/5671, TCP/5672.
After the instance is provisioned you need to connect and assign the FQDN URL and TOKEN ID presented in the Scan Surface > Agentless Surface > Setup Scanners tab.
Add the Name, FQDN and TOKEN and press Save. Within a few minutes the scanner should change state to Online. The Internal Scanner will now pull all required updates.
Note: The scanner would need to be configured from http://<hostip>:8080 with the correct Console FQDN and Token.
Click Scan Surface > Agentless Surface > Deployed Scanners
Look for the new Internal Scanner by name and check that the State is Active to confirm that it is fully operational and can be used to add Scan Surface targets selecting this scanner.
Comments
0 comments
Please sign in to leave a comment.