1. Manuals
  2. Brands
  3. Skybox Securoty Manuals
  4. Server
  5. Appliance 8000
  6. Quick start manual

Skybox Securoty Appliance 8000 Quick Start Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Skybox Appliance 8000
Quick Start Guide
10.1.200
CentOS Linux release 7.7.1908 (Core)

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Appliance 8000 and is the answer not in the manual?

Questions and answers

Summary of Contents for Skybox Securoty Appliance 8000

  • Page 1 Skybox Appliance 8000 Quick Start Guide 10.1.200 CentOS Linux release 7.7.1908 (Core)
  • Page 2 Proprietary and Confidential to Skybox Security. © 2020 Skybox Security, Inc. All rights reserved. Due to continued product development, the information contained in this document may change without notice. The information and intellectual property contained herein are confidential and remain the exclusive intellectual property of Skybox Security.

  • Page 3: Table Of Contents

    Contents Overview ....................5 Basic architecture ..................5 Related documentation ................5 Skybox Appliance specifications ..............6 Before you open the box ................6 What’s in the box ..................6 Physical specifications ................7 Environmental specifications ..............7 MTBF estimates for Skybox Appliance ............8 Front panel ....................
  • Page 4 Skybox Appliance 8000 Quick Start Guide Installing Skybox Manager ............... 32 Upgrading Skybox Manager ..............32 Updating the operating system on Skybox Appliance ........34 ISO burning ..................36 SSH hardening ..................37 Firmware updates for Skybox Appliance ............ 38 Checking your firmware revision via the console .........

  • Page 5: Overview

    Chapter 1 Overview Skybox Appliance is a hardware solution that enables you to deploy Skybox ® without the burden of maintaining your own server. Skybox is an Automated Risk and Compliance Management (ARCM) platform ® that helps enterprise IT departments to discover and resolve potential security and compliance risks before they impact your organization.

  • Page 6: Skybox Appliance Specifications

    Chapter 2 Skybox Appliance specifications This chapter contains product specifications and packaging information for Skybox Appliance 8000. In this chapter Before you open the box ............6 What’s in the box ..............6 Physical specifications ............7 Environmental specifications ..........7 MTBF estimates for Skybox Appliance ........

  • Page 7: Physical Specifications

    Chapter 2 Skybox Appliance specifications Physical specifications The physical features of Skybox are listed in the following table. Feature Description Form factor 1U rack mount chassis Rack dimensions 1.7” x 17.25” x 28” (43.2 mm x 438.15 mm x 712 mm) (H x W x D) System weight: 27.1 lb (12.3 kg) •...

  • Page 8: Mtbf Estimates For Skybox Appliance

    MTBF estimates for Skybox Appliance The estimated mean time between failures (MTBF) and Failures in Time (FIT) for Skybox Appliance 8000 are listed in the following table. Component MTBF (hours) Estimated FIT 4” x 3.5” 12 Gb Hot Swap 9579145 Backplane –...

  • Page 9: Front Panel

    Chapter 2 Skybox Appliance specifications Front panel The Appliance front panel includes 2 USB connectors, a power button, and LEDs. Power button and LEDs Letter Feature System ID button with integrated LED NMI button (recessed; tool required for use) NIC1 activity LED System cold reset button System status LED Power button with integrated LED...

  • Page 10: Back Panel Connectors

    Skybox Appliance 8000 Quick Start Guide Color / State Description Amber / on Critical Alarm: Critical power modules failure, critical fans failure, voltage (power supply), critical temperature and voltage Amber / blinking Non-Critical Alarm: Redundant fan failure, redundant power module...

  • Page 11: Setting Up Skybox Appliance

    Chapter 3 Setting up Skybox Appliance This chapter explains how to set up Skybox Appliance. In this chapter Hardware installation ............11 Starting Skybox Appliance ........... 11 System configuration ............12 What’s next ................ 17 Hardware installation Before you start Before installing the rack mount kit, observe these safety guidelines: 1 Turn off all peripheral devices connected to Skybox Appliance.

  • Page 12: System Configuration

    Skybox Appliance 8000 Quick Start Guide 2 On the Appliance front panel, press the Power button. 3 Lock the front bezel in place using the key provided. System configuration Before running the Skybox Server, configure Skybox Appliance to be part of your network and perform initial system configuration.
  • Page 13 Chapter 3 Setting up Skybox Appliance To configure Java security on your Windows machine to work with RMM 1 From the Windows Start menu, select Configure Java. Skybox version 10.1.200...
  • Page 14 Skybox Appliance 8000 Quick Start Guide 2 In the Java Control Panel dialog box, click the Security tab. 3 In the Exception Site List field, add the URL of the RMM interface of the Appliance machine. Note: If you do not know the URL of the RMM interface, as root user on...
  • Page 15 Chapter 3 Setting up Skybox Appliance Privilege: Select Administrator. — User Status: Select Enabled. — User Name: Type the desired name. (Note: The name of the — anonymous user cannot be changed.) User Password: Type the desired password twice. — 6 When you are finished, press F10 to save and exit the configuration.
  • Page 16 Skybox Appliance 8000 Quick Start Guide 5 If you are using DHCP, run ifconfig, and note the IP address assigned to the Appliance. You need it later. Configuration via serial port To configure connection using a serial port connection 1 Connect one end of the serial cable to a serial port on the management computer;...

  • Page 17: Setting Up The Appliance For Configuration

    Chapter 3 Setting up Skybox Appliance SETTING UP THE APPLIANCE FOR CONFIGURATION To prepare for configuring the system remotely 1 From a different machine on the network, open a browser to connect to the Skybox Appliance Administration using the following URL (<Appliance IP address>...
  • Page 18 Skybox Appliance 8000 Quick Start Guide Using Skybox for change tracking You can use Skybox to track changes on firewalls. Although much change information can be collected directly from the firewalls, additional information (including a timestamp and the user who made the change) is available only from syslog change events that are sent to the syslog server in the Appliance.

  • Page 19: Configuring The Appliance

    Chapter 4 Configuring the Appliance This chapter explains how to configure the Appliance. In this chapter Configuration and management options ......... 19 Setting up network interface bonding ........21 Setting up SNMP configuration ..........23 RADIUS authentication ............23 LDAP authentication ............
  • Page 20 Skybox Appliance 8000 Quick Start Guide Pane Description System tab Date and Time Enables you to view and change the date and time in Configuration the Appliance’s time zone. Notes: If you set this information manually, set the date and •...

  • Page 21: Setting Up Network Interface Bonding

    Chapter 4 Configuring the Appliance Pane Description packlogs (ZIP) file to a local directory so that you can send the logs to Skybox Support. Skybox Manager Enables you to download Skybox Manager for installation. Setting up network interface bonding Skybox Appliances support network interface bonding for redundancy and for higher bandwidth.
  • Page 22 Skybox Appliance 8000 Quick Start Guide mode=1 (active-backup) Active-backup policy: Only a single slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond’s MAC address is externally visible on a single port (network adapter) to avoid confusing the switch.

  • Page 23: Setting Up Snmp Configuration

    Chapter 4 Configuring the Appliance Setting up SNMP configuration To use the Appliance as an SNMP Server 1 On the System tab, click SNMP. 2 Select Enable SNMP Service. 3 Set the following values: On the General tab: • System Location: Physical location of the Appliance —...

  • Page 24: Ldap Authentication

    Skybox Appliance 8000 Quick Start Guide 6 Save and close the file. 7 Open /etc/pam_radius.conf in your editor. 8 Replace 127.0.0.1 secret 1 with the relevant information for your RADIUS server. There are 3 fields per line in this file, each line representing a RADIUS server.

  • Page 25: Changing The Tls Version

    Chapter 4 Configuring the Appliance Field Description Certificates needed to certify the LDAP servers. Start each certificate on a new line. Example: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- Note: The certificates must be in PEM format. LDAP Search Base The default base DN to use for performing LDAP search operations.
  • Page 26 Skybox Appliance 8000 Quick Start Guide There are 3 possible configurations for TLS: › Default (High) Security configuration for SSL: TLS versions 1.2 and higher are enabled Supported browsers are: Firefox 27, Chrome 30, Internet Explorer 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, Java 8, and higher.
  • Page 27 Chapter 4 Configuring the Appliance # Low Security configuration for SSL. Oldest compatible clients: Windows XP IE6, Java 6. #SSLProtocol all #SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20- POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE- RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA- AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128- SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE- RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM- SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:DES-CBC3- SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH :!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP 5 Save the file. 6 Restart httpd by running: systemctl restart httpd Skybox version 10.1.200...

  • Page 28: Sending Centos Logs To A Remote Syslog Server

    Chapter 5 Sending CentOS logs to a remote syslog server To send the Appliance CentOS logs to a remote syslog server 1 On the System tab, click Syslog Server. 2 Select Send System Logs to Remote Syslog Server. 3 Fill in the remote syslog IP address and port to use, and select the protocol to use.

  • Page 29: Customizing The Syslog Server

    Chapter 6 Customizing the syslog server The syslog server in Skybox Appliance is preconfigured and is enabled by default. In this chapter Setting up TCP and UDP listeners .......... 29 How to work with syslog files ..........29 Setting up TCP and UDP listeners Skybox Appliance includes TCP and UDP listeners for the syslog server.
  • Page 30 Skybox Appliance 8000 Quick Start Guide › CHANGE_LOGS_OLD="/var/log/firewall_assurance/change_logs_old" (archive directory) › LOG_RETENTION=2 (days to keep logs) › ARCHIVE_RETENTION=3 (days to keep archives after they are saved in the archive directory) What are the log files named? A separate log is generated for each device. Log file names have the format: (New logs) <device name | IP address>_<time of creation>.log...

  • Page 31: Skybox Manager Installation

    Chapter 7 Skybox Manager Installation You can install Skybox Manager from the DVD included with Skybox or you can download it from the Skybox Appliance over HTTP using the Appliance IP address (https://<Appliance IP address>:444/manager). For additional information, Installing Skybox Manager (on page 32).

  • Page 32: Installing Skybox Manager

    Skybox Appliance 8000 Quick Start Guide Note: The use of Skybox Manager on 4K screens is not supported. Some on- screen elements do not display as expected on these screens due to limitations of Java Runtime Environment at high resolutions.
  • Page 33 Chapter 7 Skybox Manager Installation 2 Delete any other files in this directory, including any previous installation file; the directory must contain only the new installation file. Skybox version 10.1.200...

  • Page 34: Updating The Operating System On Skybox Appliance

    Chapter 8 Updating the operating system on Skybox Appliance In some cases, for example after bug fixes or security patches are released for the operating system, it might be necessary to update the CentOS operating system on your Skybox Appliance. Updates to the operating system do not affect Skybox.
  • Page 35 Chapter 8 Updating the operating system on Skybox Appliance 7 Install the update by running: sudo /bin/sh Skybox_<patch>.appliance_update The update procedure begins. 8 We recommend that, when asked where to save the files, you select either a location on the file sharing system (as opposed to on the Appliance server) or an external drive.

  • Page 36: Iso Burning

    Chapter 9 ISO burning The Appliance ISO is larger than 4 GB and does not fit on a standard DVD+R. We recommend that you use either a DVD+R DL (Dual Layer) or a flash drive if you need to burn the ISO. Note: For flash drives, we recommend using Rufus to burn the ISO (https://rufus.ie).

  • Page 37: Ssh Hardening

    Chapter 10 SSH hardening Starting in version 9.0.600, security hardening was added to prevent local users from logging in via SSH. The following lines were added to /etc/ssh/sshd_config: › AllowUsers root skyboxview › AllowGroups root skyboxview Skybox version 10.1.200...

  • Page 38: Firmware Updates For Skybox Appliance

    Chapter 11 Firmware updates for Skybox Appliance This chapter explains how to perform a firmware update for your Skybox Appliance. In this chapter Checking your firmware revision via the console ..... 38 Checking your firmware revision via RMM ......39 Preparing to update ............

  • Page 39: Checking Your Firmware Revision Via Rmm

    Chapter 11 Firmware updates for Skybox Appliance 3 Check this number against the BMC version that you see in the link for your Appliance version (in Preparing to update (on page 41)), such as the following: Checking your firmware revision via RMM Before you start Make sure that you have permission to log in to the RMM interface of the Appliance from your local machine.
  • Page 40 Skybox Appliance 8000 Quick Start Guide Important: You must know the model number for the update. 5 From the System Information tab, on the Summary page, check the firmware revision number in the field BMC FW Rev. Skybox version 10.1.200...

  • Page 41: Preparing To Update

    Chapter 11 Firmware updates for Skybox Appliance 6 Check this number against the BMC version that you see in the link for your Appliance version (in Preparing to update (on page 41)), such as the following: Preparing to update What you need to update ›...

  • Page 42: Updating Via The Console

    Skybox Appliance 8000 Quick Start Guide › To shut down the Skybox Collector, run the command service sbvcollector stop Updating via the console If you are not using RMM on your appliance, the following instructions explain how to perform the firmware update using the console.
  • Page 43 Chapter 11 Firmware updates for Skybox Appliance To update the firmware 1 Open the ZIP file and copy the entire content of the package file to the root directory of a USB flash drive. 2 Connect the USB flash drive to the back panel of the Appliance machine. 3 Make sure that no other USB is connected.
  • Page 44 Skybox Appliance 8000 Quick Start Guide 8 In the next Security Warning, select I accept... and click Run. A console window opens. 9 Log in as root. 10 Make sure that Skybox is not running on the Appliance machine before performing the update.
  • Page 45 Chapter 11 Firmware updates for Skybox Appliance 12 When the system starts, press F2 until you get the menu for booting. 13 From the menu, select Boot Manager and press <Enter>. 14 From the Boot Manager, select Launch EFI Shell and press <Enter>. Skybox version 10.1.200...
  • Page 46 Skybox Appliance 8000 Quick Start Guide After about 5 seconds, the following screen appears. 15 Press <Enter>. Skybox version 10.1.200...
  • Page 47 Chapter 11 Firmware updates for Skybox Appliance When the procedure is almost finished, the screen displays the following. 16 Wait 2 minutes and log in again to the remote console. Skybox version 10.1.200...

  • Page 48: Configuring Java For Login

    Skybox Appliance 8000 Quick Start Guide 17 Press 5 to exit the update. 18 Press any key to continue. CONFIGURING JAVA FOR LOGIN This procedure enables you to log in to the RMM interface of the Appliance machine from your local computer.
  • Page 49 Chapter 11 Firmware updates for Skybox Appliance 1 From the Windows Start menu, select Configure Java. 2 The Java Control Panel appears. Skybox version 10.1.200...
  • Page 50 Skybox Appliance 8000 Quick Start Guide 3 Click the Security tab. Skybox version 10.1.200...
  • Page 51 Chapter 11 Firmware updates for Skybox Appliance 4 Click Edit Site List. 5 Add the URL of the RMM interface of the Appliance machine. Skybox version 10.1.200...

  • Page 52: Adding Your Own Certificate

    Chapter 12 Adding your own certificate To connect to the Appliance Administration via your own certificate, add the certificate to the Apache server. Note: If you generated your own certificate using the "Generating and installing a certificate using the Java keytool" procedure in the Skybox Installation and Administration Guide, follow the directions in Exporting the Server certificate and private key from the Java keystore...

  • Page 53: Exporting The Server Certificate And Private Key From The Java Keystore

    Chapter 12 Adding your own certificate 5 Back up the file /etc/httpd/conf.d/skyboxwebadmin.conf 6 Edit /etc/httpd/conf.d/skyboxwebadmin.conf: a. Change the value of ServerName from the default (skyboxapp) to the name used in the Common Name or SAN field of your certificate. For example: ServerName www.skyboxlab.com b.
  • Page 54 Skybox Appliance 8000 Quick Start Guide a. Execute the following command: ../../thirdparty/jdk1.8.0_202a/bin/keytool -list -v -keystore server.keystore -storepass skyboxview b. Find your server certificate. Above it is the Alias name field – that’s your alias. 4 Export the server certificate from the new keystore using the following command.

  • Page 55: Restoring The Appliance To Factory Defaults

    Chapter 13 Restoring the Appliance to factory defaults The Restore Appliance DVD that comes in the Appliance package is for restoring the Appliance to factory defaults. Warning: Restoring the Appliance erases all data on the Appliance. To restore the Appliance to factory defaults 1 Insert the DVD in the DVD-ROM drive.

  • Page 56: Monitoring Snmp

    Chapter 14 Monitoring SNMP Skybox Appliance supports standard Linux OIDs. OIDs that you can monitor include: CPU load statistics › 1 minute load: .1.3.6.1.4.1.2021.10.1.3.1 › 5 minute load: .1.3.6.1.4.1.2021.10.1.3.2 › 15 minute load: .1.3.6.1.4.1.2021.10.1.3.3 CPU statistics › Percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0 ›...
  • Page 57 Chapter 14 Monitoring SNMP › Skybox Collector status: .1.3.6.1.4.1.8072.1.3.2.3.1.4.19.49.46.51.46.54.46.49.46.52.46.49.46.49.57 .55.54.56.46.50 Skybox version 10.1.200...

  • Page 58: Troubleshooting

    Chapter 15 Troubleshooting Getting version information when the Appliance Administration is not available If you need to know the version of the Appliance (the image version) and other information about the Appliance when the Appliance Administration is not available, run the get_appliance_details script from the CLI. Sample output of get_appliance_details APPLIANCE_VERSION: 8.5.103-7.1.11 CORES: 2...

  • Page 59: Wiping The Hard Disk Drive

    Chapter 16 Wiping the hard disk drive In some cases, you need to wipe the hard disk drive (HDD), completely destroying the data on it. This might be required, for example, if you are sending the Appliance back to Skybox for replacement. Caution: This procedure wipes the HDD completely.

  • Page 60: Cis Benchmarks For Centos 7

    Chapter 17 CIS benchmarks for CentOS 7 Starting from version 9.0.800, all new Skybox Appliances meet the following CIS benchmark recommendations for CentOS 7. Appliances updated to the new ISO also meet the recommendations. Recommend Scored Description ation 1.1.1.1 – Ensure that mounting of the following file systems is disabled: ...
  • Page 61 Chapter 17 CIS benchmarks for CentOS 7 Recommend Scored Description ation boot parameters Rationale: Requiring a boot password on execution of the boot loader prevents an unauthorized user from entering boot parameters or changing the boot partition. This prevents users from weakening security (for example, turning off SELinux at boot time).
  • Page 62 Skybox Appliance 8000 Quick Start Guide Recommend Scored Description ation corrupt routing and have users access a system set up by the attacker as opposed to a valid system. 3.2.1 – 3.2.3 3.2.1: Ensure that source routed packets are not accepted.
  • Page 63 Chapter 17 CIS benchmarks for CentOS 7 Recommend Scored Description ation system administrator with information associated with brute force attacks against user logins. Monitoring session information files for changes could alert a system administrator to logins occurring at unusual hours, which could indicate intruder activity (for example, a user logging in at a time when they do not normally log in).
  • Page 64 Skybox Appliance 8000 Quick Start Guide Recommend Scored Description ation Ensure that permissions on /etc/crontab are configured • • Ensure that permissions on /etc/cron.hourly are configured Ensure that permissions on /etc/cron.daily are • configured Ensure that permissions on /etc/cron.weekly are •...
  • Page 65 Chapter 17 CIS benchmarks for CentOS 7 Recommend Scored Description ation AllowGroups: The AllowGroups variable gives the system • administrator the option of permitting specific groups of users to SSH into the system. The list consists of space separated group names. Numeric group IDs are not recognized with this variable.
  • Page 66 Skybox Appliance 8000 Quick Start Guide Recommend Scored Description ation 6.1.5 – 6.1.9 Permission to user- and group-related files:  /etc/gshadow • /etc/passwd- • • /etc/shadow- • /etc/group- • /etc/gshadow- Rationale: It is critical to ensure that these files are protected from unauthorized access.

  • Page 67: Regulatory And Safety Information

    Chapter 18 Regulatory and safety information This chapter includes regulatory and safety information for Skybox Appliance 8000’s hardware. In this chapter Product regulatory compliance ..........67 Regulatory compliance markings ........... 68 Electromagnetic compatibility notices for the server board ..71 Product regulatory compliance Intended application This product is to be evaluated and certified as Information Technology...

  • Page 68: Environmental Requirements

    Skybox Appliance 8000 Quick Start Guide › BSMI CNS13438 Emissions (Taiwan) › KC Certification (Korea) ENVIRONMENTAL REQUIREMENTS Intel has a system in place to restrict the use of banned substances in accordance with worldwide regulatory requirements. A Material Declaration Data Sheet is available for Intel products.
  • Page 69 Chapter 18 Regulatory and safety information Regulatory Region Marking Compliance VCCI Marking Japan (Class A) KC Mark (Korean Korea Communications Commission) Russia Ukraine Ukraine Certification BSMI Certification Taiwan (RPC) Number & Class A Warning FCC Marking This device complies with Part 15 of the FCC (Class A) Rules.
  • Page 70 Skybox Appliance 8000 Quick Start Guide Regulatory Region Marking Compliance China Restriction China of Hazardous Substance (RoHS) Environmental Friendly Use Period Mark Recycling Package China Marks Will be added on Package label Other Recycling Internatio Package Marks Will be added on Package label...

  • Page 71: Electromagnetic Compatibility Notices For The Server Board

    Chapter 18 Regulatory and safety information Regulatory Region Marking Compliance Safety – Standby Internatio Power button Safety – Rack Internatio Load Warning Electromagnetic compatibility notices for the server board FCC Verification Statement (USA) This device complies with Part 15 of the FCC Rules. Operation is subject to two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
  • Page 72 Skybox Appliance 8000 Quick Start Guide English translation of this notice: This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled “Digital Apparatus,” ICES-003 of the Canadian Department of Communications.
  • Page 73 Chapter 18 Regulatory and safety information 1 Type of Equipment (Model Name): Model name is on KC certificate on product 2 Certification No.: Certification number is on KC certificate on product 3 Name of Certification Recipient: Intel Corporation (name is on KC certificate on product) 4 Date of Manufacturer: Refer to the date code serial number marked on product...

Table of Contents