iTDS Setup Guide


iTDS Architecture

The iTDS Architecture can be divided up into 2 different sections that are described below:

 

 

 

Seeds  

Seeds are URLs that are installed into Maltego from the transform hub. An example of one is the movie database seed we have:

  • https://bark.paterva.com:8081/iTDSRunner/runner/showseed/Movies .

This tells Maltego where to find a virtual server that has a number of transforms on it (think of a seed as a container for transforms). On the iTDS itself you can configure/create/edit these seeds as you wish through the web interface. This allows you to segregate transforms based on seeds or type of transform. For example you could create a seed that only contains transforms that have the general public information for something like a sales department but you might have another seed that includes this and full account information for your infosecurity team. From the iTDS interface you can also add transform settings and paired configurations for your different transform seeds. This will be explained in details in the upcoming sections of this document.

Transforms 

On the iTDS, transforms point to a script/application that the iTDS server can communicate with via HTTP(s). When a transform is run the entity within a Maltego client as well as the name of the transform you are looking to run is sent to the seed that was configured. This seed then looks up where the address of the script/application is and creates the HTTP(s) connection to that server and does a HTTP POST to the URL. That script then processes the request and returns a page which the iTDS sends back to the Maltego client. A picture describing this process can be seen above under iTDS Architecture.

The iTDS acts like a proxy for transforms.  It hides several of the complexities of seed management, entity meta-data, transform settings, transform discovery etc. from the transform writer and allows him/her to concentrate on developing the actual transform. The transform code is hosted on the end user’s infrastructure and is served from a web server.  

Setting up your Server

Maltego servers require some initial setup and fundamentals that are described in the following sections

Basic Requirements

Maltego servers are based on an Ubuntu LTS server image (currently 14.04.01). A requirement for running your own Maltego server is that you understand Linux. For more information about Ubuntu server edition please visit the site https://www.ubuntu.com/server.
 

Virtual Image Format

Maltego servers are delivered as virtual images that can be downloaded from your Server Portal account. They are provided in Open Virtualization Format (OVA/OVF), if you want to use the image with other virtual machine providers (like ESXi) you’ll need to convert it using the respective converters.
 

Server Requirements

The virtual server requires at least 2GB of RAM, but the more the merrier (as this is a 32-bit server more than 4GB of RAM would be an overkill). This is the only real requirement in terms of hardware. Most current processors will have more than enough processing power. 25GB of disk space should be more than enough space for the server.
 

Logging into the Server Image

Once the server image has been booted you can access the server with the following credentials (via the VMWare console or via SSH):
 
maltego / tasx
You may wish to change to the root user by typing
 
$ sudo –s
NB: Change both the passwords on the host for root and for the maltego user. This can be achieved with the 'passwd' command.

IP Addresses

By default the server is configured to use DHCP. If you want to give the server a static IP address you will need to manually set that up. Once you’ve set up an IP address you will be able to access the server via SSH.

Network Requirements

The networking requirements for the iTDS require that Maltego clients can reach the seeds on whichever port is configured for the seeds on the iTDS. The iTDS admin interface is accessible on port 443 (SSL) and will need to be open to any administrative users who wish to configure the server. Naturally the iTDS will need to speak to Transform Host servers (where the code lives) to be able to work correctly.

 

Activating the Server

Your server is now ready to go – but it needs to be activated using the license certificate. Activating an iTDS, MDS or CTAS server follows a similar process.

Paterva uses client side certificates for authorisation and authentication on the MDS, CTAS and iTDS. Within the CTAS the certificates are used to activate the seed server (also called a runner). On the MDS and iTDS server the client side certificate is used with a browser to both activate and provide access to the administrative section of the web application. 

For all Maltego servers you will initially need to have your .pfx or .key certificate file on hand. This is usually provided via email but is also available on the Server Portal. Once you know the IP address of your server, browse to the interface on the server's IP address.

The first step you’d want to do is to upload the certificate file to the server. Click ‘Choose File’ then choose the certificate file from your local filesystem and click on Submit. Certificate details will be shown to you:

Next click on the ‘Activate’ button. This will move the file into the correct area and it will also restart the webserver – using this certificate. This means you might need to reload the page after a few seconds. If the certificate was good and everything went according the plan you’ll see a screen similar to this:

 

Adding your certificate to your web browser

For the iTDS and MDS servers you will need to install the SAME client side certificate within your browser before browsing to the server module. This certificate is also used to authenticate you to the server. To do this you will need to configure your browser, this periodically does change between the various browsers and here are two simple guides for Firefox as well as Chrome.

The password for the certificate by default is ‘MaltegoServer’ but it can (and should) be changed.

Firefox

The first step in Firefox is to select the menu icon on the right hand side and select Options, then select the "Advanced" tab and click on "View Certificates". From there select "Import..."

      

From here select the file and unlock it with the password MaltegoServer (case sensitive):

      
 

Chrome

The first step in Chrome is to select the menu item on the right hand side and select options, then scroll to the bottom of the page (you may need to select advanced) and select "Manage Certificates" under the HTTPS/SSL heading. Next click on "Import..."

      

From here select the file and unlock it with the password MaltegoServer (case sensitive):

      

Once you have successfully imported your certificate in your browser you can browse to the MDS or iTDS module interface over HTTPs and the browser will either pick the certificate for you or ask you which certificate you would like to use as seen below:

  

After selecting the correct certificate you will be able to use the interface.

Continue to the iTDS Module page.



© Copyright 2017, Paterva PTY Limited