ATA Lightweight Gateway Prerequistes


General

  • The ATA Lightweight Gateway supports installation on a domain controller running Windows Server 2008 R2 SP1 ,Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
  • The domain controller can be a read-only domain controller (RODC)
  • Before installing ATA Lightweight Gateway on a domain controller running Windows Server 2012 R2, confirm that the following update has been installed: KB2919355.
  • During installation, the .Net Framework 4.6.1 is installed and might cause a reboot of the domain controller.

Server Specifications

  • The ATA Lightweight Gateway requires a minimum of 2 cores and 6 GB of RAM installed on the domain controller
  • or optimal performance, set the Power Optionof the ATA Lightweight Gateway to High Performance..
  • virtual machine dynamic memory or any other memory ballooning feature is not supported.

Time Synchronization

  • The ATA Center server, the ATA Lightweight Gateway servers, and the domain controllers must have time synchronized to within five minutes of each other.

Network Adapters

  • The ATA Lightweight Gateway monitors the local traffic on all of the domain controller’s network adapters.
  • After deployment, you can use the ATA Console if you ever want to modify which network adapters are monitored.
  • The Lightweight Gateway is not supported on domain controllers running Windows 2008 R2 with Broadcom Network Adapter Teaming enabled.

Ports

 

Protocol Transport Port To/From Direction
DNS TCP and UDP 53 DNS Servers Outbound
NTLM over RPC TCP 135 All devices on the network Outbound
NetBIOS UDP 137 All devices on the network Outbound
SSL TCP 443 ATA Center Outbound
Syslog (optional) UDP 514 SIEM Server Inbound
Netlogon (SMB, CIFS, SAM-R) TCP and UDP 445 All devices on network Outbound

 

the following ports need to be open inbound on devices on the network from the ATA Lightweight Gateways.

  • NTLM over RPC
  • NetBIOS
  • Using the Directory service user account, the ATA Lightweight Gateway queries endpoints in your organization for local admins using SAM-R (network logon) in order to build the lateral movement path graph.
  • The following ports need to be open inbound on devices on the network from the ATA Gateway:
    • NTLM over RPC (TCP Port 135) for resolution purposes
    • NetBIOS (UDP port 137) for resolution purposes
Advertisements