Set up Networking for Protected Theater

After you confirm that virtualization is enabled, you can set up the Protected Theater networking. Choose an option, depending on whether you want to control your OS network settings or have Mandiant control them:

• Control your OS network settings: In the vsetnet tool, you only select the management interface to use. You are responsible for manually configuring the host's networking settings outside of vsetnet.
• Let Mandiant control your OS network settings: You select the interface, and then vsetnet prompts you for the network settings to use. This is done so the Actor software can make the required changes to the OS networking.

Follow these steps, regardless of the option you chose:

1. Connect to the Protected Theater environment using SSH.
2. Set up the network configuration by running the following command:

   $ sudo vsetnet

3. Choose your preferred option:
   • We recommend using ens192 for the (management) interface.
   • Remember to use a static IP address.
   • Only one IP address is necessary for Protected Theaters.
   • Customer-controlled OS network settings:
     1. Enter no when prompted for Verodin (Mandiant) control of network files, then press Enter.
     2. Select the primary interface (ens192) and press Enter.
     3. Enter no when prompted for the test data interface and then press Enter. After these steps, Verodin services restart and your network configuration is updated.
     The following code output is provided for an example. Also, the network values are for example purposes only and should not be used for your specific network configuration.

     $ sudo vsetnet
     
      - Verodin Network Configuration - 
     
     Will Verodin control the network configuration files? (yes|no): no
     
     
     Selecting the primary management interface.
     Available Interfaces: 
     ens192 - IP: MGMT_IP_ADDRESS - MAC: MAC_ADDRESS
     Which interface do you want to use for management: ens192
     
     Configure Second Interface for Test Data (yes|no): no
     
     Restarting Verodin services...
     
     

   • Mandiant-controlled OS network settings:
     1. Enter yes when prompted for Verodin (Mandiant) control of network files, then press Enter.
     2. Select the primary interface (ens192) and press Enter.
     3. Enter network values for:
        1. IP Address or DHCP
        2. Network Mask
        3. Gateway
        4. Nameserver IP Address (typically a DNS server)
     4. Enter no when prompted for the test data interface and then press Enter. After these steps, Verodin services restart and your network configuration is updated.
     The following code output is provided for an example. Also, the network values are for example purposes only and should not be used for your specific network configuration.

     $ sudo vsetnet
     
      - Verodin Network Configuration - 
     
     Will Verodin control the network configuration files? (yes|no): yes
     
     
     Selecting the primary management interface.
     Available Interfaces: 
     ens192 - IP: 192.0.2.2 - MAC: 00:00:5E:00:53:00
     Which interface do you want to use for management: ens192
     
     Enter IP Address or DHCP: MGMT_IP_ADDRESS
     
     Enter Network Mask: NETWORK_MASK_ADDRESS
     
     Enter Gateway: GATEWAY_ADDRESS
     
     Enter Nameserver IP Address: NAMESERVER_IP_ADDRESS
     
     Configure Second Interface for Test Data (yes|no): no
     
     Restarting Verodin services...
     
     

4. Once the network settings have been established, confirm the IP settings have been changed by running the following command and noting the inet value (in this case, MGMT_IP_ADDRESS, as used in the preceding examples):

   $ ifconfig
   ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
   inet MGMT_IP_ADDRESS  netmask NETWORK_MASK_ADDRESS  broadcast GATEWAY_ADDRESS