Preparing the Installation¶
Stamus Networks software can deployed as virtual machines or as Appliances or can be installed on custom hardware.
For links above 1Gpbs, Stamus Appliances are required. Below that, you can choose any of the 3 methods that fits best your environment.
Note that our Virtual Machines are Virtual Appliances, this means no complex setup, it is as easy as importing the virtual machine in your environment.
Obtaining the bits¶
If you chose to install our software on your own hardware, you will need to download our ISO files. If you chose to deploy Virtual Appliances, you can either use the ISO files for systems such as Hyper-V or directly install the available Virtual Machines for Vmware.
Both will be accessible in your customer portal at https://my.stamus-networks.com/login
Please make sure to contact support@stamus-networks.com to either request an account or set the appropriate rights for you to access the software you need.
Hardware Requirements¶
This section describes the hardware requirements for virtual machines or custom hardware.
Important
If you are installing the Clear NDR® Central Server or the Clear NDR® Probe on a custom hardware (non Stamus issued HW), it is required to have the custom HW configuration to be approved prior by Stamus Networks.
Solution |
Requirement |
Processors (CPUs) |
Memory (RAM) |
Disk size |
||||
|---|---|---|---|---|---|---|---|---|
Clear NDR® Central Server |
Recommended |
8-12 |
32-96 GB |
1 TB - 2 TB (SSD disk) |
||||
Clear NDR® Central Server |
Minimum |
2 |
10 GB |
200 GB |
||||
Clear NDR® Probe |
Recommended (up to 10Gbps) |
64 |
128 GB |
2 TB |
||||
Clear NDR® Probe |
Recommended (up to 1Gbps) |
4-6 |
32 GB |
500 GB |
||||
Clear NDR® Probe | Minimum (up to 100Mbps) | 2 | 4 GB | 200 GB |
||||||||
Hint
To ensure optimal performances make sure to use high speed disks. The more speed, the better!
Important
It is highly recommended to configure the custom system with 2 disks in RAID 1 redundant storage array. Stamus Networks suggests using a dedicated hardware Raid controller for that purpose. Please refer to the server’s manufacturer documentationion for more details. For Dell systems using the iDRAC9: https://www.dell.com/support/kbdoc/en-us/000129249/dell-poweredge-how-to-create-a-virtual-disk-using-idrac-9 For Supermicro systems using SuperStorage: https://www.supermicro.com/solutions/Veeam_Configuration_Installation_Guide.pdf For other systems, consult your hardware provider’s manual.
Virtual Machines¶
If you are installing our software in a virtual environment such as Vmware, make sure that:
Stamus Network Probe has 2 network interfaces, one for management and one for sniffing the traffic (i.e. receiving a copy of the mirrored traffic).
The sniffing interface on the Network Probe is set to Promiscuous mode
The VLAN is set properly or set to 0 on sniffing NIC
Firewall rules¶
The system requires some firewall rules to be set up in order to function properly.
The network flow matrix is the following and the corresponding flows should be open during deployment and daily operations:
From |
To |
Protocol/Port |
Required |
Purpose |
|---|---|---|---|---|
Clear NDR Central Server |
Stamus Probes or Suricata Probes |
TCP/22 (ssh) |
Required |
SSH for management |
Clear NDR Central Server |
DNS Resolver |
UDP/53 (dns) |
Required |
Hostnames resolution |
Clear NDR Central Server |
ti.stamus-networks.io |
TCP/443 (https) |
Optional for closed environments |
Threat Intelligence Daily Updates |
Stamus Probes or Suricata Probes |
Clear NDR Central Server |
TCP/5044 (lumberjack) |
Required |
Log shipping |
Stamus Probes or Suricata Probes |
Clear NDR Central Server |
TCP/5045 (lumberjack) |
Required |
Log shipping |
Stamus Probes or Suricata Probes |
DNS Resolver |
UDP/53 (dns) |
Required |
Hostnames resolution |
User workstation |
Clear NDR Central Server |
TCP/443 (https) |
Required |
Regular usage and configuration |
User workstation |
Clear NDR Central Server |
TCP/22 (ssh) |
Optional |
Command line mangement |
User workstation |
Stamus Probes or Suricata Probes |
TCP/22 (ssh) |
Optional |
Command line mangement |
Clear NDR Central Server |
Domain Controller |
TCP/389 (ldap) or TCP/636 (ldaps) |
Optional |
Users authentication |
Clear NDR Central Server |
Splunk Indexer |
TCP/9997 |
Optional |
Send logs to Splunk |
Get your license¶
For the software to fully function you need to activate an electronic license. Instructions on how to obtain the license key are available on this page.
Network Definitions¶
In order to maximize product value, it is a good practice to identify and list your networks, subnets and critical assets. This step is optional but will help you to get faster in the product configuration after it is deployed.
For example:
10.44.1.0/24isMarketing10.44.2.0/24isR&D10.44.5.0/24isDMZ10.44.3.0/24isLAN10.44.3.15isServer Exchange10.44.3.139isDomain Controller10.44.5.44isProxy Server
This information will be used to create your network definition once your Clear NDR® Central Server is installed.