Phreedom Network Assessment

In order to perform a network assessment, Phreedom needs to gather certain technical information.  This assessment will allow us to 1.) provide an overview and recommendations for your environment and 2.) create a proposal for services which closely matches your needs.

Below are the instructions for technical resource to run our non-intrusive tool to profile a typical corporate Microsoft environment.

Overview of the Discovery Process: 

In order to complete the network assessment, someone with administrative access to your Microsoft environment will need to download and run this program on a Microsoft Domain Controller.  The person running this tool should have a base understanding of network topology of the environment and access credentials to the various systems.  This program is a common tool used by many IT companies to gather technical information from a network.  It is provided by a company called Network Detective and will create an encrypted report file that Phreedom will be able to read as we have an active paid subscription to their reporting services. If you don’t have a resource that is comfortable running this tool and require assistance, a Phreedom technician perform these steps remotely with minimal assistance from a staff member with Administrative access to the server.

The Discovery Program Will:

  1. Gather an inventory of objects and policies from your Microsoft environment
  2. Perform a light network scan for non-Microsoft devices
  3. Perform an Internet bandwidth test (optional)
  4. Test Internet settings for DNS and Email
  5. Optionally check advanced settings (security, VMware, SNMP) and test the internet bandwidth.
  6. It will result in a single zip file, that you can email to us or post on your secure file share.

The Discovery Program Will NOT:

  1. Install any software nor make any changes to the environment.
  2. Gather any personal information nor copy any files off-site.
  3. Damage or affect your network in any way.

Notes:

  1. This program needs to be run on a Domain Controller with Domain Admin credentials.  This is as it queries Active Directory (AD) as well as WMI to pull detailed information about Windows workstations, including patching, antivirus and backups.
  2. Having Windows firewall active on your workstations can block the report from obtaining full information from the workstations.  If a highly accurate report is required, it is recommended to turn off Windows firewalls, or create an exception to allow the Domain Controller access to the workstations, for the windows of time that the report is running. Phreedom can assist with this temporary technical change if requested.  In some cases it may require a reboot of the windows workstations in order for the firewall change to take effect. We can create an initial proposal without this information if needed.
  3. Having  Microsoft Baseline Security Analyzer (MBSA) installed on the Domain Controller/server that is running the tool will provide additional security information, but is not required.
  4. On step 13 you can specify just the main (centralized) network ranges that should be scanned. If you have remote satellite sites (over a slower WAN link) you may want to include one remote site, as a sample of a typical environment.
  5. If you are using SNMP you may want to specify your SNMP community strings, that might give us additional information on non-ad devices but not a hard requirement as your use of SNMP seems pretty straightforward.
  6. When done, it will create a single (zip) report file in My Documents for you to email or upload to Phreedom. It is encrypted so safe to send over normal email.  Alternately you can post it in the secure share portal of your choice.

Note: If you do NOT have a Microsoft environment with a Domain Controller (server performing security and authentication) then these instructions do not apply to you.  In that case, contact your Account Manager and they will arrange for a customized technical discovery appropriate for your environment.

Instructions for Running the Tool:

Download the following program to one of your Microsoft Active Domain Controllers:

https://s3.amazonaws.com/networkdetective/download/NetworkDetectiveDataCollector.exe

When you download and run the Executable as an Administrator you will receive the following prompts.  These examples are taken from our test lab environment so some of the references and options may vary from your environment. If you are uncertain about any of the settings or run into trouble don’t hesitate to reach out to your account manager or support@phreedom.com

1.) The first step is to unzip all the files required to run the program a location of your choice.  By default this is a temp directory under AppData\Local which is a hidden directory.  If you ran the self extractor as Administrator then this is fine and you can continue with the checkbox “When done unziping: open .\RunNetworkDetective.ext” as shown here. If you did not, then you may want to cancel and re-run the zip extractor and ensure that you ran it is Administrator as it will require those privileges in order to gather the required information.

WinZip Self-Extractor

Extracting the Network Detective Data Collector

2.) Once the Data Collector starts successfully you will receive the following Prompts.  Most can be advanced with the defaults but each should be checked to make sure the program is correctly self-configured for the environment.

Scan Type:

Here we select the type of scan.  Ensure that both the Network Data Collector and the Security Data Collector are selected.

Scan Type

Selecting the Scan Type

Active Directory:

Here we set the type of network that will be scanned which is either a traditional corporate Active Directory  (AD) or a Workgroup (if no Domain Controller is available.  This will allow the discovery tool to query the AD for information such as computer and user objects, group policy, locations, security groups, password policies, etc.  These will provide significant insight into the structure and configuration of the environment without providing any sensitive “user” data or files.

Active Directory

Selecting the Network Type

Local Domains:

Here we select the local domains that will be scanned by the tool.  Most clients will see only one listing here which is their only Domain.  You can leave the radio button ALL selected unless you have a more complex environment and want to limit the scan to only certain Domains.

Local Domains

Selecting Local Domains for the Scan

Additional Credentials (optional):

For most clients, this screen can be skipped (simply click “Next”). If you have some systems which are non-standard you can use this screen to specify additional credentials to be used to pull information from those network systems.  Most clients can just leave this scree blank.

Advanced Credentials

Provide Advanced Credentials for enhanced network scanning

External Domains:

Here you can list all of your internet domains, such as mycompany.com.  This will query public records to validate domain ownership, upcoming expirations, and other items that will helpful in the report.  We do recommend you put in at least one domain here, usually the domain at the end of all employees email addresses and/or your web site.

External Domains

Query Internet Domain Names

IP Ranges:

For smaller clients with just one location, the defaults can usually be used (simply click “Next”).  For slight more complex environments (with more than one logical network) you can list all of the IP (Internet Protocol) ranges for your networks to be scanned. By default it will detect the network range that your server is on, which is adequate for most small single network environments. For larger environments, you may want to add additional networks.   We recommended adding all networks that are connected at native LAN speeds.  For remote sites that are connected via a slower WAN or Internet link, we recommend only adding the primary Class-C network for one remote site as a sample.  This is to ensure that the report runs in a timely manor and does not consume an excessive amount of bandwidth.

IP Ranges

Select the IP Ranges to scan

SNMP Information:

For most clients, the defaults can be used (simply click “Next”).  Some environments have intelligent managed devices on the network that are able to communicate using SNMP.  If you are using SNMP then you can use this screen to specify one or more SNMP community strings (passwords) that the scanner can use, in addition to the default “public” string, to try and query various systems it detects on the network.

SNMP Information

Specify SNMP community strings that should be attempted.

MBSA (optional):

For most clients, the defaults can be used (simply click “Next”) as the Microsoft Baseline Security Analyzer won’t be installed. If it is, it is safe to check both boxes to obtain that additional information. It may extend the scan time depending on the size of the environment.

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer – Usually not available

VMware (optional):

For most clients, the defaults can be used (simply click “Next”) as their may not be any VMware hosts on the network. If their are, you can enter each VMware Host (or cluster IP), along with access credentials to obtain that additional information. It may extend the scan time depending on the size of the environment.

VMware Screen

VMware Discovery Options

User Control Tests:

For most clients, the defaults can be used (simply click “Next”). These test to determine if the network/firewall allow access to non-business web sites which will be included in the report.  The outcome of this test may trigger a business discussion about what are the company policies about computer usage and what sites should be blocked for employees.

User Control Tests

Options for testing any active web content filtering

File Scanner:

For most clients, this test can be skipped (simply click “Next”).  The file scanning test can significantly extend the report run-time as it may check the actual contents of files for sensitive information and flag any suspected matches in the report.  We would typically NOT run this check as part of the discovery for a Standard Network Assessment.

File Scanner

Option to Scan Files for Personally Identifiable Information

Verify and Run:

Once all the selection have been made you are presented with the screen to confirm where to place the report file.  The default is the users Desktop that is running the scan.  This is the file that will need to be provided to Phreedom.

Verify and Run

Verify the location of the report to be created

Collection Progress:

As the scan runs, it will provide a real-time status of it’s progress as it goes through its various checks.  For a network with 40 computers (as an example) the scan might take 15-20 minutes.   That timing can vary depending on the age of the computers and the speed of the network. Please wait for the scan to complete.  If for some reason, you want the scan to end and report on just the information it was able to collect so far, you can select “Wrap It Up” and it will produce a partial report, which may still have value.

Running the Scan

Scanning Progress

Finish:

Once the scan is complete, you will see this screen which shows where the report was stored.  Once you locate the report file, simply send it to Phreedom support at sales@phreedom.com. Note the file is encrypted so is safe to email and can only be read by Phreedom’s system decryption system.

Finish

Finishing the Scan

Once the file is received by the sales team, your account manager will ensure that the file gets to a Phreedom engineer that will analyze the report, and work with the account team to prepare the technical portion of the network assessment.

In order to generate a quote, additional information will be required which in many cases can be obtained by a phone call.