/cset

Cybersecurity Evaluation Tool

Primary LanguageTSQLMIT LicenseMIT

CSET 9.2.1

Total alerts Language grade: C# Language grade: JavaScript

Download Windows Installer CSET 9.2.1 StandAlone Installer


File Checksum Integrity Verifier version 2.05. csetstandalone.exe
MD5 e486deb49f16c29bdd04bb7273985f66 SHA-1 ac1515ccd6b9d19ee8ef84d6090346dbadd548bb

License

MIT License, Apache License 2.0

Copyright 2018 Battelle Energy Alliance, LLC

See License.txt, NOTICE.txt

Contact information of authors: cset@hq.dhs.gov

Idaho National Laboratory, P.O. Box 1625, MS 3870, Idaho Falls, ID 83415

Includes software licensed under LGPL

LGPL dependencies are required to build CSET. You will be required to aquire them via nuGet in order to build this software. They are not distributed with this source.

This application uses Hangfire software as a nuGet dependency.

Using the CSET Stand-alone Installer

Double-click on the CSETStandAlone program.

The User Account Control dialogue will come up (Fig.1). Select "Yes".

Figure 1: User Account Control box

A CSET 9.2.1 dialogue will open asking if you want to install CSET 9.2.1 Desktop (Fig.2). Select "Yes".

Figure 2: Install dialogue

The program will begin extracting.

After extracting a CSET 9.2.1 Setup dialogue will open (Fig.3). Select "Install".

Figure 3. CSET Setup

CSET will begin to install. If the user doesn't have IIS 10.0 Express, CSET will install it. The IIS 10.0 Express Setup dialogue will open (Fig.4). Click the check box to confirm that you "…accept the terms in the License Agreement", and then select "Install".

Figure 4. IIS Setup

IIS will install. Select "Finish" when it completes.

The CSET 9.2.1 Setup Wizard will open to walk the user through the install process (Fig.5). Select "Next".

Figure 5: Setup Wizard

A disclaimer will open (Fig.6). Read through and then click the box "I read the disclaimer", and select "next".

Figure 6: Disclaimer

CSET will choose a default folder to install CSET 9.2.1 to, but you can change this in the Destination Folder dialogue (Fig.7). Select "Next".

Figure 7: Destination Folder

The CSET Installer will show that it is ready to install (Fig. 8), select "Install".

Figure 8: Ready to Install

CSET 9.2.0 will be installed. Make sure that the "Launch CSET 9.2.1 when setup exists" box is checked, and select "Finish".

The user should see a setup successful dialogue (Fig.9), and then have an option of how they want to open the app. For this example, Edge was used.

Figure 9: Setup Successful

The user has access to CSET 9.2.1 as Local User. The Local Installation ribbon is visible at the top of the screen. They can see their landing page with no assessments at this time (Fig.10).

Figure 10: Local Install Landing Page

CSET 9.2.1 Enterprise Installation Instructions

Overview

This guide will detail the procedure for installing the latest version of the Cyber Security Evaluation Tool (CSET 9.2.0) in a web-based configuration on a Microsoft Windows Server 2016 instance running Microsoft SQL Server 2016.

Prerequisites

In order to configure the CSET Database, an instance of Microsoft SQL Server Management Studio (SSMS) which is able to connect to the server instance will be required.

You will also need to obtain the latest CSET distribution source tree, and build it. (see build.sh for an example of how to build, or build in Microsoft Visual Studio and NPM).

Note

For the purposes of this document, a Windows Server 2016 instance, running inside a VMWare Workstation Pro 14 virtual machine will be used. The same VM will be running the database and the web server.

In order to host the database and web server on separate machines, the procedure given in this document will need to be modified accordingly, and extra care will be required in configuration steps (e.g.: the Web.config file will need to be edited to refer to the SQL Server machine, instead of localhost).

For other configurations, please refer to the applicable documentation from the relevant operating system and software vendors.

Installation Steps

IIS Setup

CSET is deployed as an IIS website. We will now install and configure the IIS Web Server for CSET deployment.

  • left click on "Add roles and features (button)" in "Server Manager"
  • select "Role-based or feature-based installation" and continue
  • select the "Web Server (IIS)" checkbox on the Server Roles list
  • expand the "Web Server (IIS)" list item, the "Web Server" list item, and the "Application Development" list item
  • select the ASP.NET 4.6 checkbox and continue
  • expand ".NET Framework 4.6 Features" list item on the Features list
  • select the "ASP.NET 4.6" checkbox and continue
  • select the "HTTP Redirection" checkbox in the Role Services list and continue
  • complete the installation

SQL Server Installation

CSET requires a SQL Server database. In this document, we will install a new SQL Server instance on the Windows Server, and configure it for CSET. If a SQL Server instance already exists, skip this section, and continue to Additional Dependencies. Ensure you have administrative access and privileges on the database.

  • Insert the SQL Server disk, or mount the disk image and run Setup.exe
  • Click the "Installation" link on the navigation pane on the left
  • Click the "New SQL Server stand-alone installation or add features to an existing installation" link
  • Enter your product key and continue, accepting the license terms
  • At the Feature Selection screen, select the "Database Engine Services" checkbox on the Features list and continue
  • At the Database Engine Configuration screen, select the "Mixed Mode (SQL Server authentication and Windows authentication)" radio button
  • Enter (and confirm) a password for the server administrator (sa) account
    • Take note of this password. It will be required in a later step
  • Click the "Add Current User" button and continue when the user information appears in the text box
    • It may take a few moments for the user information to appear in the text box
  • Complete the installation

Additional Dependencies

There is some additional software required by CSET. We will now install this software.

The software required is the Microsoft URL Rewrite Module 2.0 for IIS. It can be obtained through the Microsoft website at https://www.microsoft.com/en-us/download/details.aspx?id=7435.

Simply download the file to the server and run it. This will install the module needed for IIS to function properly with CSET.

Firewall Configuration

In order to configure and use the new SQL Server instance, it needs to be able to receive incoming connections. By default, this is prevented by the Windows firewall. We will now reconfigure the firewall to allow incoming database connections.

  • From the Windows "Start" menu, search for "firewall", and select "Windows Firewall with Advanced Security"
  • On the navigation pane on the left, click "Inbound Rules"
  • On the Actions pane on the right, click "New Rule…"
  • Select the "Port" radio button and continue
  • Select the "Specific local ports" radio button
  • In the text field, input 1433 and continue
  • Select the "Allow the connection" radio button and continue
  • On the Profile screen, select which networks you wish to allow incoming connections from, and continue
  • Enter a name and a description for this rule, and continue
    • The description is optional, but the name should reference SQL Server

Database Setup

The database used by CSET must be configured properly for CSET. This step involves configuring the SQL Server instance installed in a previous step.

  • On the server or virtual machine, navigate to the CSET Distribution which was downloaded previously

  • In the "Database Images" folder, there are two files: CSETWeb.mdf and CSETWeb_log.ldf.

  • Copy these files to a suitable shared location such as the root of the C: drive

    • You will need to ensure that users have adequate permissions to read and modify both files
  • On a host or client machine, open SSMS

  • Connect to the SQL Server instance using an administrative account, such as the 'sa' account created while installing the SQL Server instance in the previous step

    • The server or virtual machine needs to be configured to be reachable on the network by the host or client machine, but this is outside of the scope of this document
  • In the navigation pane on the left, right click on Databases

  • Click Attach

  • In the Attach Databases dialog, click the Add button

  • In the Locate Database Files dialog, navigate to the folder you copied the database images to

  • Select CSETWeb.mdf and click OK

  • In the Attach Databases dialog, click OK

  • In the navigation pane on the left, under Databases, CSETWeb should appear

Create Database User

In order for the CSET application to use the database, it needs a user account to connect as. This step details the creation of a suitable user account in the CSET database. This user account will be used in the CSET Configuration process.

  • Right click on the Security list item in the navigation pane
  • Select New then select Login…
  • Enter the credentials for the user account that will be used by the CSET application to connect to the database
    • If using Windows authentication, you will need to provide a valid account on the domain that the IIS and SQL servers are on
    • Make note of the credentials used in this step. They will be used in the CSET Configuration process
  • In the "Default database" selector, select "CSETWeb"
  • In the navigation pane of the "Login Properties" window, select "User Mapping"
  • Select the CSETWeb checkbox, and click OK
  • Expand the CSETWeb database list item in the navigation pane
  • Expand the Security folder, under the CSETWeb database list item
  • Expand the Users folder
  • Right click on the user corresponding to the login you created
  • Click Properties
  • In the navigation pane of the "Database User" window, select Securables
  • Click Search…
  • Select the "Specific objects…" radio button, and click OK
  • Click "Object Types…"
  • Select the Schemas checkbox, and click OK
  • Click Browse…
  • Select the [dbo] checkbox, and click OK
  • Click OK in the "Select Objects" window
  • In the Securables: list, select the dbo line
  • In the "Permissions for dbo:" list, locate the Execute line, and select the Grant checkbox
  • In the navigation pane of the "Database User" window, select Membership
  • In the "Database role membership:" list, select db_datareader and db_datawriter, and click OK

CSET Installation

With the system properly configured, CSET itself can now be installed.

  • On the server or virtual machine, navigate to the CSET Distribution which was downloaded previously
  • Navigate to the 'dist' folder
    • The contents of this file will need to be copied to the folder for the IIS website it is being deployed to
  • In the navigation pane on the left side of the Server Manager window, click IIS
  • In the SERVERS list, right click on the server instance you will be deploying to
    • If you have followed the installation instructions given, it will be the only item in the list, and will be highlighted
  • Click "Internet Information Services (IIS) Manager" on the right-click menu
  • In the "Internet Information Services (IIS) Manager" window, on the left navigation pane, locate the server name, and expand that list item
  • Expand the Sites list item
  • Click on the "Default Web Site" list item
  • In the Actions pane on the right side, click Explore
  • A new Windows Explorer window will appear
  • Remove the files in that folder, but do not delete the 'aspnet_client' folder
  • Copy all of the contents of the 'dist' folder (inside the CSET distribution) into this folder

CSET Configuration

Now that CSET is installed, it must be configured before it can be used.

  • In the website folder found in the "CSET Installation" steps, locate the file Web.config
  • Open this file in a text editor such as Notepad
    • You will need to ensure you have proper permissions to modify this file before editing
  • Locate the section of code between the <connectionStrings> and the </connectionStrings> tags
  • On each of these lines, locate the words data source
  • Edit these to reference the IP address or domain name of the machine that the SQL Server instance is installed on (e.g.: data source=domain.name.here or data source=123.456.789.012)
    • If IIS and SQL Server are running on the same machine, then use localhost as the domain name
  • Edit the lines to indicate login credentials after persist security info=True;
    • The information used in this step will be the login credentials of the new database login created in the Create Database User procedure
    • If SQL Server authentication will be used, then a user id and password will need to be provided for the login that will be used
      • E.g.: user id=cset_user;password=AbC!2#;
    • If Windows domain authentication will be used, then the user id and password will need to be replaced with Trusted_Connection=SSPI;