Purpose

The purpose of this document is to provide the necessary steps to set up the sensors and join them to the Pulse service.

Introduction

This guide is has two parts. Part 1 describes how to connect the sensor to the network for scanning and monitoring, and part 2 elaborates on how to join the sensor to the Pulse subscription service.

Requirements For Subscription Service

The following are conditions and requirements for joining the sensors to the Pulse subscription service, providing continuous monitoring and advanced device threat analytics.

  1. The sensor connects to the subnet to be monitored, and its IP address is either dynamically assigned through DHCP, or assigned a static IP address that is either pre-programmed or configured locally.
  2. For sensors addressed with Dynamic Host Configuration Protocol (DHCP), you need a means of identifying the IPeither through DHCP server access, or with a network discovery tool such as Network Mapper (Nmap).
  3. The sensor requires the following outbound connection points:
    • TCP/443 to yoursubdomain.pwnieexpress.net*
    • TCP/443 to sensors.yoursubdomain.pwnieexpress.net*
    • TCP/443 to updates.pwnieexpress.com
    • TCP/443 to kalirepo.pxinfra.net
    • TCP/80 to www.openvas.org
    • TCP/873 to feed.openvas.org

           *yoursubdomainis a unique subdomain that Pwnie Express assigns.
              †Pwn Pro only.

For more information on Pulse, visit https://outpost24.com/products/wireless-security.

Part 1Connecting to Your Sensor

The instructions in this guide to connect the sensor are based on the following options:

Option A--You purchased the Pwnie Express pre-authorization and configuration service. With this option, the sensor IP address is determined in one of the following ways:

  • Dynamically assigned through DHCP the default.
  • Pre-programmed with a requested static IP address --Your sensor has been configured with data provided to Pwnie Express prior to shipment.

Option B--You did not purchase the Pwnie Express pre-authorization and configuration service. With this option, the sensor IP address is determined in one of the following ways:

  • Dynamically through DCHP (the default).
  • Locally configured with a static IP address. Follow procedures for your sensor accordingly.

Note

If your sensor has not been configured by Pwnie Express, continue to Option BLocal Programming.

Option APwnie Express Pre-authorization and Configuration Service

Your sensor arrives pre-programmed with data you provided to Pwnie Express prior to shipment. The sensor is either set to use DHCP,or programmed with the requested static IP address. Perform all the procedure sin this section, in order.

Note

When connected to the local network to be monitored, with proper outbound connectivity, the sensor automatically connects to Pulse, requiring approval only through the Pulse UI. Pwnie Express strongly recommends, however, that you complete this section for each sensor to ensure that the default password is changed and the sensor is up-to-date.

Power on and Connect the Sensor to the Network

  1. Plug in the sensor to AC power and press the power button to turn it on.
  2. Connect the sensor into the Ethernet port on the network to be monitored.
  3. On a computer connected to the same network, do one of the following:
    • Static IP address--Open a web browser and navigate to port 1443 on the sensor, using the following URL: https://x.x.x.x:1443 ...where x.x.x.xis the programmed static IP address.
    • DHCP IPaddress--Use Nmap or similar network scanning tool to identify the assigned IP address.
  4. After the IP address is identified, access the sensor at the URL specified earlier in step 3.

To connect directly to the sensor and assign a static IP, see Option BLocal Programming.

Log Into the Sensor and Change the Default Password

  1. At the prompt, log in with the default credentials:
    Username: pwnie
    Password: pwnplug8000

    The System Setup page is displayed, where red screen text informs you that the default password remains unchanged.

    System Setup
  2. Change the sensor’s default password as follows:
    1. Click the link in the warning text, and enter the current (default) password.
    2. Enter a new password.

For subsequent password changes, go to the System Setup page. click Change Password from the Common Tasks drop-down menu, and follow the on-screen instructions.

Test  Outbound Connectivity and Update Sensor

  1. Use the new password to log into System Setup again.
  2. Do one of the following:
    • If you are registering the sensor to Pulse, click Register to Pwn Pulse.
    • Otherwise, navigate to the Admin Functions page.
  3. From the Register to Pwn Pulse page, click Registration step 3 –Test connection to pulse here.

    Admin Functions
  4. On the Admin Functions page, enter the subdomain assigned to your Pulse instance by Pwnie Express, and click Test Connection!.
  5. Verify that output connection checks indicate Valid or Success. If any checks fail, ensure that the firewall is configured to allow outbound connectivity to each of the ports and domains listed in the requirements section.
  6. Update the sensor to ensure that the sensor is running the most current firmware, do the following:
    1. From the Register to Pwn Pulse page, click Registration step 4 Update sensor here.
    2. On the Admin Functions page, click Update Now.

Next Steps

To connect the sensor to Pulse, proceed to Part 2Joining Your Sensor to Pulse.

For guidance on local use of the sensor for penetration testing, consult the user manual for your sensor.

Option BLocal Programming

The Pwnie Express pre-authorization and programming service has not been ordered. The sensor will be programmed locally. Perform all the procedures in this section, in order.

Power On and Connect the Sensor to the Network

  1. Plug in the sensor to AC power and press the power button to turn it on.
  2. Do one of the following:
  3. Use an Ethernet cable to connect a computer directly to the sensor.
  4. Set a temporary local IP address of the computer to the following (the method varies by OS):
    IP address: 192.168.9.11
    Netmask: 255.255.255.0
    Default Gateway: 192.168.9.1
  5. Using computer’s web browser, navigate to port 1443 on the sensor by entering the following URL: https://192.168.9.10:1443
  6. Complete the procedure in section Log In to the Sensor and Change the Default Password.
  7. Complete the procedure in section Test Outbound Connectivity and Update Sensor.

Set the Sensor's Network Configuration Using a Static IP Address

  1. Use the new password to log into the sensor.
  2. Do one of the following:
    • If you are registering the sensor to Pulse, click Register to Pwn Pulse.
    • Otherwise, navigate to the Network Config page under Common Tasks.
  3. Set sensor’s network configuration, including static IP address, as follows:
    1. Click Registration step 2 –Confirm Network Configuration here. The Network Config page is displayed.
    2. Click the eth0 link.
    3. Under Configure eth0 Settings, select the Static Config tab.
    4. Fill out the table as required.
    5. Click Apply Static IP Settings.
  4. Unplug the direct Ethernet connection from the computer and connect the sensor directly into the network to be monitored via Ethernet.Ensure that it is connected and able to route traffic to all segments of the network to be monitored.
  5. Restore the computer’s network settings and connect to the network. Log into the sensor at the new static IP address on port 1443 by entering the following URL into a web browser: https://x.x.x.x:1443...where x.x.x.xis the programmed static IP address.
  6. Complete the procedure in section Log In to the Sensor and Change the Default Password.
  7. Complete the procedure in section Test Outbound Connectivity and Update Sensor.

Set the Sensor’s Network Configuration Using a DHCP IP Address

  1. Plug the sensor into the Ethernet port on the network to be monitored. Ensure that it is connected and able to route traffic to all segments of the network to be monitored.
  2. Determine the assigned IP address of the sensor by using Nmap or similar network scanning tool with a computer on the network. For more details, see the user manual for your sensor.
  3. Using a web browser on a computer connected to same network, navigate to port 1443 on the sensor by entering the following URL: https://x.x.x.x:1443...where x.x.x.xis the assigned IP address.
  4. Complete the procedure in section Log In to the Sensor and Change the Default Password.
  5. Complete the procedure in section Test Outbound Connectivity and Update Sensor.

Next Steps

To connect the sensor to Pulse, proceed to Part 2Joining Your Sensor to Pulse. For guidance on local use of the sensor for penetration testing, consult the user manual for your sensor.

Part 2Joining Your Sensor to Pulse

Part 2 of this guide assumes the following:

  • The Pulse subscription has been purchased.
  • The Launch Form has been filled out and sent to Pwnie Express
  • You have received your login email from Pulse.
  • Sensors have been installed and programmed as described in Part 1of this guide.

Note

If your sensors are pre-authorized by Pwnie Express, proceed to the procedure to Approve Your Sensor.

Register Your Sensor

  1. Log in to the local interface of the sensor as described in the procedure to Power On and Connect the Sensor to the Network.
  2. On the System Setup page, select Register to Pwn Pulse.
  3. Ensure that you have completed the following tasks, as described in Part 1 of this guide.
    • Change password from default.
    • Confirm network configuration.
    • Test connection to Pulse.
    • Update sensor.
  4. Under Sensor Name, enter the name for your sensor –this is typically chosen based on location, for example, Akron, OH -North Branch.
  5. For dispatch hostname and port, enter the URL for your Pulse instance provided by Pwnie Express, for example, yourbusiness.pwnieexpress.net.
  6. Enter admin contact.
  7. Click Connect to Dispatch.

Register This Sensor

Approve Your Sensor

  1. Login to Pulse at the hostname requested and assigned by Pwnie Express, for example, https://yourbusiness.pwnieexpress.net.
  2. From the Tools menu at the top of the page, select Unapproved Sensors.
    Unapproved Sensors
  3. Choose the sensor you are authorizing, and select Approve.
  4. Repeat for each sensor to be joined to Pulse.

Begin Scanning Wired and Wireless Networks

To begin scanning wired and wireless networks(it may take several minutes for services to become available following approval):

  • Wireless scanning –In Pulse, select the sensor and click Services. Start the Real-time wireless discovery service to begin Wi-Fi scanning.
  • Wired scanning–In Pulse, select the sensor and click Services. Click PwnScan automated scanner service. Devices or networks that you do not want scanned can be added to the blacklist in CIDR notation. The local_scanning targets will autopopulate. Save settings, and start the PwnScan automated scanner service.
  • Bluetooth scanning–In Pulse, select the sensor and click Services. Start the Blue Hydra Bluetooth Scanner to begin Bluetooth device discovery.

Next Steps


Note

To ensure proper operation, do not enable tasks before consulting the manual or working with the Outpost24 support team.


Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.