ATA Center Prerequisites


ATA Center Prerequisites

Before Start

  • User account and password with read access to all objects in the monitored domains.
  • Do not install Microsoft Message Analyzer on an ATA Gateway or Lightweight Gateway.
  • Recommended: User should have read-only permissions on the Deleted Objects container. This allows ATA to detect bulk deletion of objects in the domain.
  • A user account of a user who has no network activities. This account is configured as the ATA Honeytoken user. To configure the Honeytoken user, you need the SID of the user account, not the username
  • ATA can use Windows events 4776, 4732, 4733, 4728, 4729, 4756 and 4757 to further enhance ATA Pass-the-Hash, Brute Force, Modification to sensitive groups and Honey Tokens detections.

General

  • ATA Center supports installation on a server running Windows Server 2012 R2 or Windows Server 2016.
  • ATA Center can be installed on a server that is a member of a domain or workgroup.
  • Before installing ATA Center running Windows 2012 R2, confirm that the following update has been installed: KB2919355.
  • Virtual machine dynamic memory or any other memory ballooning feature is not supported.
  • If you run the ATA Center as a virtual machine, shut down the server before creating a new checkpoint to avoid potential database corruption.

Server Specification

  • When working on a physical server, the ATA database necessitates that you disableNon-uniform memory access (NUMA) in the BIOS and you have to enable Node Interleaving in order to disable NUMA.
  • For optimal performance, set the Power Optionof the ATA Center to High Performance.
  • The number of domain controllers you are monitoring and the load on each of the domain controllers dictates the server specifications needed

Time Synchronization

  • The ATA Center server, the ATA Gateway servers, and the domain controllers must have time synchronized to within five minutes of each other.

Network Adapters

  • At least one network adapter (if using physical server in VLAN environment, it is recommended to use two network adapters)
  • An IP address for communication between the ATA Center and the ATA Gateway that is encrypted using SSL on port 443. (The ATA service binds to all IP addresses that the ATA Center has on port 443.)

Ports

LDAP is required to test the credentials to be used between the ATA Gateways and the domain controllers

Protocol Transport Ports To/From Direction
SSL (ATA Communications) TCP 443 ATA Gateway Inbound
HTTP (optional) TCP 80 Company Network Inbound
HTTPS TCP 443 Company Network and ATA Gateway Inbound
SMTP (optional) TCP 25 SMTP Server Outbound
SMTPS (optional) TCP 465 SMTP Server Outbound
Syslog (optional) TCP 514 Syslog server Outbound
LDAP TCP and UDP 389 Domain controllers Outbound
LDAPS (optional) TCP 636 Domain controllers Outbound
DNS TCP and UDP 53 DNS servers Outbound
Kerberos (optional if domain joined) TCP and UDP 88 Domain controllers Outbound
Windows Time (optional if domain joined) UDP 123 Domain controllers Outbound

 

Certificate

  • To ease the installation of ATA, you can install self-signed certificates during installation.
  • Post deployment you should replace the self-signed with a certificate from an internal Certification Authority to be used by the ATA Center.
  • Make sure the ATA Center and ATA Gateways have access to your CRL distribution point.
  • The certificate must have:
    • A private key
    • A provider type of either Cryptographic Service Provider (CSP) or Key Storage Provider (KSP)
    • A public key length of 2048 bits
    • A value set for KeyEncipherment and Server Authentication usage flags
  • you can use the standard Web serveror Computer templates
  • The process of renewing an existing certificate is not supported. The only way to renew a certificate is by creating a new certificate and configuring ATA to use the new certificate.
Advertisements