A step back

I am going to take a bit of a step back this week.  This week I am going to take a min to discuss the thought processes, or the lack thereof, of businesses, with a particular focus on our government.   I am an IT and as such I do like technology.  These days we have to deal with the whole concept of lowest bidder.   If you do not know what that means well here you go;

What that means is that whomever make the lowest bid on a particular contract ends up with the contract.  I am just a worker bee but even I know that make no since what so ever.  Basically what we end up with is crappy equipment to do a job that requires the latest in technology not archaic technology.  Now that we are working with second hand stuff were are expected to work to the level of the people down the street who run Server 2012, win 7 and an all fiber network, when we have Server 2003, Win XP and switches we have to make mods to in order to connect them via fiber to a core switch.  Well I could go on and on about this but there really would be no point.  I just wanted to take a step back and see if anyone else out there is a frustrated as I am with this crap.

HBSS with DISA config

Well I have been talking about Compose for my last few posts so let continue.  I want to discuss the steps involved in installing HBSS with the DISA config.  When I did this it was pretty difficult as I had to do allot of searches and pull allot of guides to get this setup properly on the network.  I however did just find some who put all of the steps down in a readable format from start to finish.  The steps are below

1. I am using vSphere to run the virtualized environment, and the HBSS was deployed directly to a VM following the DISA Guide. Within vSphere Client after the initial install, all I had to do was change NIC to use the vSphere VM Network portgroup. This is the portgroup I use to access my environment’s “infrastructure” VLAN.
2. In the HBSS guest, set the Network Location Awareness to private by editing Computer Configuration -> Windows Settings -> Security Settings -> Network List Manager Policies ->Unidentified Networks. Then use œnetsh int ip reset to reset the NIC completely (very important) “ this requires a reboot.
3. Disable IPv6 per the 
4. Assign same IP address as was used for the original HBSS Manual Install (172.24.4.31). This is an enclave-local IP address – set one to match your needs.
5. Because our enclave is local, we have our own Certificate Authority (CA). Thus, the Windows Server Update Services (WSUS) server to be used to update the HBSS server has a certificate from our local CA. To enable this to work, I installed our local CA top-level certificate to the HBSS guest as a trusted root certificate.
6. Update HBSS to reference the local WSUS server by modifying local group policy. Keep in mind that the DISA HBSS image must not be a member of your domain, so any Group Policy Object (GPO) changes must be applied locally to the HBSS guest!
7. Apply all Windows Updates. The DISA Guide actually has this as a separate set of instructions, but I wanted to make sure that all updates were applied before I proceeded. In my case, a number of .NET Framework 4 updates refused to upgrade and we finally had to install them one-by-one “ sysadmins, be aware of this problem and be assured that updates can be applied with effort and persistence.
8. Verified that the HBSS 4.6.6 packaged from DISA is the latest version as of 08 AUG 13.
9. During name change (Steps 4.1.5 to 4.1.21) used HBSSEPO002MV; the original DISA name was HBSS2K8-FOC. Also installed VMware Tools, set default suffix (domain) to armycloud.cloud.army.mil, verify networking, activate Windows, and perform reboot.
10. Prior to running DISA HBSS Rename Script (Step 5.1) be sure to update DNS for the HBSS hostname *and* update related PTR record. Not sure if this is required but it is safest to ensure that reverse DNS queries return the expected values. Also, the instructions state that a system reboot is necessary after the script completes but the script doesn™t actually prompt the user to do this reboot. So, I performed a manual reboot after the rename script finished successfully (around 10 minutes to run).
11. Step 6.1 has you login to the ePO Server “ the default credentials are admin/Charming1! (the œHBSS Configuration Guide points this out, but not the œBuild From Image Guide. Also, for the master key name used HBSSEPO002MV to match the VM name.
12. After the final reboot (after setting up master key) be sure to set the œMcAfee ePolicy Orchestrator 4.6.6 Event Parser service to Automatic (and start it). The œBuild From Image Guide has you set it to manual but this results in warnings when you login to the ePO Server console.

I got these steps form https://www.softwareab.net/wordpress/hbss-installing-the-disa-image/ and he has allot of links to referance to maintain the system as well.  I hope this helps anyone who is trying to get HBSS up and running on a COMPOSE network

This post I am going into how to install a retina update that come out via an IAVA.  It is fairly simple and below is the way to get it done.

To install the update, please double-click the RetinaUpdateIAV executable file. Click
Next/Yes/Next/Finish as pictured below.
When you install the “Retina IAVA Audit Updates” you will receive 4 sets of windows and as stated above just select the defaults. The install package puts the latest IAV updates into your eEye product.

I really do not like retina as a vulnerability scanner as there are some many nicer and easier to use ones currently on the market, but retina has been out for many years and they have large contracts with the government so that is the one we have to use.