General
- The ATA Lightweight Gateway supports installation on a domain controller running Windows Server 2008 R2 SP1 , Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
- The domain controller can be a read-only domain controller (RODC)
- Before installing ATA Lightweight Gateway on a domain controller running Windows Server 2012 R2, confirm that the following update has been installed: KB2919355.
- During installation, the .Net Framework 4.6.1 is installed and might cause a reboot of the domain controller.
Server Specifications
- The ATA Lightweight Gateway requires a minimum of 2 cores and 6 GB of RAM installed on the domain controller
- or optimal performance, set the Power Optionof the ATA Lightweight Gateway to High Performance..
- virtual machine dynamic memory or any other memory ballooning feature is not supported.
Time Synchronization
- The ATA Center server, the ATA Lightweight Gateway servers, and the domain controllers must have time synchronized within five minutes of each other.
Network Adapters
- The ATA Lightweight Gateway monitors the local traffic on all of the domain controller’s network adapters.
- After deployment, you can use the ATA Console if you ever want to modify which network adapters are monitored.
- The Lightweight Gateway is not supported on domain controllers running Windows 2008 R2 with Broadcom Network Adapter Teaming enabled.
Ports
Protocol | Transport | Port | To/From | Direction |
DNS | TCP and UDP | 53 | DNS Servers | Outbound |
NTLM over RPC | TCP | 135 | All devices on the network | Outbound |
NetBIOS | UDP | 137 | All devices on the network | Outbound |
SSL | TCP | 443 | ATA Center | Outbound |
Syslog (optional) | UDP | 514 | SIEM Server | Inbound |
Netlogon (SMB, CIFS, SAM-R) | TCP and UDP | 445 | All devices on network | Outbound |
the following ports need to be open inbound on devices on the network from the ATA Lightweight Gateways.
- NTLM over RPC
- NetBIOS
- Using the Directory service user account, the ATA Lightweight Gateway queries endpoints in your organization for local admins using SAM-R (network logon) in order to build the lateral movement path graph.
- The following ports need to be open inbound on devices on the network from the ATA Gateway:
- NTLM over RPC (TCP port 135) for resolution purposes
- NetBIOS (UDP port 137) for resolution purposes
Add a Comment