Preparing the Installation¶
Stamus Networks software can deployed as virtual machines or as Appliances or can be installed on custom hardware.
For links above 1Gpbs, Stamus Appliances are required. Below that, you can choose any of the 3 methods that fits best your environment.
Note that our Virtual Machines are Virtual Appliances, this means no complex setup, it is as easy as importing the virtual machine in your environment.
Obtaining the bits¶
If you chose to install our software on your own hardware, you will need to download our ISO files. If you chose to deploy Virtual Appliances, you can either use the ISO files for systems such as Hyper-V or directly install the available Virtual Machines for Vmware.
Both will be accessible in your customer portal at https://my.stamus-networks.com/login
Please make sure to contact support@stamus-networks.com to either request an account or set the appropriate rights for you to access the software you need.
Hardware Requirements¶
This section describes the hardware requirements for virtual machines or custom hardware.
Important
If you are installing the Stamus Central Server or the Stamus Network Probe on a custom hardware (non Stamus issued HW), it is required to have the custom HW configuration to be approved prior by Stamus Networks.
Solution |
Requirement |
Processors (CPUs) |
Memory (RAM) |
Disk size |
---|---|---|---|---|
Stamus Central Server |
Recommended |
8-12 |
32-96 GB |
1 TB - 2 TB (SSD disk) |
Stamus Central Server |
Minimum |
2 |
10 GB |
200 GB |
Stamus Network Probe |
Recommended (up to 10Gbps) |
64 |
128 GB |
2 TB |
Stamus Network Probe |
Recommended (up to 1Gbps) |
4-6 |
32 GB |
500 GB |
Stamus Network Probe |
Minimum (up to 100Mbps) |
2 |
4 GB |
200 GB |
Hint
To ensure optimal performances make sure to use high speed disks. The more speed, the better!
Important
It is highly recommended to configure the custom system with 2 disks in RAID 1 redundant storage array. Stamus Networks suggests using a dedicated hardware Raid controller for that purpose. Please refer to the server’s manufacturer documentationion for more details. For Dell systems using the iDRAC9: https://www.dell.com/support/kbdoc/en-us/000129249/dell-poweredge-how-to-create-a-virtual-disk-using-idrac-9 For Supermicro systems using SuperStorage: https://www.supermicro.com/solutions/Veeam_Configuration_Installation_Guide.pdf For other systems, consult your hardware provider’s manual.
Virtual Machines¶
If you are installing our software in a virtual environment such as Vmware, make sure that:
Stamus Network Probe has 2 network interfaces, one for management and one for sniffing the traffic (i.e. receiving a copy of the mirrored traffic).
The sniffing interface on the Network Probe is set to Promiscuous mode
The VLAN is set properly or set to 0 on sniffing NIC
Firewall rules¶
The following ports should be open and available during deployment and daily operations:
From |
To |
Protocol/Port |
Required |
Purpose |
---|---|---|---|---|
SCS |
Stamus Probes or Suricata Probes |
TCP/22 (ssh) |
Required |
SSH for management |
SCS |
DNS Resolver |
UDP/53 (dns) |
Required |
Hostnames resolution |
SCS |
ti.stamus-networks.io |
TCP/443 (https) |
Optional for closed environments |
Threat Intelligence Daily Updates |
Stamus Probes or Suricata Probes |
SCS |
TCP/5044 (lumberjack) |
Required |
Log shipping |
Stamus Probes or Suricata Probes |
SCS |
TCP/5045 (lumberjack) |
Required |
Log shipping |
Stamus Probes or Suricata Probes |
DNS Resolver |
UDP/53 (dns) |
Required |
Hostnames resolution |
User workstation |
SCS |
TCP/443 (https) |
Required |
Regular usage and configuration |
User workstation |
SCS |
TCP/22 (ssh) |
Optional |
Command line mangement |
User workstation |
Stamus Probes or Suricata Probes |
TCP/22 (ssh) |
Optional |
Command line mangement |
SCS |
Domain Controller |
TCP/389 (ldap) or TCP/636 (ldaps) |
Optional |
Users authentication |
SCS |
Splunk Indexer |
TCP/9997 |
Optional |
Send logs to Splunk |
Get your license¶
For the software to fully function you need to activate an electronic license. Instructions on how to obtain the license key are available on this page.
Network Definitions¶
In order to maximize product value, it is a good practice to identify and list your networks, subnets and critical assets. This step is optional but will help you to get faster in the product configuration after it is deployed.
For example:
10.44.1.0/24
isMarketing
10.44.2.0/24
isR&D
10.44.5.0/24
isDMZ
10.44.3.0/24
isLAN
10.44.3.15
isServer Exchange
10.44.3.139
isDomain Controller
10.44.5.44
isProxy Server
This information will be used to create your network definition once your Stamus Central Server is installed.