LBL®Global Distributed Gateway Virtual Appliance (VAPPS hereafter) is a tool for balancing and routing traffic data at the level OSI layer 4 and OSI Layer 7 HTTP/S DNS with enhanced security WAF, DoS/DDoS/A-DDoS.
LBL®Global Distributed Gateway is a product destined for mission critical environments therefore only staff who made the course and has passed the examination is authorized to certify the installation and maintenance of products in operation. All Certified People are equipped with certificate of participation in the courses and overcoming of the exam issued by TCOGROUP SRL.
Attack Prophecy® is an advanced system for the detection and protection from attacks against web services through a set of specialized models is able to identify the anomalous requests categorizing them and therefore identifying a wide variety of attacks against web services. The system also allows the operator to inspect the reports (confirming or labeling them as legitimate) and define in a few simple steps of rules of security for web services. These security rules will then be used by LBL®WAF to ensure the security of services being monitored.
To install LBL®Global Distributed Gateway in version VAPP is sufficient to perform the download through the web site Https://download.oplon.net. The VAPP discharged contains a license to use the demo purpose/prototyping without limitation of time but with a limited capacity. It is possible to unlock the VAPP through the purchase of licenses to use at any time.
VAPPS distributed and available directly from the downloads are for the most widespread virtual platforms on the market today, other virtual images may be requested to TCOGROUP SRL via e-mail: email@example.com.
Images available directly from the site:
- VMware (with OS basic “Powered by CentOS” or “Powered by Ubuntu”)
- Microsoft Hyper-V (with OS basic “Powered by CentOS” or “Powered by Ubuntu”)
- Virtual Box (with OS basic “Powered by CentOS” or “Powered by Ubuntu”)
It is also available a VAPP destined to the development of rules and classes of rewriting LBL R9GDG Developer (on OS basic “Powered by Ubuntu”).
So that installation is supported check the compatibility matrix on the document of white papers or on the website
Vapps are arranged with the services necessary for the operation of the system LBL®S.A.A.I. Nevertheless it is possible to install additional functionality to the base operating system previously verified the coexistence of the modules with the services provided by the platform LBL®S.A.A.I.
LBL®ADC requires for each operating system only the services related to the reachability (sshd for operating systems Unix/Linux Console Windows Desktop for MS Windows Operating Systems) and Ethernet connectivity and basic networking services (TCP/IP, UDP, ICMP, multicast). Other services such as firewall email services application server etc. are not required to LBL®ADC for its operation and contribute in the use of the same resources or, as in the case of firewall, perform operations very heavy on the data traffic. In these cases all modules must be configured to obtain the maximum result from ressources and proportionate to the traffic that must support.
The import of VAPP is facilitated by the instruments of virtualizing systems. Each system virtualization provides a console to perform the operation.
Once imported the VAPP the system is ready to perform your first setup compatibly with the datacenter environment.
Note: During import it is important to take care to choose, in the different systems of virtualization, an import with regeneration of the MAC address of the virtual adapters. In this way the virtual machines will not come into conflict.
Once imported the VAPPS in virtualization system it is necessary to insert it in the operational context.
The parameters that are to be taken into consideration are the dimensional type (sizing) and the context of the existing network.
Below in a synthetic manner the parameters to be monitored prior to import and the start of the virtual instance:
- RAM memory (default 4096 MB)
- Number of CPUS (default 1 CPU *Core)
- Virtual Network Interface (default 1 VNICS)
- HDD 40GB Thin Provision
Once verified these parameters it is possible to perform the start of virtual machine.
For network settings check:
For distribution with underlying OS Ubuntu: official documentation
For distribution with underlying OS CentOS: And’ tool available from console # nmtui
After the start of virtual machine the system part in character mode for all VAPP production, in graphical mode for VAPPS development. In this document you will take into consideration the VAPP destined to the production.
To start the system will require a login and password for administrative purposes:
Login : administrator
Just typed login and password, the console will suggest available commands.
With the command lblhelp you can request a list of the available functions.
Performing lblsetup the system will require the setting of the administrator password. The VAPP is preset with the password: adminadmin
The initial configuration system has been reduced to a minimum in the console to allow a simple setting of functions with which then connect through LBL®Global Distributed Gateway where it is possible to carry out the extended configuration. By default the console running a bind on all available addresses:
The following explanation of the requests made by the console:
Management Address: (Default 0.0.0.0)
- Is the address to which you can connect from the outside with LBL®Management Console
Management port: (54443 default)
- Is the port from which it is possible to connect from the outside with LBL®Management Console
Global Distributed Gateway final port (default 4444)
- Is the port from which it is possible to connect from the outside with LBL®Global Distributed Gateway. You can change this port through the web console of the process Global Distributed Gateway.
Type LBL root username and password:
- Is the setting of the Administrator login root with sdarà which can perform from LBL®Management Console the full setup and set or delete other users
Type the primary system name and password for system delegation.
- Set the login user password delelgato primary to perform operations between multiple systems LBL®S.A.A.I. (It is recommended to set up a login is associated with a password of only the knowledge of the staff assigned to security or otherwise not available to all staff. For more information in the case of particular critical installation check the manual LBL_AutonomousDelegatedAuthentication)
Note: The setup program will automatically leave after 3 minutes from the start.
For safety reasons, we advise you to change the address, login and password with respect to the default indicated.
Once set login and password it is possible to perform the output with saving.
When changed the address or port for management, must be executed necessarily a command to restart the monitor. It is possible to carry out this operation from the console through the command:
Command lblrestart requires approximately 60 seconds to be performed. In this period of time the system LBL®S.A.A.I. is not operational.
LBL®Global Distributed Gateway is not sensitive to time differences on the nodes during the operation. Nevertheless if during operation you may change the date and time of the system some considerations could be distorted as for example calculations of time-out, lease time or considerations on dates of repository (es.: date of the version of the repository of georeferentiation).
As far as described it is therefore advisable to set the date and time of the system with values as close as possible to the current date and time. The use of the alignment using NTP is recommended.
To change the timezone is available command lbltimezone that, in dependence of the base operating system used, will have its own interface to setup or directions to make the change.
If installation with licenses to rental (rent licensing) setting the date and time are critical to the operation of the products
To change the keyboard of the console is available command lblkeyboard that, in dependence of the base operating system used, will have its own interface to setup or directions to make the change.
From the console it is possible to check the current configuration and DHCP address associated through normal Linux commands (ip addr).
The system LBL®Monitor and LBL®Global Distributed Gateways are by default set up to accept connections from all networks.
It is therefore sufficient to, check with the command “ip addr” an available address and log in from LBL®Management Console, LBL Web Console or from LBL®Global Distributed Gateway on the specified address es.:
To access the services LBL®Global Distributed Gateway type: Https://x.x.x.x:4444
(Where x.x.x.x is any address of the system if you have not changed the address 0.0.0.0 or the address you have chosen with lblsetup).
If not modified in phase of setup: login: root
The following are the conventional names of the areas used by the graphic interface to which all documentation refers.
The setup of Attack Prophecy is very simple and requires only parameterize the access rights and domains that you want to analyze.
Access through the console operating system:
– Stop Attack prophecy and the HTTP server.
# Systemctl attackprophecy stop*
# Systemctl stop httpd
– Enable the services.
# Systemctl enable attackprophecy.service
# Systemctl enable attackprophecy-collector.service
# Systemctl enable attackprophecy-detector.service
# Systemctl enable attackprophecy-detector.Timer
– Edit the file /home/prophecy/ap2/src/config.ini
* In section [MAIN] indicate the number of parallel processes to be employed for processing.
Date_dir = /home/prophecy/ap2/Date
Processes = 2
Queue_maxsize = 100
* In section [SOURCE] indicates the parameters to connect to database
Engine = mysql
Db = LBL
Ip = 127.0.0.1
User = root
Pwd = localpasswd
* In section [CACHE] Change the names of the domains to be analyzed
In domain_names Domain names to be monitored must be separated by commas. You can use the wildcard character ‘*’ if you want to monitor all traffic
Batch_size = 100000
Lbl_L7_table = L7_HTTP_HTTPS
Lbl_Rule_table = EXECUTED_RULE
# Set domain_names to the wildcar character * to monitor to requested
# Domain names
Domain_names = www.domain1.it,www.domain2.it
* In section [LBL] if necessary, change the login information for the upload
The rules to the WAF
User = administrator
Ip = 192.168.1.1
Notification_dir = /TCOProject/bin/LBL/LBL_HOME/lib/notificationDir
Ip_whitelist_fname = IP_global_White_LIST.txt
Ip_blacklist_fname = IP_global_BLACK_LIST.txt
Waf_rules_fname = WAF_rules_list.xml
Waf_rules_validator = WAF_rules_list.xsd
– Setup access to web console Attack Prophecy
Edit the file /home/prophecy/ap2/src/AttackProphecy/settings.py to insert in a list called ALLOWED_hosts the address that will be used to access the interface
ALLOWED_HOSTS = [“*”] indicates that any client address can access from each of the network interfaces are configured on the system.
– Creating a user for access to the interface Attack Prophecy:
$ cd /home/prophecy/ap2/src/
$ python2 manage.py createsuperuser
– To enable the update rules toward ADC Systems
From user prophecy
Attention: The questions of command always press Enter
$ cd /home/prophecy/.ssh
( Hereinafter the command to export the public key of the system AP toward the ADC/WAF, run the following commands to all systems that will have to update the safety rules)
$ ssh-copy-ID – id_rsa.pub firstname.lastname@example.org.XXX.XXX
$ ssh ‘email@example.com.XXX.XXX’
– As the root user, restart attack prophecy and the HTTP server:
# systemctl restart httpd
The interface will be available after first training