Preparing the Installation

Stamus Networks software can deployed as virtual machines or as Appliances or can be installed on custom hardware.

For links above 1Gpbs, Stamus Appliances are required. Below that, you can choose any of the 3 methods that fits best your environment.

Note that our Virtual Machines are Virtual Appliances, this means no complex setup, it is as easy as importing the virtual machine in your environment.

Obtaining the bits

If you chose to install our software on your own hardware, you will need to download our ISO files. If you chose to deploy Virtual Appliances, you can either use the ISO files for systems such as Hyper-V or directly install the available Virtual Machines for Vmware.

Both will be accessible in your customer portal at https://my.stamus-networks.com/login

Please make sure to contact support@stamus-networks.com to either request an account or set the appropriate rights for you to access the software you need.

Hardware Requirements

This section describes the hardware requirements for virtual machines or custom hardware.

Important

If you are installing the Stamus Central Server or the Stamus Network Probe on a custom hardware (non Stamus issued HW), it is required to have the custom HW configuration to be approved prior by Stamus Networks.

Solution

Requirement

Processors (CPUs)

Memory (RAM)

Disk size

Stamus Central Server

Recommended

8-12

32-96 GB

1 TB - 2 TB (SSD disk)

Stamus Central Server

Minimum

2

10 GB

200 GB

Stamus Network Probe

Recommended (up to 10Gbps)

64

128 GB

2 TB

Stamus Network Probe

Recommended (up to 1Gbps)

4-6

32 GB

500 GB

Stamus Network Probe

Minimum (up to 100Mbps)

2

4 GB

200 GB

Hint

To ensure optimal performances make sure to use high speed disks. The more speed, the better!

Important

It is highly recommended to configure the custom system with 2 disks in RAID 1 redundant storage array. Stamus Networks suggests using a dedicated hardware Raid controller for that purpose. Please refer to the server’s manufacturer documentationion for more details. For Dell systems using the iDRAC9: https://www.dell.com/support/kbdoc/en-us/000129249/dell-poweredge-how-to-create-a-virtual-disk-using-idrac-9 For Supermicro systems using SuperStorage: https://www.supermicro.com/solutions/Veeam_Configuration_Installation_Guide.pdf For other systems, consult your hardware provider’s manual.

Virtual Machines

If you are installing our software in a virtual environment such as Vmware, make sure that:

  • Stamus Network Probe has 2 network interfaces, one for management and one for sniffing the traffic (i.e. receiving a copy of the mirrored traffic).

  • The sniffing interface on the Network Probe is set to Promiscuous mode

  • The VLAN is set properly or set to 0 on sniffing NIC

Firewall rules

The following ports should be open and available during deployment and daily operations:

From

To

Protocol/Port

Required

Purpose

SCS

Stamus Probes or Suricata Probes

TCP/22 (ssh)

Required

SSH for management

SCS

DNS Resolver

UDP/53 (dns)

Required

Hostnames resolution

SCS

ti.stamus-networks.io

TCP/443 (https)

Optional for closed environments

Threat Intelligence Daily Updates

Stamus Probes or Suricata Probes

SCS

TCP/5044 (lumberjack)

Required

Log shipping

Stamus Probes or Suricata Probes

SCS

TCP/5045 (lumberjack)

Required

Log shipping

Stamus Probes or Suricata Probes

DNS Resolver

UDP/53 (dns)

Required

Hostnames resolution

User workstation

SCS

TCP/443 (https)

Required

Regular usage and configuration

User workstation

SCS

TCP/22 (ssh)

Optional

Command line mangement

User workstation

Stamus Probes or Suricata Probes

TCP/22 (ssh)

Optional

Command line mangement

SCS

Domain Controller

TCP/389 (ldap) or TCP/636 (ldaps)

Optional

Users authentication

SCS

Splunk Indexer

TCP/9997

Optional

Send logs to Splunk

Get your license

For the software to fully function you need to activate an electronic license. Instructions on how to obtain the license key are available on this page.

Network Definitions

In order to maximize product value, it is a good practice to identify and list your networks, subnets and critical assets. This step is optional but will help you to get faster in the product configuration after it is deployed.

For example:

  • 10.44.1.0/24 is Marketing

  • 10.44.2.0/24 is R&D

  • 10.44.5.0/24 is DMZ

  • 10.44.3.0/24 is LAN

  • 10.44.3.15 is Server Exchange

  • 10.44.3.139 is Domain Controller

  • 10.44.5.44 is Proxy Server

This information will be used to create your network definition once your Stamus Central Server is installed.