1.3. Network Requirements

The Analysis Cockpit and other systems which will have to communicate with each other, need the following ports opened within the network. For a detailed and up to date list of our update and licensing servers, please visit https://www.nextron-systems.com/hosts/.

The Analysis Cockpit requires the following open ports (incoming).

1.3.1. From Management Workstation to Analysis Cockpit

Description

Ports

Administrative Web Interface

443/tcp

Command Line Access

22/tcp

1.3.2. From Analyst Workstation to Analysis Cockpit

Description

Ports

Administrative Web Interface

443/tcp

1.3.3. From ASGARD Management Center to Analysis Cockpit

Description

Ports

Syslog Forwarding

514/tcp, 514/udp

Asset Synchronization

7443/tcp

1.3.4. From Analysis Cockpit to SIEM (optional)

Description

Ports

Syslog Forwarding

514/tcp, 514/udp

1.3.5. From Analysis Cockpit to the Internet

The Analysis Cockpit is configured to retrieve updates from the following URLs:

A proxy system should be configured to allow access to these URLs without TLS/SSL interception (Analysis Cockpit uses client-side SSL certificates for authentication). It is possible to configure a proxy server, username and password during the setup process of the Analysis Cockpit platform. It only supports BASIC authentication, not NTLM Authentication.

1.3.6. From Analysis Cockpit to Sandbox Systems (optional)

Depending on the Sandbox system and your individual configuration.

Description

Ports

Sandbox (typically)

443/tcp, 8080/tcp

1.3.7. Time Synchronization

Analysis Cockpit tries to reach the public Debian time servers by default.

Server

Port

0.debian.pool.ntp.org

123/udp

1.debian.pool.ntp.org

123/udp

2.debian.pool.ntp.org

123/udp

The NTP server configuration can be changed in the settings.

1.3.8. DNS

Analysis Cockpit needs to be able to resolve internal and external IP addresses.

Warning

Please make sure that you install your Analysis Cockpit with a domain name (see Network Configuration). If you do not set the domain name and install the ASGARD package, you will have problems connecting your ASGARD(s) to the Analysis Cockpit.

All components you install should have a proper domain name configured to avoid issues further during the configuration.

1.3.9. Internet Access during Installation

The Analysis Cockpit installer requires Internet access during the setup. The installation process will fail if required packages cannot be loaded from https://update3.nextron-systems.com

1.3.9.1. SSL/TLS Interception

The installation and update processes do not accept an unknown but valid SSL/TLS certificate presented by an intercepting entity and therefore don't support SSL/TLS interception.

Since our products are usually used in possibly compromised environments, the integrity of our software and update packages has highest priority.

1.3.10. Architecture Overview

The following image shows an architecture overview with all products and their communication relationships.

Full Architecture

Full Architecture