Links

Binalyze AIR Agent Proxy Support

Problem Statement

The Binalyze AIR Agent needs to access certain network services to work properly. If any of these connection requirements are not satisfied, the Binalyze AIR Agent may not work properly. Binalyze AIR agents use the network connection provided by the operating system. If some kind of proxy service is used in the enterprise network, the Binalyze AIR agent probably can not detect the proxy configuration hence can not connect to the required services and does not work properly.

Binalyze AIR Agent Proxy Support

The updated version of AIR Agents automatically detects the proxy server configuration on the endpoint and modifies the network connection methods to access required services. AIR Agents read the proxy configuration settings where it is located according to the operating system, Windows, Linux and macOS are supported operating systems.
Minimum network connection requirements and associated definitions are listed below.

AIR Agent to AIR Console connection requirements

  • TCP/IP 80, 443 HTTP/HTTPS , 4222 NATS for Real-Time Task assignments, 443 WebSocket for interACT
The AIR agent communicates with the AIR console over 80 and 443 with HTTP/HTTPS. Therefore, TCP 80,443 HTTP/HTTPs ports and protocols must be open and accessible. In order for Real-Time task assignments to work, TCP/IP 4222 port must open and accessible. Similarly, in order for interACT to work, the WebSocket protocol must be configured over HTTPS.

AIR Agent to Evidence Repository connection requirements

If the collected evidence needs to be uploaded to a remote domain, the agent must be able to access these remote domains via HTTP/HTTPs, SMB, SFTP, FTPS and Amazon, Azure and Google domains, depending on the configuration previously defined in the evidence repository. If there is no support on the proxy server during the connection phase of protocols such as SMB, SFTP, FTPS, the Direct connection method is tried. In addition, HTTP/S Proxy connections are made by establishing a Tunnel with the HTTP Connect method. In addition to HTTP Proxies, SOCKS5 Proxy type is also supported.