Document Version: 2.7

Date: 2020-12-10


Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Introduction

This document provides users with a comprehensive overview of the server settings for HIAB. This document has been elaborated under the assumption the reader has access to the HIAB Account and Graphical User Interface.


Getting Started

To connect to a HIAB, use the assigned network address.

Note

Use HTTPS protocol.

Login HIAB

Log in using your credentials.


Server Settings

The HIAB comes with a variety of settings which are available under Main Menu > Settings > Server. In Server Settings it is possible to change:

  • Network specific settings
  • Information of different servers
  • Connections to a LDAP/AD server

Network 

In the Network tab, the network specific settings for the HIAB can be changed.


HIABServSet01

Right clicking a network interface will presents the following options:

  • Activate/Deactivate
  • Add VLAN
  • Add bond
  • Add Ethernet
  • Delete
  • Edit


Activate/Deactivate
Right click a network device to Activate or Deactivate it. Shows different option depending on the state.

Add VLAN
Same as using Add VLAN in the top of the window. Displays the Add connection window.


HIABServSet02

Options

Description

Name

Name of the VLAN.

Device

Device name of the VLAN.

Parent

Define the parent for the VLAN (Drop down menu where you can choose between already created interfaces).

ID

ID for the VLAN.

Autoactivate

Define if this interface should be automatically activated.

IPv4

Define IPv4 options such as

  • Type: Auto, Manual, Link-Local, Shared, Disabled
  • Addresses
  • DNS
  • Search Domain
  • Default Gateway
  • Routes
  • Not default route

Note

Multiple DNS servers must be added comma separated. 

IPv6

Define IPv6 options such as

  • Type: Auto, Manual, Link-Local, Shared, Disabled
  • Addresses
  • DNS
  • Search Domain
  • Default Gateway
  • Routes
  • Not default route

Note

Multiple DNS servers must be added comma separated. 

Note

Only three DNS servers can be used totally across all connections. More servers results in a random selection of the listed servers.


Add bond
Same as using Add bond in the top of the window. Displays the Add connection window.


HIABServSet03


Options

Description

Name

Name of the bond.

Device

Device name of the bond.

Autoactivate

Define if this interface should be automatically activated.

Mode

Choose how the network packages should be sent out to the slave devices.

  • Round Robin
  • Active Backup
  • XOR
  • Broadcast
  • 802.3ad
  • Adaptive Transmit Load Balancing
  • Adaptive Load Balancing

Primary

Only configurable for Active Backup mode. Choose which interface to be the primary device.

Monitor frequency

Enter how often monitoring should occur, in milliseconds, to verify if the interface is active.

ARP target

Define the target IP address of ARP requests.

Link up delay

Specify how long to wait before enabling the link in milliseconds.

Link down delay

Specify how long to wait after link failure before disabling the link in milliseconds.

Slave

Define the slave devices for the bond.

IPv4

Define IPv4 options such as

  • Type: Auto, Manual, Link-Local, Shared, Disabled
  • Addresses
  • DNS
  • Search Domain
  • Default Gateway
  • Routes
  • Not default route

Note

Multiple DNS servers must be added comma separated. 

IPv6

Define IPv6 options such as

  • Type: Auto, Manual, Link-Local, Shared, Disabled
  • Addresses
  • DNS
  • Search Domain
  • Default Gateway
  • Routes
  • Not default route

Note

Multiple DNS servers must be added comma separated. 




Add Ethernet
Same as using Add ethernet in the top of the window. Displays the Add connection window.


HIABServSet04


OptionsDescription
NameName of Ethernet interface.
DeviceChoose which device to enable.

Cloned MAC

Enter the MAC address of the interface.
MTUSpecify the Maximum Transfer Unit of the interface.
Autoactive

Define if this interface should be automatically activated.

IPv4

Define IPv4 options such as:

  • Type: Auto, Manual, Link-Local, Shared, Disabled
  • Addresses
  • DNS
  • Search Domain
  • Default Gateway
  • Routes
  • Not Default route

Note

Multiple DNS servers must be added comma separated. 

IPv6

Define IPv6 options such as:

  • Type: Auto, Manual, Link-Local, Shared, Disabled
  • Addresses
  • DNS
  • Search Domain
  • Default Gateway
  • Routes
  • Not Default route

Note

Multiple DNS servers must be added comma separated. 


Delete
Removes the selected entry.


Edit
Edit the selected entry.

Servers 

In the Servers tab, the information related to different servers can be configured and changed.


HIABServSet05

NTP

In the NTP field, click New to add NTP hosts.
The following options are configurable for NTP:


HIABServSet06


Options

Description

Type

Choose between:

  • Server
  • Pool

NTP host

The host of the NTP server.

Iburst

  • Enable (Checked)
  • Disable (Unchecked)


SMTP

The following options are configurable for SMTP:

Options

Description

SMTP Relay Host

The hosts which the SMTP relay resides on. The relay host can be configured with its port.

Example: mail.host.tld:587

Username

Define the username which is in use for authentication against the SMTP server.

Password

Define the password which is in use for authentication against the SMTP server.


WINS Servers

The following options are configurable for WINS Servers:

Options

Description

Primary

The primary host of the WINS server.

Secondary

The secondary host of the WINS server.


Proxy

The following options are configurable for Proxy:

Options

Description

Server Type

Define the server type of the proxy, choose between:

  • None
  • HTTP/HTTPS
  • Socks4
  • Socks4a
  • Socks5

Proxy Server

Define the proxy server.

Proxy Port

Define the port for which you connect to the proxy server.

Username

Define the username which is in use for authentication against the proxy server.

Password

Define the password which is in use for authentication against the proxy server.

Note

The following actions will utilize the proxy:

  • HIAB software updates from OUTSCAN.
  • Scanner-Scheduler communication, which can be independently toggleable.
  • Communication with OUTSCAN which includes license, rule updates and scan distribution.
  • Remote support, attempts to connect directly if proxy doesn't work.


Bandwidth Limiting

The Bandwidth Limiting grid is used to limit the bandwidth used to different networks.

Note

Bandwidth limit settings must be set on the HIAB performing the scanning in a Distributed environment.


HIABServSet07


New
opens the Maintaining Bandwidth Limit window where the bandwidth limit can be configured with the following options:

HIABServSet08


Options

Description

Network (CIDR)

Define the network range for the bandwidth limit.

Limit (kbit)

The limit on how much bandwidth the HIAB can use in kbit.


Delete removes the selected entry in the Bandwidth Limiting Grid.

Certificate 

In the Certificate tab the SSL certificates can be maintained, allowing secure communication with the HIAB over the HTTPS protocol.
The needed files can be uploaded for setting up the HIAB to authenticate itself correctly, with proper validation.

Supported key formats are RSA[1] and PKCS #8[2].


HIABServSet09


To successfully upload the certificate, 

Options

Description

Certificate

Upload the certificate which you have received from your Certificate Authorities (CA).

Note

The uploaded .crt or .pem file must start with a ---BEGIN CERTIFICATE--- marker.

Key pair

Upload only the private key associated with the public key present in the certificate.

Note

The uploaded key must not be password protected.

CA Certificate (Optional)

Upload the CA Certificate file containing the whole certificate chain to validate the certificate.


In the lower right corner, there are three buttons:

  • Create CSR – Creates new certificate.
  • Revert – Reverts to the default certificate.
  • Save – Saves the new certificate.



By clicking the Create CSR button, the Create CSR window is displayed, allowing you to create a private key file and a Certificate Signing Request (CSR) file using 4096-bit RSA encryption. The following options are configurable when creating the CSR:


HIABServSet10


Options

Description

Subject Alternative Name

The additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate.

Common Name

Define the domain name.

Organization Unit

The division of the organization handling the certificate.

Organization Name

The legal name of the organization.

Location

The city where the organization is located.

State

The state/region where the organization is located.

Country

The two-letter ISO code for the country where the organization is located.


Remote 

In the Remote tab the remote SSH access to the HIAB console can be maintained.


HIABServSet11

Settings 

In the settings grid, you can choose if whether to allow remote SSH connections to the HIAB console, and if the SSH daemon should be limited only to listen to a specific interface.

Allowed SSH Keys 

The remote SSH access to the HIAB console requires valid SSH keys for authentication. The keys listed in the SSH Key Grid are valid for authentication.
Note that if HIAB pingable is set to OFF in the console, remote SSH access to the HIAB console is not possible. To enable the SSH access, open the HIAB console and press w Configure UI management interface followed by p Toggle pingable for the desired interface.
It is possible to disable or enable columns in the SSH Key Grid.


HIABServSet12


Options

Description

IP address

Displays if the key is limited to an IP address.

Key Type

The format of the SSH Key (RSA, DSA).

Mode

Displays mode (Console).

Name

Custom name.

SSH Key

SSH Key data.


New opens the Maintaining Remote SSH Key window where a new key can be created:


HIABServSet13


Options

Description

From IP address

Limit from what IP address a key can be used for authentication.

Name

Give the Key a custom name.

SSH Key

SSH Key data.


Upload displays a new window where an existing key be uploaded.

Tools 

The Tools tab gives you the opportunity to perform network commands while troubleshooting network issues.


HIABServSet14


Options

Description

Target

The target host that you wish to test with the selected tool.

Ping

Send PING requests to the defined target.

Traceroute

Perform UDP traceroute to the defined target.

TCP traceroute

Perform TCP traceroute to the defined target.

Port

Port number for the TCP traceroute. Not available for Ping and UDP traceroute.

Examples

Ping
/usr/bin/ping -c3 <hostname>
/usr/bin/ping6 -c3 <hostname>

Traceroute
/usr/bin/traceroute [-T -p <port>] <hostname>
/usr/bin/traceroute6 [-T -p <port>] <hostname>


Note

The traceroute and ping commands are sent from the appliance they are executed on, in other words, this traffic is not routed through any scanner.


All results from the various troubleshooting tools is displayed in the Results field.

Hosts 

The Hosts tab gives you the opportunity to add host names which resolves the defined IP address when performing scans.
Note: Click Save in the lower right corner to update the list permanently.


New opens the Add Host window where following options can be defined:


HIABServSet15


Options

Description

IP Address

Define the IP address.

Host Name

Define the host name.


Delete removes the selected entry from the list.

Access Control 

The Access Control tab is used to limit the IP addresses that can access the Graphical User Interface.
To restrict the use, enter the IP address range which have access to the HIAB Graphical User Interface, make sure that the machine from which the Administrator is entering the IP range is a part of the allowed IP range.
Correct IP ranges is a requirement to prevent any unwarranted denial of access. 

Status 

The Status tab shows status for the Scheduler and distributed scanners.


HIABServSet16

Management 

The Management tab allows you to remotely access the Graphical User Interface of another HIAB, if the two HIAB can communicate.


HIABServSet17


New opens the Edit Hiab Management window where the options for the remote HIAB can be configured:


HIABServSet18


Options

Description

Name

Name of the remote HIAB.

Address

IP address of the remote HIAB.

Port

Port the communication will talk over.

Token

App Token generated within the remote HIAB.


Delete removes the selected entry.


Reference

  1. RSA
  2. PKCS #8