Skip to content
/ cset Public
forked from cisagov/cset

Cybersecurity Evaluation Tool

License

Notifications You must be signed in to change notification settings

tmcmil/cset

 
 

Repository files navigation

CSET 9.2.1

Total alerts Language grade: C# Language grade: JavaScript

Download Windows Installer CSET 9.2.1 StandAlone Installer


File Checksum Integrity Verifier version 2.05. csetstandalone.exe
MD5 e486deb49f16c29bdd04bb7273985f66 SHA-1 ac1515ccd6b9d19ee8ef84d6090346dbadd548bb

License

MIT License, Apache License 2.0

Copyright 2018 Battelle Energy Alliance, LLC

See License.txt, NOTICE.txt

Contact information of authors: [email protected]

Idaho National Laboratory, P.O. Box 1625, MS 3870, Idaho Falls, ID 83415

Includes software licensed under LGPL

LGPL dependencies are required to build CSET. You will be required to aquire them via nuGet in order to build this software. They are not distributed with this source.

This application uses Hangfire software as a nuGet dependency.

Using the CSET Stand-alone Installer

Double-click on the CSETStandAlone program.

The User Account Control dialogue will come up (Fig.1). Select "Yes".

Figure 1: User Account Control box

A CSET 9.2.1 dialogue will open asking if you want to install CSET 9.2.1 Desktop (Fig.2). Select "Yes".

Figure 2: Install dialogue

The program will begin extracting.

After extracting a CSET 9.2.1 Setup dialogue will open (Fig.3). Select "Install".

Figure 3. CSET Setup

CSET will begin to install. If the user doesn't have IIS 10.0 Express, CSET will install it. The IIS 10.0 Express Setup dialogue will open (Fig.4). Click the check box to confirm that you "…accept the terms in the License Agreement", and then select "Install".

Figure 4. IIS Setup

IIS will install. Select "Finish" when it completes.

The CSET 9.2.1 Setup Wizard will open to walk the user through the install process (Fig.5). Select "Next".

Figure 5: Setup Wizard

A disclaimer will open (Fig.6). Read through and then click the box "I read the disclaimer", and select "next".

Figure 6: Disclaimer

CSET will choose a default folder to install CSET 9.2.1 to, but you can change this in the Destination Folder dialogue (Fig.7). Select "Next".

Figure 7: Destination Folder

The CSET Installer will show that it is ready to install (Fig. 8), select "Install".

Figure 8: Ready to Install

CSET 9.2.0 will be installed. Make sure that the "Launch CSET 9.2.1 when setup exists" box is checked, and select "Finish".

The user should see a setup successful dialogue (Fig.9), and then have an option of how they want to open the app. For this example, Edge was used.

Figure 9: Setup Successful

The user has access to CSET 9.2.1 as Local User. The Local Installation ribbon is visible at the top of the screen. They can see their landing page with no assessments at this time (Fig.10).

Figure 10: Local Install Landing Page




CSET Enterprise Installation Instructions

Introduction

This documentation is provided to assist users in navigating the basics of the CSET® Enterprise Edition. Here users will find step-by-step directions for installation, configuration, and setup, as well as links to various resources to assist in this process.

Prerequisites & Necessary Files

  1. Download the “Enterprise Distribution Files” from the CSET® GitHub page. Click the “AddUser.zip” and “CSET9.2.2.zip” links to download the two files you need. Once the download is complete, you will need to extract the folders.

  2. We will be using Microsoft SQL Server 2016 for this setup. If you need to, you can download the Express version from Microsoft directly a. CSET® requires your server to have the URL Rewrite Module installed as well. Again, this can be downloaded directly from Microsoft

  3. If you are using an SQL Server, download and install Microsoft SQL Server Management Studio (SSMS)

Installing IIS

  1. On your Windows Server, open the “Server Manager” application.


  1. Click “Add Roles and Features.” This should open the Roles and Features Wizard that will guide you through the installation process.


  • Installation Type – This should default to “Role-based or feature-based installation.” If it does not, please select this option.
  • Server Selection – Choose the server you plan on running CSET® on.
  • Server Roles – Select the “Web Server (IIS)” check box. Add any features the program prompts you for.
  • Features – The defaults will work just fine for running CSET®, however you may add any additional features you wish.
  • Web Server Role (IIS) – Click “Next.”
  • Role Services – Under Common HTTP Features, select “HTTP Redirection.” Under Application Development, select “ASP.NET 4.7” and add any features the program prompts you for. (Please note: ASP.net 4.7.2 or higher is required for CSET to run properly. If you have anything less than that, you will need to download the latest version from Microsoft directly.)
  • Confirmation – Click “Install”. Close out of the Wizard when installation is complete.
  1. It may be necessary to create a new IIS Application Pool for your CSET Installation to run properly. When setting up the application in IIS, create a new Application Pool for CSET and give it the identity of the account you want to access the SQL Server with. Provided below are links to the official Microsoft documentation for this process.
  • To read more about IIS Application Pool creation click here.
  • To read more about Pool Identification click here.


SQL Server Installation

  1. To begin the process of installing a new SQL Server on your machine (see below):
  • Open Microsoft’s “SQL Server Installation Center”
  • On the left, select “Installation”
  • Click “New SQL Server stand-alone installation”


  • Input your product key (if needed) and accept the licensing terms to continue the installation.

  • The defaults for most of the sections will be just fine. However, the two sections you will need to modify are “Feature Selection” and “Database Engine Configuration.”

  • Feature Selection (see below) – When you are prompted to select specific server features, check the “Database Engine Services” box and then continue.

  • Database Engine Configuration (see below) – At the Database Engine Configuration screen, select the “Mixed Mode (SQL Server authentication and Windows authentication)” option.

  • Under the same section, you will be asked to create and input a password for the system administrator account. Make sure to remember this information!

  • Finally, click the Add Current User button at the bottom. This will populate your current windows account as a user. Once that is complete, click “Next.”

  • The final step is to click the Install button to finish up this process. Once this is complete, you can close out of the Server Setup window.

  1. Once your server is up and running, you will need to install the URL Rewrite Module. Simply download the file from Microsoft (see Page 2 links or above hyperlink) and run the application to install the necessary patch.

Firewall Configuration

  1. Open Windows Defender Firewall

  1. On the left, select “Advanced Settings.”
  • Inside the new window, double-click “Inbound Rules” and then select “New Rule” on the right (see below).

  • Rule Type – Select “Port” as the new rule type and click “Next.”
  • Protocol and Ports (see below) – Change the rule to apply to “Specific local ports” and enter your desired port. Once that is finished, click “Next.”

  • Action – Select the “Allow the connection” radio button. This should be selected by default. Click “Next.”
  • Profile – Choose what type of networks you wish to allow connections from. If you are unsure, leave them all checked. Click “Next.”
  • Name – The final step is to create a name and description for this new rule. Once you’ve done this, click “Finish.”

Database Setup

  1. Open the CSET® 9.2.2 folder that you downloaded earlier and navigate to the “Website” subfolder. Inside this folder you will find another subfolder titled “Data.” Inside the Data subfolder will be two files called “CSETWeb” and “CSETWeb_log.” Copy these two files to your server.

  2. Open Microsoft SQL Server Management Studio (see below) and connect to the SQL Server that we setup previously.

  • Open the “Connect to Server” dialog box.

  • Change the server name to “localhost” or whatever name you have specified for your server already.
  • Your Server can be run through either the “SQL Server Authentication,” which will require the login information you created earlier, or you can use the Windows Authentication, which will not require any login information as the server will verify your identity through your Windows account.

  1. Inside the Object Explorer on the left, right-click the Database folder (see below) and then click “Attach.”

  • This will bring up the “Attach Databases” dialog box (see below). Click the Add button and navigate to the location where you previously saved/copied the CSETWeb.mdf file. Click on the file and then click “OK,” and then click “OK” again to attach the database.

  • You’ll know you’ve completed this step successfully when you can see the “CSETWeb” object appear under the Databased section in the Object explorer.

Create Database User

  1. Peviously we created our SQL Server account. We will now need to create an account that has access to the database. Continuing in the Object Explorer, right-click on the folder named Security, hover over New (see below) and then click “Login.”

  • In the next window (see below), enter a login name, select the “SQL Server authentication” radio button, and then enter a password. If you choose to go through the Windows authentication, you will not need to enter a password.
  • At the bottom of the box, change the Default database to CSETWeb.

  • At top-left from the window shown below, click “User Mapping” and then select the CSETWeb checkbox. Then click “OK.”

  1. Back in the Object Explorer of SSMS (see below), expand the CSETWeb list, followed by Security and then Users. You should see the new user you created listed here. For us, it’s simply “user”. Right-click on your user’s name and select properties.

  • In the dialog box that pops up, select “Securables” from the menu on the left if it is not already selected.
  • Click the Search button to generate another dialog box. Make sure the “Specific objects…” radio button is selected and then click “OK.”

  • Once you hit OK, you should see yet another box pop-up titled “Select Object.” Click the button that says Object Types… This will generate a list of object types. Scroll down until you see the “Schemas” object (see below). Check this box, and then click “OK.”

  • Next, click "Browse" and select the "dbo" checkbox. Then click "Ok".

  • Once we have our dbo inside our Securables, we need to grant it permissions. Scroll through the list of permissions and when you find the "Execute" permission, select the "Grant" checkbox.

  • Our final step is to go over to the Membership page (see below) and select the checkboxes for “db_datareader” and “db_datawriter.” Then select “OK.”

CSET Installation

  1. Re-open Windows Server Manager (see below). Double-click on “IIS” on the left. Then, right-click on the server name and click “Internet Information Services (IIS) Manager.”

  • As seen in the picture below, expand the server’s name drop-down list and then expand the Sites drop down list. You should see a “Default Web Site” item. Right-click this item and select “Explore”. This will open the “wwwroot” folder.
  • Delete everything inside this folder EXCEPT for the “aspnet_client subfolder”.
  • If you’ve done any kind of changes or work inside this folder previously, we recommend copying the contents to preserve those changes as deleting the files will erase any changes you have made.
  • From the CSET® 9.2.2 folder, copy all the contents and files of the Website subfolder into your wwwroot folder.

CSET Configuration

  1. Locate and open a file called “Web.config” inside the “wwwroot” folder. Open this file using a text editor such as notepad.

  • Scroll to the bottom of the document and you will find the "connectionStrings" section. We will need to edit these to correctly connect to CSET®.
  • On each of the lines inside the two connection string tags, there is a part that says “data source=…” You will need to change the part after the equals sign to the IP address or domain name of the machine on which the SQL Server is running.

  • If IIS and the SQL Server instance are running on the same machine, you can use “localhost” as the domain name. Otherwise, you will need the specific domain or IP address to connect properly.

  • On each of the same lines, you will need to update the “Integrated Security=SSPI” section to reflect your SQL Server specific login info.

  • If you are using the Windows domain authentication method, then you will use “Trusted_Connection=SSPI” instead of a user ID and password

  • Save and close the Web.config file.

  • If you receive an error stating that you do not have permissions to save the Web.config file, find the file inside the wwwroot folder and right-click on it. Select properties and go into the security tab. Click on the edit button and make sure that all users have “Full Control” over the file.

  • Go back to the “Internet Information Services (IIS) Manager” and on the right, make sure the server is running. You may now browse to your Enterprise CSET® Installation!

Other Steps (Optional)

Creating CSET User

There are two ways to add a new user to your freshly created CSET® Stand-Alone. The first way is to register for a new account inside the CSET® application itself. This will require a valid mail host as user’s will be required to enter their email address and receive a confirmation email on your network.

  1. Using a browser, navigate to your CSET® webpage.
  2. At right, select “Register New User Account.”
  3. Enter your information (name, email, and security questions), and select “Register.”
  4. A confirmation email will be sent to the email you entered. This email will contain a temporary password that will allow you to login to the CSET® Application.
  5. Once a user has logged in for the first time, they will be prompted to create their own password to replace the temporary one.

The second way to add a new user to your CSET® Application is to use the included “AddUser” program. This tool is intended more for testing purposes than company-wide use. It allows anybody to create a new user without the email check and should only be used by administrators. As such, do not place this program in a public or shared folder on your system.

  1. Inside the “AddUser” folder, you will find a file called “AddCSETUser.exe”. It’s a config file. Open this file with a text editor such as notepad.
  • Inside the "connectionStrings" tags, you will need to change your “data source=” to the IP Address or domain of your server.
  • You will then need to change the “user id=” and “password=” to the admin account you created previously.
  • Save and close the file.
  1. Double-click on the “AddCSETUser” application and a small dialog box should pop-up with entry fields to add a new CSET® User.

  • Enter the required information and click “Save.”
  • If you’ve connected with the server properly, you will see small green text at the bottom-left of the box that says, “Added Successfully”. You may now login to CSET® using that user account.

Mail Host Configuration

  1. Inside your “wwwroot”, open the Web.config file.
  • Inside the config file, you will need to locate the “SMTP Host”, and “Sender Email” portions.

  • Edit the text after the equal sign of value to your domain name. (e.g. value=”mailhost.YOURDOMAIN.com”).
  • Save and close the file when you are finished.

SSL Security Certificate for Extra Security

An SSL certificate is a web technology that establishes a secure link between a web server and a browser. This link encrypts all data (such as passwords) so that your server is more secure.

  1. You can follow this tutorial to add an SSL certificate to your CSET® stand-alone.

About

Cybersecurity Evaluation Tool

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TSQL 70.0%
  • JavaScript 16.6%
  • HTML 7.0%
  • C# 3.9%
  • TypeScript 1.2%
  • CSS 0.7%
  • Other 0.6%