Partner DemoVM LAB - Setup Instructions

Demo VM v13.0
The objective of this document is to explain, how to install and connect to a VM image of Imperva’s SecureSphere
system on a Desktop or Laptop PC. The purpose of this is to allow you to be able to fully demonstrate all of the features
and functionalities of the SecureSphere system. Imperva is providing this Partner VM Demo with the understanding that
this image will only be used for Demo purposes and will not be used for production purposes.

This environment contains demo data for every feature and functionality offered in the SecureSphere system including
WAF server groups, profiles, alerts, Web App Vulnerability scanner integration, Bot mitigation, Anti Scraping, Anti Fraud,
DAM/DBF, vulnerability assessments, DAM URM, server discovery, data discovery, FAM, File URM, File Alerts, File Audit,
SharePoint URM, SharePoint Audit, SharePoint Alerts and much, much more.

Limitations:
You will not be able to use the ‘File Explorer’ unless you have fully configured a SharePoint Server Group and have an
open, up and running SharePoint VM. SharePoint Audit will disappear and you will have to generate this yourself, this
cannot be generated from a pcap.

Initial VM Configuration Instructions:

1. Get the Latest VM image

a. Go to the Imperva FTP site at ftp-us.imperva.com. Download the following file:
/PartnerAssets/VM-Demo-Images/SecureSphere/DemoOneBox/DemoVM/SecureSphereOneBoxV13.3-v1.3/
SecureSphereOneBoxV13.3-v1.3.7z
Read the README.txt file
2. Get the latest license:
a. Go to the Imperva FTP site at ftp-us.imperva.com. Download the following file:
/PartnerAssets/VM-Demo-Images/SecureSphere/DemoOneBox/Latest_License/
SecureSphere_LicXX.0_POAll_u-1uMsTvp6Ua_XX_XX_XXXX.mprv (The “X” will have a different value)

3. Pre-requirements
a. The Desktop or Laptop that will be used for the Demo must have at least 16GB RAM and at least 50GB of
disk.
b. For better performance increase the RAM level to 32GB
c. Make sure that you have VMware Workstation version 8 or higher installed on your laptop.

4. Initial Setup
a. Install VMware Workstation V10 or higher.
b. Now to connect to the Image make sure that you have the following properly configured in the Virtual
Network Editor for VMnet1, VMnet2 and NAT
 NAT settings for default gateway

5. How to Connect to the SecureSphere Management interface

a. Unzip the VM Image file. Open VM Workstation and in the taskbar and go to ‘File’ > ‘Open’ browse to the
directory that you had unzipped the above file and choose the ‘.vmx’ file. This will now be loaded into the
Workstation.
b. Now ‘click’ to ‘Resume’ the image. This will ‘power on’ the image.
c. When it asks if the VM has been
moved or copied, It’s IMPORTANT
to SELECT “I moved it” to prevent
the MAC Address from changing.

d. Now to the bottom right hand corner, please ensure that out of the four (4) Network Adapters, that there is
only one that is actually connected.

e. Make sure the OneBox Network Adapters are configured as shown below
 Once the SecureSphere OneBox is up and running and you are able to login, you can re-enable the 3rd and 4th
NICs which are used for the bridge interfaces, if you want to set up a lab using our SuperVeda Web App
(available on the FTP server) to generate alerts. Right click on the NIC(s) and choose connect.

f. The Management NIC on the SecureSphere Image has been set to an IP of 10.255.0.97 with a subnet mask
of 255.255.255.0.

g. Please configure the Virtual Adapter Card – this is the card that should have been created when you
installed VMware Workstation. Change the IP and subnet mask to something that would allow you to
 connect to this system (unless you are in an environment where the IP conflicts with the above IP, in this
case you will need to change the IP assigned). In the example shown below I have configured the additional
NIC IP Address to 10.255.0.12.

h. You should now be able to connect to the SecureSphere OneBox, within the realm of your own desktop or
laptop at the IP address that you specified. Use ‘Putty’ to connect via SSH or use a Browser to connect at the
following address:
https://10.255.0.97:8083
Console: root/Webco123
SSH: admin/Webco123

SecureSphere GUI: admin/Webco123 or webco123

i. You can connect directly to the SecureSphere OneBox via SSH using the “admin” user account and you might
be required to change your password the first time you login with that user account:
 In version 12.0, we added the SecureSphere Shell. You will want to type “admin” and press enter. Type in
your password again.

j. To SSH to the SecureSphere OneBox using the “root” account, you have to enter this command with your IP
address, as shown in the screen shot below. The IP should be the IP of your Virtual NIC, if your VNet is “Host
Only”.
[root@vV11_5_DemoVM ~]# impctl hardening config --root-source-ip-exception=10.255.0.1

k. You can check the status of the existing SecureSphere OneBox license under Admin > Licensing. If you have
a new license to install, select Admin > Licensing > Upload New license as shown in the screenshot below.
6. Troubleshooting & Configuration Examples
a. If the VM image is crashing your environment or just hanging, disable the Bridge NICs (2nd & 3rd NICs).

b. From the CLI, the command impcfg will take you to the interactive configuration menu

c. I have experienced the following behavior – unable to SSH to the VM Image but able to connect to the GUI
via HTTPS. Run ‘netstat –an’ and see what addresses appear on the Gateway. Check the cat
/etc/ssh/sshd_config – the ‘listener’ address may not have been updated or changed.

d. If you have trouble connecting to the management NIC, execute ‘cat /etc/sysconfig/network-scripts/ifcfg-
ethx’ (look at the management NIC) and make sure that the right IP address appears in this file.
e. This command will show the Patch Level:
[root@demoVM ~]# cat /opt/SecureSphere/etc/patch_level

f. This command shows the SecureSphere OneBox and bridge status:

[root@v11-onebox ~]# impctl status

database-server configured,created,listening,running
management-server running,Ready
gateway registered,running
watchdog running

g. This command will show the GW traffic stats: cat /proc/hades/status

[root@v11-onebox ~]# cat /proc/hades/status
Global:
0 Kbps (max 0 Kbps)
0 Kbps Application (max 0 Kbps)
0 Kbps FAM (max 0 Kbps)
0 connection/sec (max 0 connection/sec)
0 overload connection/sec (max 0 connection/sec)
0 HTTP hits/sec (max 0 hits/sec)
0 WFD successful hits/sec (max 0 hits/sec)
0 SQL hits/sec (max 0 hits/sec)
0 SSL RSA handshakes/sec (max 0 hits/sec)
0 file hits/sec (max 0 hits/sec)
0 sharepoint hits/sec (max 0 hits/sec)
0 activedirectory hits/sec (max 0 hits/sec)
0 file aggregated hits/sec (max 0 hits/sec)
0 sharepoint aggregated hits/sec (max 0 hits/sec)
0 worker0 packets/sec (max 0 packets/sec)
0 worker1 packets/sec (max 0 packets/sec)

h. To enable ICMP on a GW:

▪ Edit the file /etc/sysctl.conf
▪ Scroll down to the line beginning with net.ipv4.icmp_echo_ignore_all
▪ Change the value of the line from 1 to 0
 ▪ Reboot

Kali Linux VM Setup

1) Open the Kali Linux image in VMWare
2) Under Virtual Machine settings make sure the Kali VM’s NIC in VMnet 1

3) Power on the Kali VM

4) Username: kali or root
Password: Webco123 or toor
IP: 10.255.0.50/15
5) You can use the built-in scan/attack tools to generate attacks in SecureSphere. The Kali VM will be
sitting in front of the WAF and be used to attack the SuperVeda Web App (10.255.0.100/150) behind
the bridge mode WAF.
SuperVeda VM Setup
▪ The SuperVeda VM is a Linux Server running Apache & MySQL DB (superveda_db)
▪ SuperVeda is a vulnerable online retail web app that you access through your browser
▪ OS username: root
OS Password: root12
▪ MySQL Username: root
MySQL Password: root12
▪ IP Address: 10.255.0.100
▪ WebApp: http://10.255.0.100/150

1) Open the SuperVeda VM in VMWare

2) Make sure the SuperVeda NIC is in VMnet 2 (behind the WAF).

3) Power on the SuperVeda VM

Network Diagram