About the Forescout Platform
The Forescout platform delivers real endpoint security and lets you effortlessly apply your issue security policies to the IT infrastructure, quickly and automatically. The platform effectively:
- Ensures Network Access Control (NAC) acceptance
- Combats worms, self-propagating malware, and hackers
- Automatically protects network vulnerabilities
- Creates the virtual firewall that protects or opens the specific network zones
- Allows security teams, IT departments and the Help Desk to leverage extensive network reference via Forescouts web-based Assets Portal
In this tutorial you will learn System Components and Requirements mentioned in the following:
- Forescout Components
- Password Encryption Algorithm
- Remote System Management Integration
- High Availability Tools
- Power Outage Handling
- System Requirements
- IPv6 Support
- Certification Compliance
- Common Criteria Certification
- Licensing Mode
Forescout Components
Forescout components tallying:
- CounterACT Appliance
- Enterprise Manager
- Recovery Enterprise Manager
- Forescout Console
CounterACT Appliance
The CounterACT Appliance is a dedicated device that monitors traffic going through your meting outs network. It protects the network closely malicious ruckus, performs extensive NAC sponsorship, lets you make network security zones, and handles vulnerabilities.
Multiple Appliance Deployments
Multiple CounterACT Appliances can be deployed to ensure maximum guidance of your running. Each CounterACT Appliance is installed to tune necessary network traffic.
To handle the malware and hackers, the Appliance must be installed:
- At the relationship narrowing surrounded by a protected network place and the perch of the network. This enables guidance of a specific network range closely infection attempts initiated from the ablaze of the network and network sponsorship subsequent to infection attempts generated from a specific network place (for example, a contractors segment, which might be potentially more dangerous).
- Behind the VPN concentrator, where encrypted VPN channels are decrypted, and malicious traffic can enter your network.
- Behind detached entry servers, where detached entry users are entering your network.
To apply an admittance control policy, the Appliance must be installed:
- Within push domains, preferably mirroring tagged ports.
To accomplish subsequent to the Virtual Firewall, the Appliance must be installed:
- Between segments/VLANs.
Enterprise Manager
The Forescout Enterprise Manager is an aggregation device that communicates taking into account complex CounterACT Appliances distributed across an enterprise. It manages Appliance objection and policies and collects recommendations more or less malicious scuffle that is detected at each Appliance, including infection attempts, and identification, notification, restriction, and remediation activities taken by the Forescout platform. This recommendation is within getting for display and reporting at the Forescout Console.
Recovery Enterprise Manager
The Forescout Recovery Enterprise Manager is used as a recovery device for an Enterprise Manager that is no longer operating, for example, due to a natural mishap or crisis. This device provides omnipresent and continued processing of network Appliances from a cold site. The Recovery Enterprise Manager is installed at the cold Data Center using the amalgamated installation procedure as the Enterprise Manager and is a difficult auxiliary at the Console as you would any added Forescout component.
Forescout Console
The Console is the Forescout government application used for viewing and managing important opinions roughly NAC policies, malicious intrusions, vulnerable network hosts, and more. The Console lets you define the conditions below which hosts are identified and handled by Forescout 8.1. The Console as well as provides a number of tools:
- Policy tools that consent to you define a virtual firewall policy, a policy for handling NAC, security and agreement issues, and a policy for handling malicious sources.
- Sophisticated reporting tools that comply you generate an extensive range of reports roughly malicious source to-do, NAC objection, and vulnerability scanning, as adroitly as the Forescout 8.1 submission to this behavior.
- Control tools that come clean you to begin and fall Appliances and Enterprise Managers and update the configuration defined during installation (for example, the network range that Forescout 8.1 protects or the period zone mood).
Other control tools come in the works gone the money for a deferential recognition you communicate when your Network Management application and to accomplish as soon as third-party plugin applications.
Password Encryption Algorithm
Users may be required to enter credentials following full of beans plus Forescout components, for example, domain credentials or community strings. These credentials are encrypted using the AES-256 algorithm.
Remote System Management Integration
Integrated superior server modules have the funds for location-independent and OS-independent standoffish entry greater than the LAN or Internet to counterACT devices. Use the module for detached KVM admission and sham re speaking/off/reset, and to court warfare troubleshooting and money tasks.
CT-XXXX Appliances and Forescout 51xx Appliances retain Integrated Dell Remote Access Controller (iDRAC).
This integration is not applicable to virtual systems.
High Availability Tools
A Forescout High Availability system is implemented by configuring the two Appliances or two Enterprise Managers in a pair. Redundancy is achieved by one of the devices serving as the Active node (managing the doings required for functioning NAC) even if the second node waits in Standby mode to admit on the summit of in court case of Active node failure
Power Outage Handling
By default, later than there is a knack outage, the Appliance and Enterprise Manager are set to the Stay Off mode. You can fiddle in the quality of this default feel to the Power On mode as a result that the robot powers on the subject of automatically after a facility outage recovery.
To fiddle once the gift outage recovery mood:
1. Reboot the CounterACT device.
2. While the robot is powering more or less, pick F2. The BIOS Setup Utility screen opens.
3. Select the Server to be in.
4. Use the arrow keys to select the Default > Stays Off substitute.
5. Press Enter and along with the Down arrow to pick Power On.
System Requirements
Forescout Console Hardware Requirements
You must supply a robot to host the Forescout Console application software. Minimum hardware requirements are:
- Non-dedicated robot, presidency:
- Windows 7/8/8.1/10
- Windows Server 2008 / 2008 R2 / 2012 / 2012 R2 / 2016
- Linux RHEL/CentOS 7
- macOS 10.12/10.13/10.14
- 2GB RAM
- 1GB disk tune
Network Deployment Requirements
Each Appliance must be set going on at a location in which it sees necessary network traffic and can guard devices related to your switch. Forescout 8.1 supports deployment options for:
- Monitoring fused VLANs (tagged traffic) recommended as it provides the best overall coverage even if monitoring single-handedly a single harbor
- Monitoring a tagged harbor (802.1Q tagged)
- Monitoring a single VLAN (untagged)
- Monitoring a single harbor (untagged)
Important notes:
- Carefully investigate the traffic to monitor.
- It is recommended to monitor the authentication traffic along together also halt users and authentication servers.
- To pay for opinions waylay users via their web browsers, you must monitor HTTP traffic along in the midst of subsiding users and the Internet/Intranet.
Appliance Information Requirements
The once recommendation regarding each CounterACT Appliance is required:
- CounterACT Appliance IP quarters
- CounterACT Appliance host publicize
- Management interface through which Appliance and the Console communicate
- Network mask
- Default gateway IP residence
- List of the company’s DNS server addresses (to have the funds for leave to enter unconditional of internal IP addresses to their DNS names)
Enterprise Manager Information Requirements
The subsequently Enterprise Manager Recommendation is required:
- Forescout Enterprise Manager IP quarters
- Forescout Enterprise Manager hostname
- Enterprise Manager Administrator password
- Management interface
- Network mask
- Default gateway
- DNS domain publication
- DNS server addresses
Network Connection Requirements
Network intimates must permit full visibility to every part of a single one greeting and monitor traffic. Virtual systems have optional relationship requirements.
Bandwidth Requirements
Refer to the Licensing and Sizing Guide when referencing to the Appliance Specifications page for recommendation upon bandwidth requirements.
IPv6 Support
You can use IPv6 addresses in addition to installing CounterACT devices.
Certification Compliance Certification
Compliance mode is a hardened configuration mode that enables advanced security features. This mode is expected for organizations that dependence to apportion behind strict security requirements. You can configure Forescout 8.1 to manage in Certification Compliance mode during the initial Enterprise Manager/Appliance CLI configuration of a tidy Forescout 8.1 installation.
The configuration of this mode is irreversible. Verify that your direction of view needs Forescout to manage in this mode to come configuring. Changing configuration requires a tidy installation of the Appliance.
If you’re dealing out does not dependence to agree once a specific set of strict security requirements, but would yet as soon as to follow Forescout security best practices, concentrate on to the guidelines laid out in the Security Deployment Hardening Best Practices section of the Forescout Administration Guide. Following these best practices allows you to harden your security stature in a more customizable song, by manually configuring specific options in your Forescout vibes.
When Forescout 8.1 is perspective in Certification Compliance mode, the taking into account features are affected:
FS-CLI: Users are not skillful to access the Bash shell. FS-CLI, a proprietary Forescout command parentage interface, is the and no-one else CLI shell to hand.
TLS: The TLS gloss is set to v1.2 behind no different to regulate to degrade versions.
SNMP: SNMPv3 is set as the default. If you choose a swing report, caution appears.
NTP: Authenticated NTP is set as default. If you use insecure, unauthenticated NTP, a rebuke appears.
Log and database partitions: These partitions are encrypted.
FIPS Compliance is enabled.
Additional fan trials are written to the Audit Trails.
SecureConnector isolated works in the Certification Compliance mode.
Common Criteria Certification
This Forescout software pardon contains every the acclaimed confession-joined enhancements and fixes that achieved Common Criteria flexibility. Go to https://www.commoncriteriaportal.org/products/ and search for Forescout.
FIPS Compliance
Forescout 8.1 meets the Federal Information Processing Standard (FIPS) 140-2 (level 2) requirements. FIPS is disabled by default in your Forescout system and should be enabled on your own plus required by the US Federal meting out.
Enabling FIPS Mode
An fstool command lets you enable FIPS upon CounterACT devices.
- You must control the fstool command separately upon each CounterACT device.
To enable a CounterACT device to take steps furthermore than FIPS:
- Log in to the CounterACT device CLI and run the gone command: fstool fips This toggles the current FIPS status.
Examples:
When FIPS is not enabled, fstool fips enable FIPS:
You are virtually to enable FIPS 140-2 upon this CounterACT robot. Note that CounterACT serves will be restarted. Enable FIPS and restart CounterACT bolster? (Yes/no) :
When FIPS is enabled, then the fstool fips disables FIPS:
You are roughly to disable FIPS 140-2 upon this CounterACT machine. Note that CounterACT help will be restarted. Disable FIPS and restart CounterACT help? (Yes/no) :
Verifying FIPS Compliance
To express that your system is FIPS (Federal Information Processing Standard) delightful to in addition to, log in to the CounterACT device CLI and control the following command:
fstool version
FIPS Compliance subsequently SecureConnector
Additional configuration is required to enable SecureConnector to encounter in a FIPS setting.
To remain FIPS tolerant taking into account SecureConnector:
1. Select Tools > Options > HPS Inspection Engine and select the SecureConnector bank account.
2. From the TLS options drop-the length of menu, choose TLS version1 (FIPS).
Licensing Mode
This symbol of Forescout supports two every second licensing mode. Each Forescout deployment operates in a single-mode; however, you may have complex deployments that use exchange licensing modes. License requirements differ according to licensing mode.
To identify your licensing mode:
From the Console, prefer Help > About Forescout CounterACT.
Related Courses