Ridgeback Hunter and Interfaces

//Ridgeback Hunter and Interfaces

Ridgeback Hunter and Interfaces

Two things today – the new Ridgeback Hunter name and some information about Ethernet interfaces. First, a name change. Ridgeback Agent is now called Ridgeback Hunter. The term “agent” was causing some confusion, thus the name change. (A single instance of Ridgeback Hunter can support many networks. Ridgeback Hunter does not need to be installed on every endpoint.)
With that out of the way, I wanted to post about best practices for using Ethernet interfaces with Ridgeback Hunter. Any server or VM running Ridgeback should have at least two Ethernet interfaces. One interface will connect to the production VLAN (or network). This is PORT_A1. The other interface will connect to your out-of-band management network.
The interface you use for PORT_A1 should not have an IP address. There should be no way to send IP traffic to the PORT_A1 interface. The out-of-band interface will have an IP address, and that is the IP address you will use to contact the basic web interface.
Like all rules, there is an exception to the two-or-more interfaces rule. I will run Ridgeback Hunter on a laptop and do ad-hoc connections to networks. This lets me get an instant picture of a network, do security spot checks, etc. In this case I am using just one interface for PORT_A1, and accessing the basic web interface from the laptop itself. If you travel and visit customer networks, I can definitely recommend this sort of setup. Ridgeback provides a wonderful “what did I just connect to” snapshot of the network.
By |2017-07-13T19:48:25+00:00May 25th, 2016|blog|0 Comments

About the Author:

Thomas Phillips is the lead "technical guy" at Ridgeback Network Defense. You can email him at tom-at-ridgeback.tillitclicks.com

Leave A Comment