Wednesday 27 July 2011

DualShield - manually switch protocol

You can select HTTP/SSL protocol when you install DualShield. Probably you install the trial version with HTTP, after trial you want to move it to production environment which needs SSL. Compared to reinstallation, it is a bit hassle to do the switch manually, but it is possible.


Please open the following files to make the change(http -> https)



  C:\Program Files\DualShield\config\appsso-metadata.xml (4 hits)
 Line 5:  entityID="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.ssoport">
 Line 7:  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 Line 20:     Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.ssoport/appsso/login"/>
 Line 24:         Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.ssoport/appsso/logout" />
  C:\Program Files\DualShield\config\appsso.properties (2 hits)
 Line 4: dasProvisioningUri=$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.provport/das5/xmlrpc
 Line 21: management_protocol=$deepnet.dualserver.protocol
  C:\Program Files\DualShield\config\ManagementConsole.xml (3 hits)
 Line 9:   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 Line 13:    Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.manageport/dmc/logout" />
 Line 17:    Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.manageport/dmc/" />
  C:\Program Files\DualShield\config\SelfServiceConsole.xml (3 hits)
 Line 9:   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 Line 13:    Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.slfsrvport/dss/logout" />
 Line 17:    Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.slfsrvport/dss/" />
  C:\Program Files\DualShield\manconsole.url (1 hits)
 Line 2: URL=$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.manageport/dmc

Also, comment out all connectors with http protocol, and uncomment the SSL connectors in the Tomcat configuration file server.xml.


 
  C:\Program Files\DualShield\tomcat\conf\server.xml (18 hits)
 Line 99:     <Connector port="$deepnet.dualserver.provport" protocol="HTTP/1.1"
 Line 105:  <Connector protocol="HTTP/1.1" SSLEnabled="true"
 Line 114:  <Connector protocol="HTTP/1.1" SSLEnabled="true"
 Line 120:  <Connector protocol="HTTP/1.1" SSLEnabled="true"
 Line 127:     <!-- A "Connector" using the shared thread pool-->
 Line 129:     <Connector executor="tomcatThreadPool"
 Line 134:     <!-- Define a SSL HTTP/1.1 Connector on port 8443
 Line 139:     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 Line 144:     <!-- Define an AJP 1.3 Connector on port 8009 -->
 Line 145:     <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
 Line 213:     <Connector port="$deepnet.dualserver.ssoport" protocol="HTTP/1.1"
 Line 217:     <Connector port="$deepnet.dualserver.ssomanport" protocol="HTTP/1.1"
 Line 222:         <Connector protocol="HTTP/1.1" SSLEnabled="true"
 Line 228:         <Connector protocol="HTTP/1.1" SSLEnabled="true"
 Line 293:     <Connector port="$deepnet.dualserver.slfsrvport" protocol="HTTP/1.1"
 Line 299:         <Connector protocol="HTTP/1.1" SSLEnabled="true"
 Line 365:     <Connector port="$deepnet.dualserver.manageport" protocol="HTTP/1.1"
 Line 371:     <Connector protocol="HTTP/1.1" SSLEnabled="true"
Posted by at No comments:

Thursday 21 July 2011

CryptoKey Registration

With Fiddler, you can see the detailed steps(registerDevice, getPolicy, getPublicKey, backupCredential) of CryptoKey Registration.


Note: "Management+Console" is a domain where the token is registered to.



POST http://192.168.222.9:8088/das5/service/Management+Console HTTP/1.1
Content-Type: text/xml
User-Agent: deepnet xmlrpc 1.0
Host: 192.168.222.9:8088
Content-Length: 555
Connection: Keep-Alive

<?xml version="1.0"?>
<methodCall><methodName>das.registerDevice</methodName>
<params><param><value><struct><member><name>loginName</name><value>mine</value></member></struct></value></param><param><value><struct><member><name>password</name><value>password</value></member></struct></value></param><param><value><struct><member><name>name</name><value>CryptoKey</value></member></struct></value></param><param><value><struct><member><name>serial</name><value>070007A9080865D813EF</value></member></struct></value></param></params></methodCall>

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml
Content-Length: 359
Date: Thu, 21 Jul 2011 09:47:33 GMT

<?xml version="1.0" encoding="ISO-8859-1"?>
<methodResponse>
 <params>
  <param>
<value><array><data><value><string>OK</string></value><value><string>Succeeded</string></value><value><struct><member><name>serial</name><value><string>070007A9080865D813EF</string></value></member></struct></value></data></array></value>
  </param>
 </params>
</methodResponse>



POST http://192.168.222.9:8088/das5/service/Management+Console HTTP/1.1
Content-Type: text/xml
User-Agent: deepnet xmlrpc 1.0
Host: 192.168.222.9:8088
Content-Length: 319
Connection: Keep-Alive

<?xml version="1.0"?>
<methodCall><methodName>das.getPolicy</methodName>
<params><param><value><struct><member><name>loginName</name><value>mine</value></member></struct></value></param><param><value><struct><member><name>name</name><value>CryptoKey</value></member></struct></value></param></params></methodCall>

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml
Content-Length: 2233
Date: Thu, 21 Jul 2011 09:47:33 GMT

<?xml version="1.0" encoding="ISO-8859-1"?>
<methodResponse>
 <params>
  <param>
<value><array><data><value><string>OK</string></value><value><struct><member><name>tokenLimit</name><value><i4>0</i4></value></member><member><name>activate</name><value><string>0</string></value></member><member><name>messageChannel</name><value><string>SMS</string></value></member><member><name>enforcePasswordPolicy</name><value><boolean>0</boolean></value></member><member><name>enforceAntivirusPolicy</name><value><boolean>0</boolean></value></member><member><name>enforceSecurityPolicy</name><value><boolean>0</boolean></value></member><member><name>enforceAntivirus</name><value><boolean>0</boolean></value></member><member><name>enforceAntivirusRT</name><value><boolean>0</boolean></value></member><member><name>passwordRecovery</name><value><string>0</string></value></member><member><name>passwordMinLen</name><value><i4>1</i4></value></member><member><name>passwordMinUpper</name><value><i4>1</i4></value></member><member><name>passwordMinLower</name><value><i4>1</i4></value></member><member><name>passwordMinNumber</name><value><i4>1</i4></value></member><member><name>passwordMinSymbol</name><value><i4>1</i4></value></member><member><name>passwordLifeTime</name><value><i4>30</i4></value></member><member><name>passwordHistory</name><value><i4>30</i4></value></member><member><name>passwordHint</name><value><boolean>1</boolean></value></member><member><name>infectedActionRealtime</name><value><string>DISINFECT</string></value></member><member><name>suspiciousActionRealtime</name><value><string>PROMPT</string></value></member><member><name>infectedActionOndemand</name><value><string>DISINFECT</string></value></member><member><name>suspiciousActionOndemand</name><value><string>PROMPT</string></value></member><member><name>antivirusAgeLock</name><value><i4>1</i4></value></member><member><name>lockdownPerm</name><value><i4>5</i4></value></member><member><name>lockdownNotify</name><value><i4>3</i4></value></member><member><name>autoLockup</name><value><i4>10</i4></value></member><member><name>autoReminder</name><value><i4>60</i4></value></member></struct></value></data></array></value>
  </param>
 </params>
</methodResponse>



POST http://192.168.222.9:8088/das5/service/Management+Console HTTP/1.1
Content-Type: text/xml
User-Agent: deepnet xmlrpc 1.0
Host: 192.168.222.9:8088
Content-Length: 335
Connection: Keep-Alive

<?xml version="1.0"?>
<methodCall><methodName>das.getPublicKey</methodName>
<params><param><value><struct><member><name>loginName</name><value>mine</value></member></struct></value></param><param><value><struct><member><name>serial</name><value>070007A9080865D813EF</value></member></struct></value></param></params></methodCall>

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml
Content-Length: 451
Date: Thu, 21 Jul 2011 09:47:33 GMT

<?xml version="1.0" encoding="ISO-8859-1"?>
<methodResponse>
 <params>
  <param>
<value><array><data><value><string>OK</string></value><value><base64>
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRSGBQZG3qnuIvUsmvAdUHj8KeLqyn5VDz
LvP018RJN8AiyUAJj9N6AW4j2OggFU1RK+WCW0iWdgwUwpGQn/EHWuNKNVBy8gQubiR1bzj3
zsO335QCg9GJpk/ykB2g/ytVhRxwb/9LQJ4S5DguuO6CQzNxcx0yqbjSE0ezsPrn8wIDAQAB

</base64></value></data></array></value>
  </param>
 </params>
</methodResponse>



POST http://192.168.222.9:8088/das5/service/Management+Console HTTP/1.1
Content-Type: text/xml
User-Agent: deepnet xmlrpc 1.0
Host: 192.168.222.9:8088
Content-Length: 560
Connection: Keep-Alive

<?xml version="1.0"?>
<methodCall><methodName>das.backupCredential</methodName>
<params><param><value><struct><member><name>loginName</name><value>mine</value></member></struct></value></param><param><value><struct><member><name>serial</name><value>070007A9080865D813EF</value></member></struct></value></param><param><value><base64>Cgcg657W6JTLdkrwMivIkbDTyZ5KlH04umjZkGl/6agE8UVUcVijkh3fMe9hsVf0QMWwohDi
Gi5zHeGyZrGVFfX8dL3lBH1JkBuu2aED9ag6a+J0x6bLoa5iieu/nFYc8V3uUXS15mgTbox1
kCbgVlXuRRAAbiNRZMaQLKe46zc=</base64></value></param></params></methodCall>

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml
Content-Length: 239
Date: Thu, 21 Jul 2011 09:47:33 GMT

<?xml version="1.0" encoding="ISO-8859-1"?>
<methodResponse>
 <params>
  <param>
<value><array><data><value><string>OK</string></value><value><string>Succeeded</string></value></data></array></value>
  </param>
 </params>
</methodResponse>
Posted by at No comments:

Wednesday 6 July 2011

Server Agent Discovery

Deepnet Windows logon client uses broadcasting technique to locate where the server agent is. In the situation which the broadcasting doesn't work, you may need to modify the registry to specify the server address(IP and port). 



HKEY_LOCAL_MACHINE\\SOFTWARE\\Deepnet Security\\Windows Logon

String value: DCAgents=x.x.x.x:port1,y.y.y.y:port2

Note: it is out of date.

Posted by at No comments:

DualShield Ports

Deepnet DualShield system involves quite a few ports, you may forget them after the installation. Don't worry, there is a summary file you can review them, it is located at the folder $INSTALL_PATH\Uninstaller, the file name is called "InstallSummary.htm"


For your convenience, here is the summary of a typical installation.



Installation Path
C:\Program Files\Deepnet DualShield
Server Configuration
Server FQDN: dualshield.deepnetsecurity.local
Use SSL: false
Certificate Path: 
Administration Port: 8070
Authentication Port: 8071
Provisioning Port: 8072
Management Console Port: 8073
SSO Logon Port: 8074
SSO Management Port: 8075
Self Service Port: 8076

Database Connection
Use the existing database: false
Database Type: mysql
Database Name: dualshield
SQL Server: localhost
SQL Port: 3306
User Name: root
Password: ********
Posted by at No comments:

Agent Registration Data

DualShield Management Console allows you to register an agent manually. All fields are self-explained except the last one - Agent Registration Data.


For SSO agent(it is very rare to register this kind of agent), you have to fill it with the correct info



-----BEGIN DUAL AGENT CONFIGURATION-----
bWFuYWdlUHJvdG9jb2w9aHR0cCxtYW5hZ2VQb3J0PTgwNzU=
-----END DUAL AGENT CONFIGURATION-----

Are you curious to know what it means? do base64 decode, the result is


-----BEGIN DUAL AGENT CONFIGURATION-----
manageProtocol=http,managePort=8075
-----END DUAL AGENT CONFIGURATION-----
Posted by at No comments:
Subscribe to: Posts (Atom)