Internal Network Scanning
The ability to configure and perform vulnerability scans against a single network or multiple network segments (or locations) can be accomplished by downloading and installing the Shield network vulnerability scanner within the target network location. These scans will attempt to identify vulnerabilities against the targeted IP addresses, CIDR ranges, and/or domains.
Scanner Deployment
The Shield scanner can be used for internal network vulnerability scans or discovery scans for different network locations where it can be deployed.
To install and link a dedicated Shield network scanner, users will need to do the following:
Deploy a Dedicated Shield Scanner
Users should deploy a dedicated Shield scanner (Debian GNU/Linux OS preferred) to install the Shield scanner software on to perform network-based vulnerability scans.
Execute the Shield Scanner Installation Script
Navigate to the Deployment page, within the Internal Network tab, and click into the Network-based deployment pane. Enter a location name for the scanner that is going to be deployed, copy the command out of the platform, and execute the script on the machine that has been setup.
Confirm the Scanner has been Successfully Linked
Navigate to the Settings page, under the Scanners > Shield tab and confirm that the scanner location deployed is linked to Shield.
Debian GNU/Linux OS Install (Preferred)
To install on a Debian Linux based OS, there is a single script that can be downloaded and executed to install and start the Shield service.
Minimum Recommended Specs
| Type | Specs |
|---|---|
| CPU | 4 2GHz cores |
| Memory | 8 GB RAM |
| Disk Space | 50 GB (not including space used by the host OS) |
Deployment
The consolidated Deployment page has now been configured to provided users with automated scripting to install and link scanners to the specified subscription.
To manage all of the deployments for the network-based scanners, please navigate to the Internal Network Deployment page and click into the Network-Based, insert the Location value to generate the single deployment command to install the scanner.
Once this single command is executed on the dedicated host, the Shield service (ShieldCyber.Agent.Shield) will start and the scanner will begin to initialize and install the plugins required to perform vulnerability scans. To confirm that the service is running successfully on the dedicated scanner, run the following command to view the service output:
sudo service ShieldCyber.Agent.Shield status
And the output of this command should state that the service is idle:
Once the Shield scanner is installed and the service is running, the scanner will be linked to the specified subscription. To view the connection, users can navigate to the to Settings -> Scanners to view the location and scanner that is linked to the platform.
Network Communications
Windows OS & MacOS Install
There are limitations installing the Shield scanner on Windows systems. Specifically, to run the scanner, the Windows host needs to have Docker Desktop installed which can only run on Windows workstations. Additionally, the installation process is not as automated as the Linux versions of the deployment. Users with the Windows or MacOS version of the scanner will need to install the Shield service alongside the scanner.
Dependencies
To install the Shield scanner successfully on a Mac or Windows 10/11 OS, WSL (Windows only) and Docker Desktop need to be installed and available. Once Docker Desktop is installed, make sure the Docker engine is started before attempting to install the Shield Scanner.
Install & Configure the Shield Scanner
- Download and unzip this repository: Shield Scanner
- Unzip the folder contents
- Navigate to the ShieldCyber-REST-API-main folder
- Open the example.env file within a text editor & change the
yourpasswordherevalue and save - Re-name the example.env file to .env
- Open a command prompt as administrator, and navigate to the ShieldCyber-REST-API-main folder
- Install and start the Shield scanner with the following command:
docker compose up -d