Merge pull request #1492 from guardicore/1484/faq-network-limitations

docs: Add faq for limiting monkey propagation
This commit is contained in:
Mike Salvatore 2021-09-27 14:30:57 -04:00 committed by GitHub
commit 67262e19d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 0 deletions

View File

@ -26,6 +26,7 @@ Below are some of the most common questions we receive about the Infection Monke
- [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent) - [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network) - [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen) - [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
- [Can I limit how the Infection Monkey propagates through my network?](#can-i-limit-how-the-infection-monkey-propagates-through-my-network)
- [How can I get involved with the project?](#how-can-i-get-involved-with-the-project) - [How can I get involved with the project?](#how-can-i-get-involved-with-the-project)
## Where can I get the latest version of the Infection Monkey? ## Where can I get the latest version of the Infection Monkey?
@ -224,6 +225,58 @@ This is sometimes caused when Monkey Island is installed with an old version of
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). - **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/).
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work. - **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work.
## Can I limit how the Infection Monkey propagates through my network?
Yes! To limit how the Infection Monkey propagates through your network, you can:
#### Adjust the scan depth
The scan depth limits the number of hops that the Infection Monkey agent will
spread from patient zero. If you set the scan depth to one, the agent will only
reach a single hop from the initially infected machine. Scan depth does not
limit the number of devices, just the number of hops.
- **Example**: In this example, the scan depth is set to two. _Host A_ scans the
network and finds hosts _B, C, D_ and _E_. The Infection Monkey agent
successfully propagates from _Host A_ to _Host C_. Since the scan depth is 2,
the agent will pivot from _Host C_ and continue to scan other machines on the
network. However, if _Host C_ successfully breaches _Host E_, it will not pivot
further nor continue to scan or propagate.
![What is scan depth](/images/faq/propagation_depth_diagram.png "What is scan
depth")
#### Enable or disable scanning the local subnet
You can find the settings that define how the Infection Monkey will scan your
network in `Configuration -> Network`. Each agent will scan its entire local
subnet by default, but you can disable this behavior by unchecking the `Local
network scan` button.
#### Add IPs to the IP allow list
You can specify which hosts you want the Infection Monkey agents to attempt to
scan in the `Configuration -> Network -> Scan target list` section.
#### Add IPs to the IP block list
If there are any hosts on your network that you would like to prevent the
Infection Monkey from scanning or exploiting, you can add them to the list of
"Blocked IPs" in `Configuration -> Network -> Blocked IPs`.
#### Specify max number of victims to find/exploit
Two settings in `Configuration -> Internal -> Monkey` allow you to further
limit the Infection Monkey's propagation:
- **Max victims to find**: This limits the total number of machines that the
Infection Monkey is allowed to scan.
- **Max victims to exploit**: This limits the total number of machines that the
Infection Monkey is allowed to successfully exploit.
## How can I get involved with the project? ## How can I get involved with the project?
Infection Monkey is an open-source project, and we welcome contributions and contributors. Check out the [contribution documentation]({{< ref "/development" >}}) for more information. Infection Monkey is an open-source project, and we welcome contributions and contributors. Check out the [contribution documentation]({{< ref "/development" >}}) for more information.

Binary file not shown.

After

Width:  |  Height:  |  Size: 170 KiB