You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>SheriffCSMInitialSetup>ConfigureNetworkInterfaces (08 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

Configure Network Interfaces

Sheriff CSM All-in-One comes with six network interfaces, numbered eth0 to eth5. Sheriff CSM uses these interfaces to perform the following functions:

  • Connect to the Internet
  • Monitor the network, using its built-in IDS capabilities
  • Run asset scans
  • Collect log data from your assets
  • Run vulnerability scansit
  • Generate network flows

Based on functionality, you can classify the interfaces into the following categories:

By default, Sheriff CSM uses the management interface to perform network monitoring, log collection, and scanning. So, for this reason, you do not need to configure any additional interfaces, as long as they are all on the same subnet as the management interface.

The management interface lets you communicate with the Sheriff console, as well as connect to the web UI.

Note: The default port for the management interface is eth0. However, you may configure a different port for this interface, if desired.

When the administrator configures an interface for network monitoring, the interface operates in passive listening mode (also known as promiscuous mode). A network tap or span is set up that allows the interface to monitor all packet traffic passing through it for threats.

Because Sheriff CSM's built-in IDS capability uses the network monitoring interface, you must dedicate at least one of the network interfaces to it.

You use the Log Collection and Scanning interface to reach the networks and systems from which you want to collect data. You also use it to scan the systems, using Sheriff CSM's built-in asset discovery, vulnerability assessment, and availability monitoring tools. Setting up this interface requires assignment of an IP address and network mask to the interface.

This is the default option for all the interfaces except the management interface. It applies to any network interface that is not in use and not configured.

Update Management Interface Configuration

You must configure the management interface immediately after deploying the Sheriff CSM virtual machine or the first time when you power on the Sheriff CSM hardware. See Set Up the Management Interface for details.

If you need to modify the management interface configuration, follow the steps below.

  1. Connect to the Sheriff Console through SSH and use your credentials to log in.

    The Sheriff Setup menu displays.

  2. Select System Preferences.

  3. Select Configure Network.

  4. Select Setup Management Network.

  5. Use the keyboard arrow keys to move to the interface, select the interface by pressing the spacebar, and then press Enter (<OK>).

  6. Type the IP address and press Enter.

  7. Type the Netmask for the network and press Enter.

  8. Type the Gateway for the network and press Enter.

  9. Press <Back> until you are on the Sheriff Setup menu again. Select Apply all Changes.

  10. Press <Yes> to confirm.

    Sheriff CSM applies the changes and restarts all the services, which may take several minutes.

Configure Additional Network Interfaces

In addition to providing network connection, the management interface on Sheriff CSM can also monitor your network and collect logs from your assets. But if you want to use a different interface with a different IP address to perform those functions, you must configure those interfaces separately.

To set up additional network interface

  1. Connect to the Sheriff Console through SSH and use your credentials to log in.

    The Sheriff Setup menu displays.

  2. Select System Preferences.

  3. Select Configure Network.

  4. Select Setup Network Interface.

  5. Use the keyboard arrow keys to move to the interface, select the interface by pressing the spacebar, and then press Enter (<OK>).

  6. Type the IP address and press Enter.

  7. Type the Netmask for the network and press Enter.

  8. Press <Back> until you are on the Sheriff Setup menu again. Select Apply all Changes.

  9. Press <Yes> to confirm.

    Sheriff CSM applies the changes and restarts all the services, which may take several minutes.

Enable Additional Listening Interfaces

If you want to use different interfaces to monitor network traffic but do not want to assign IP addresses to them, you can enable them in promiscuous mode.

To enable additional listening interfaces on Sheriff CSM All-in-One or Sheriff CSM Sensor

  1. Connect to the Sheriff Console through SSH and use your credentials to log in.

    The Sheriff Setup menu displays.

  2. Select Configure Sensor.

  3. Select Configure Network Monitoring.

  4. Use the keyboard arrow keys to move to the interface, select the interface by pressing the spacebar, and then press Enter (<OK>).

  5. Press <Back> until you are on the Sheriff Setup menu again. Select Apply all Changes.

  6. Press <Yes> to confirm.

    Sheriff CSM applies the changes and restarts all the services, which may take several minutes.

Edit  | Attach | Print version | History: r17 < r16 < r15 < r14 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r17 - 08 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.