v. 7.

Installation Guide

TrapX® Security, January 2022

[Link]
 Contents

Contents
Preface ......................................................................................... 3
Overview: DeceptionGrid System Architecture ........................ 4
Appliance...............................................................................................................4
Full OS Trap ..........................................................................................................5
TSOC......................................................................................................................6
Deception Tokens .................................................................................................6

DeceptionGrid Hardware Appliance .......................................... 7

Appliance Prerequisites .......................................................................................7
Installing DeceptionGrid Appliance on a Physical Appliance .........................10

DeceptionGrid in VMWare ........................................................ 13

VMWare Prerequisites ........................................................................................13
Deploying DeceptionGrid Components in VMWare..........................................15

DeceptionGrid in Hyper-V ......................................................... 17

Hyper-V Prerequisites.........................................................................................17
Deploying TSOC in Hyper-V ...............................................................................19
Deploying DeceptionGrid Appliances in Hyper-V .............................................23

DeceptionGrid in KVM .............................................................. 28

KVM Prerequisites ..............................................................................................28
KVM Bridge Configuration .................................................................................30
Importing Guest Images to KVM ........................................................................33

DeceptionGrid in AWS EC2 ...................................................... 36

AWS EC2 Prerequisites ......................................................................................36
Token Endpoint Requirements ..........................................................................36
Creating DeceptionGrid EC2 Instances .............................................................37

DeceptionGrid in MS Azure ...................................................... 41

Azure Prerequisites ............................................................................................41
Token Endpoint Requirements ..........................................................................41
Creating DeceptionGrid Azure VMs ...................................................................41

DeceptionGrid Installation Guide, © TrapX 2

 Preface

Preface
This guide enables quickly installing TrapX Security’s DeceptionGrid main components: TrapX
Security Operation Console (TSOC), and DeceptionGrid appliances, according to the various
available physical and virtual infrastructures.
For Full OS Trap installation, and for all components' subsequent setup and configuration, see
the DeceptionGrid Administration Guide.
For security-related deployment, including Network Intelligence Sensor (NIS) setup, see the
DeceptionGrid Security Deployment Guide.

DeceptionGrid Installation Guide, © TrapX 3

 Overview: DeceptionGrid System Architecture

Overview: DeceptionGrid System

Architecture
TrapX Security® DeceptionGrid includes a multi-tiered set of tools for deception, emulation,
and interception, for deployment throughout an organization. For an understanding of these
tools' functions and deployment in an organizational network see the DeceptionGrid Security
Deployment Guide. Here we'll describe the software components that enable these functional
tools.
The various DeceptionGrid tools are realized through the combination of several separately-
installed software components:

In This Section
Appliance ...........................................................................................4
Full OS Trap ........................................................................................5
TSOC ...................................................................................................6
Deception Tokens ..............................................................................6

Appliance

DeceptionGrid's main component is the DeceptionGrid Appliance, which hosts emulation

traps and the (optional) Network Intelligence Sensor (NIS). The Appliance includes a
hardened, closed OS, on a physical (see DeceptionGrid Hardware Appliance on page 7) or
virtual device (or, in Kubernetes pods - see the DeceptionGrid Administration Guide).
To enable emulation traps, Appliance network interfaces are connected to organizational
network switches and to organizational networks:

DeceptionGrid Installation Guide, © TrapX 4

 Overview: DeceptionGrid System Architecture

Appliances' virtual child interfaces have addresses throughout organizational networks and
perform relevant emulation. When attackers connect to these emulation traps, the Appliance
responds deceptively according to emulation type and configuration, and records an Event
alert.

An Appliance supports up to 512 traps across up to 200 networks (including VLANs). To deploy
more than 512 traps or to more than 200 networks, or to deploy traps in separate locations,
deploy multiple Appliances.
For NIS, another of the Appliance's network interfaces is connected to a relevant network
device such as the firewall.

Full OS Trap

DeceptionGrid Installation Guide, © TrapX 5

 Overview: DeceptionGrid System Architecture

For a higher level of realistic interaction and of attack monitoring, install the TrapX Full OS
Trap agent on a full (virtual) computer. The host computer can be configured with any
software, data, and settings. Full OS traps are independently deployed( see the DeceptionGrid
Administration Guide).
Emulation traps' emulated services can be proxied to a full OS trap, so the full OS trap's real
service will respond to emulation trap attackers, providing optimal realism and fuller
monitoring of those attacks.
For some architectural purposes, Full OS traps are treated as Appliances.

TSOC

The TrapX Security Operations Console (TSOC) manages Appliances and traps, including Full
OS traps. TSOC serves a web user interface, through which administrators and security
personnel can administer Appliances, deploy and manage traps, and monitor security events.

All common deployment, administration, and security event handling tasks are performed in
TSOC's web interface.

Deception Tokens

Produced and distributed from TSOC, deception tokens are various types of static records on
existing organizational endpoints, that lure and direct attackers to emulation traps.
Communications between components are secured.

DeceptionGrid Installation Guide, © TrapX 6

 DeceptionGrid Hardware Appliance

DeceptionGrid Hardware Appliance

TSOC is not available as a hardware appliance (only as software images, for various platforms).
For the DeceptionGrid Appliance component, TrapX provides several models of hardware
appliances along with a DVD for installing the software. This section describes the installation
procedure for the DeceptionGrid appliance component from DVD on hardware appliances.

In This Section
Appliance Prerequisites ......................................................................7
Installing DeceptionGrid Appliance on a Physical Appliance ...........10

Appliance Prerequisites
Hardware Requirements
TrapX provides and supports the following hardware appliance models:

• Dell PowerEdge R230XL-based (OEM), 1 Gbps network configuration

• Dell PowerEdge R230XL-based (OEM), 10 Gbps network configuration
• Dell PowerEdge R240XL-based (OEM), 1 Gbps network configuration
• Dell PowerEdge R240XL-based (OEM), 10 Gbps network configuration
• Nexcom NISE3800E-H110 (industrial), 1 Gbps network configuration
For full specifications, please contact TrapX support.
All models meet or exceed the following minimal requirements:

Item Requirement
CPUs Required: 2; Recommended: 4
RAM Required: 8 GB; Recommended:
16 GB
Storage 40 GB
An Appliance supports up to 512 traps across up to 200 networks (including VLANs). To deploy
more than 512 traps or to more than 200 networks, or to deploy traps in separate locations,
deploy multiple Appliances.
Network Connections
There are four functional network ports: eth0 - eth3. Depending on Appliance model, they
may be in any of the following configurations:

• 6-port model: The two upper ports are disabled; the lower four ports are arranged
from left to right:

DeceptionGrid Installation Guide, © TrapX 7

 DeceptionGrid Hardware Appliance

• 4-port models: The four ports are in one of the following two arrangements:

If you're not sure of the arrangement on your appliance, after going through the
setup wizard (as below) check which port replies when you connect to it and Ping it;
that one is eth0.

Connect the appliance network interfaces as follows:

• eth0: Connected to management network. For TSOC communications, and optionally

for emulation traps in management network
• eth1: For Network Intelligence Sensor (NIS) monitoring (optional), connected to a
port-mirroring perimeter device, and configured for Promiscuous mode (see the
DeceptionGrid Administration Guide).
Note: 10GB NIC is not supported for NIS.

• eth2, eth3: For emulation trap interfaces, as needed connect to a network trunk to
monitor VLANs (recommended) or to a specific network to be monitored
Note: Make sure that the management network, that is connected to eth0, is not
connected to the trunk that is connected to eth2 / eth3.

For example, connect eth2 to a network trunk and eth3 to an additional single network:

DeceptionGrid Installation Guide, © TrapX 8

 DeceptionGrid Hardware Appliance

Organizational Network (Firewall) Requirements

DeceptionGrid operations require organizational firewalls and other network devices to allow
the following network traffic:

Source Destination Port Purpose

Appliance TSOC 5443 Event data, file transfers
(management and trap management
interface)
8443 Software updates
Internal DNS 53 Reverse lookup
Full OS trap TSOC 9443 Event data
8443 File transfers
7443 Trap management
TSOC users TSOC 8443 Console
TSOC Malware sandbox. According to sandbox Send malware samples to
For default TrapX-provided requirements. sandbox
sandbox: [Link] For default TrapX-
provided sandbox: 443
[Link] 443 Update server
[Link] 443 License manager
[Link] 443 Attack Intelligence
[Link] 443 VirusTotal
Token TSOC 6443 Deception token
endpoints connected distribution /
deployment tracking
In addition, to distribute deception tokens directly from TSOC (rather than externally), allow:

Source Destination Port Purpose

TSOC Target Windows endpoints 445

DeceptionGrid Installation Guide, © TrapX 9

 DeceptionGrid Hardware Appliance

Source Destination Port Purpose

139 SMB/PSEXEC
135 RPC
Dynamic ports assigned by RPC for WMI
Target Linux endpoints 22 or custom SSH/SFTP
Target endpoints TSOC 6443 HTTPS
Token Endpoint Requirements

• Some endpoint security products may block deception token distribution. In this case,
configure the security product to trust (whitelist) the following processes, by name or
by MD5. You can use standard tools to obtain the MD5s, but be aware that it may
change upon TrapX product upgrades.
• Windows endpoints:
• [Link]
• [Link]
• [Link]
• [Link]
• (For TSOC distribution) [Link]
• Linux endpoints: [Link]
• Mac endpoints: endpnt
• On Windows endpoints the logged-on user must be able to run PowerShell scripts,
and the PowerShell Language Mode must be: FullLanguage .

Installing DeceptionGrid Appliance on a Physical

Appliance
To install:
1. Make sure that Appliance Prerequisites on page 7 are met.
2. If necessary, update the Appliance BIOS firmware.
3. Adjust BIOS clock to current time.
4. From the provided download link, download the ISO image and its MD5 checksum,
verify the image's checksum, and burn it onto a DVD.
5. Only on Dell PowerEdge (not Nexcom) 1 Gbps (not 10 Gbps) models, in BIOS device
settings disable the embedded onboard NIC ports, leaving active only the Intel quad-
port NIC.
6. Make sure your server’s BIOS boot sequence settings prioritize DVD (or external
USB-connected DVD drive) as the first boot order.
7. Insert the DVD into the optical drive and boot from the DVD.
8. Press Enter to start and go through the installation wizard:

DeceptionGrid Installation Guide, © TrapX 10

 DeceptionGrid Hardware Appliance

9. Select the location:

Use up/down arrow keys to navigate, and Tab to select. More countries are available
under other.
Press Enter and continue through the wizard pages.

DeceptionGrid Installation Guide, © TrapX 11

 DeceptionGrid Hardware Appliance

10. If the Appliance has a 10 GbE network card, the Detect network hardware window
may appear. In this case select No network driver (the first option; the driver will be
automatically selected and installed correctly).
When installation is complete, reboot is required.
The installation procedure records a log in: /root/sensor_install.log . As root user,
you can check the log for errors.
11. Log in as user: setup , password: Log2Setup . Follow prompts to configure Appliance
identity (Group ID and Appliance ID), connection to TSOC (Management Server IP
Address), and eth0 (management interface) networking.
Note: For the Appliance eth0 management interface, setting a Static IP will enable
configuring multiple emulation traps in the management network. If set to
DHCP, only a single emulation trap will be enabled.

When complete, reboot.

12. Log into TSOC's web interface, configure licensing and other settings, and initialize
Appliances, as in the DeceptionGrid Administration Guide. In production
environments, make sure to follow the recommendations there for Securing
DeceptionGrid.

DeceptionGrid Installation Guide, © TrapX 12

 DeceptionGrid in VMWare

DeceptionGrid in VMWare
This section provides information on setting up TSOC and DeceptionGrid Appliances in
VMWare ESXi.

In This Section
VMWare Prerequisites .....................................................................13
Deploying DeceptionGrid Components in VMWare ........................15

VMWare Prerequisites
Before importing guest images, prepare the following requirements.
Infrastructure Requirements
The TSOC and Appliance guest images use the following:

Item TSOC Appliance

Infrastructure VMware ESXi 5.5 or above
CPUs Minimum: 2 4
Recommended: 4
For >1000 traps: 6
RAM 16 GB Minimum: 8 GB
For >1000 traps: 18 GB For >100 VLANs or >200 traps: 16 GB
Disk capacity 500 GB 40 GB
Network One virtual 1Gigabit 4 virtual Ethernet controllers (for NIS - 10GB not
Ethernet controller supported)
An Appliance supports up to 512 traps across up to 200 networks (including VLANs). To deploy
more than 512 traps or to more than 200 networks, or to deploy traps in separate locations,
deploy multiple Appliances.
TSOC supports up to 5000 traps.
Network Connections
TSOC has a single network interface, which during deployment should be connected to the
same network to which the Appliance's eth0 management interface is connected.
Appliance network connections should be as follows:

• eth0: Connected to management network. For TSOC communications, and optionally

for emulation traps in management network
• eth1: For Network Intelligence Sensor (NIS) monitoring (optional), connected to a
port-mirroring perimeter device, and configured for Promiscuous mode (see the
DeceptionGrid Administration Guide).
Note: 10GB NIC is not supported for NIS.

• eth2, eth3: For emulation trap interfaces, as needed connect to a network trunk to
monitor VLANs (recommended) or to a specific network to be monitored

DeceptionGrid Installation Guide, © TrapX 13

 DeceptionGrid in VMWare

Note: Make sure that the management network, that is connected to eth0, is not
connected to the trunk that is connected to eth2 / eth3.

For example, connect eth2 to a network trunk and eth3 to an additional single network:

Organizational Network (Firewall) Requirements

DeceptionGrid operations require organizational firewalls and other network devices to allow
the following network traffic:

Source Destination Port Purpose

Appliance TSOC 5443 Event data, file transfers
(management and trap management
interface)
8443 Software updates
Internal DNS 53 Reverse lookup
Full OS trap TSOC 9443 Event data
8443 File transfers
7443 Trap management
TSOC users TSOC 8443 Console
TSOC Malware sandbox. According to sandbox Send malware samples to
For default TrapX-provided requirements. sandbox
sandbox: [Link] For default TrapX-
provided sandbox: 443
[Link] 443 Update server
[Link] 443 License manager
[Link] 443 Attack Intelligence
[Link] 443 VirusTotal
Token TSOC 6443 Deception token
endpoints connected distribution /
deployment tracking

DeceptionGrid Installation Guide, © TrapX 14

 DeceptionGrid in VMWare

In addition, to distribute deception tokens directly from TSOC (rather than externally), allow:

Source Destination Port Purpose

TSOC Target Windows endpoints 445
139 SMB/PSEXEC
135 RPC
Dynamic ports assigned by RPC for WMI
Target Linux endpoints 22 or custom SSH/SFTP
Target endpoints TSOC 6443 HTTPS
Token Endpoint Requirements

• Some endpoint security products may block deception token distribution. In this case,
configure the security product to trust (whitelist) the following processes, by name or
by MD5. You can use standard tools to obtain the MD5s, but be aware that it may
change upon TrapX product upgrades.
• Windows endpoints:
• [Link]
• [Link]
• [Link]
• [Link]
• (For TSOC distribution) [Link]
• Linux endpoints: [Link]
• Mac endpoints: endpnt
• On Windows endpoints the logged-on user must be able to run PowerShell scripts,
and the PowerShell Language Mode must be: FullLanguage .

Deploying DeceptionGrid Components in VMWare

DeceptionGrid for VMWare ESXi is provided [Link] archives: one for TSOC and one for
Appliances. Extract the archives; each should contain the following file types:

• .mf
• .ovf
• .vmdk
The procedure for deploying TSOC and Appliances is the same.
To deploy a DeceptionGrid component (TSOC or Appliance) in VMWare ESXi:
1. Make sure to meet VMWare Prerequisites on page 13.
2. Using VMware vSphere Client, log into ESXi.
3. Go to File > Deploy OVF Template, and import the provided .ovf file for the relevant
DeceptionGrid component.

DeceptionGrid Installation Guide, © TrapX 15

 DeceptionGrid in VMWare

4. Go through and complete the deployment wizard. Make sure you specify a name
and location for the deployed VM.
5. Connect the deployed VM's interface(s) to networks as in Network Connections on
page 13.
6. On each imported component (TSOC, and each Appliance), log in as user: setup,
password: Log2Setup . Follow prompts to configure (depending on component):
TSOC Administration Menu (mng user) password, Appliance identity (Group ID and
Appliance ID), connection to TSOC (Management Server IP Address), and eth0
(management interface) networking.
Note: For the Appliance eth0 management interface, setting a Static IP will enable
configuring multiple emulation traps in the management network. If set to
DHCP, only a single emulation trap will be enabled.

When complete, reboot.

7. Log into TSOC's web interface, configure licensing and other settings, and initialize
Appliances, as in the DeceptionGrid Administration Guide. In production
environments, make sure to follow the recommendations there for Securing
DeceptionGrid.

DeceptionGrid Installation Guide, © TrapX 16

 DeceptionGrid in Hyper-V

DeceptionGrid in Hyper-V
This section provides information on setting up TSOC and DeceptionGrid Appliances in
Microsoft Hyper-V.

In This Section
Hyper-V Prerequisites ......................................................................17
Deploying TSOC in Hyper-V ..............................................................19
Deploying DeceptionGrid Appliances in Hyper-V ............................23

Hyper-V Prerequisites
Before importing the guest images, prepare the following requirements:
Infrastructure Requirements
The TSOC and Appliance guest images use the following:

Item TSOC Appliance

Infrastructure Microsoft Hyper-V Server 2012 R2 or above *
CPUs Minimum: 2 4
Recommended: 4
For >1000 traps: 6
RAM 16 GB Minimum: 8 GB
For >1000 traps: 18 GB For >100 VLANs or >200 traps: 16 GB
Disk capacity 500 GB 40 GB
Network One virtual 1Gigabit 4 virtual Ethernet controllers (for NIS, 10GB not
Ethernet controller supported)
Note: *For earlier Hyper-V versions, please contact TrapX support.

An Appliance supports up to 512 traps across up to 200 networks (including VLANs). To deploy
more than 512 traps or to more than 200 networks, or to deploy traps in separate locations,
deploy multiple Appliances.
TSOC supports up to 5000 traps.
Network Connections
TSOC has a single network interface, which during deployment should be connected to the
same network to which the Appliance's eth0 management interface is connected.
Appliance network connections should be as follows:

• eth0: Connected to management network. For TSOC communications, and optionally

for emulation traps in management network
• eth1: For Network Intelligence Sensor (NIS) monitoring (optional), connected to a
port-mirroring perimeter device, and configured for Promiscuous mode (see the
DeceptionGrid Administration Guide).
Note: 10GB NIC is not supported for NIS.

DeceptionGrid Installation Guide, © TrapX 17

 DeceptionGrid in Hyper-V

• eth2, eth3: For emulation trap interfaces, as needed connect to a network trunk to
monitor VLANs (recommended) or to a specific network to be monitored
Note: Make sure that the management network, that is connected to eth0, is not
connected to the trunk that is connected to eth2 / eth3.

For example, connect eth2 to a network trunk and eth3 to an additional single network:

Organizational Network (Firewall) Requirements

DeceptionGrid operations require organizational firewalls and other network devices to allow
the following network traffic:

Source Destination Port Purpose

Appliance TSOC 5443 Event data, file transfers
(management and trap management
interface)
8443 Software updates
Internal DNS 53 Reverse lookup
Full OS trap TSOC 9443 Event data
8443 File transfers
7443 Trap management
TSOC users TSOC 8443 Console
TSOC Malware sandbox. According to sandbox Send malware samples to
For default TrapX-provided requirements. sandbox
sandbox: [Link] For default TrapX-
provided sandbox: 443
[Link] 443 Update server
[Link] 443 License manager
[Link] 443 Attack Intelligence
[Link] 443 VirusTotal

DeceptionGrid Installation Guide, © TrapX 18

 DeceptionGrid in Hyper-V

Source Destination Port Purpose

Token TSOC 6443 Deception token
endpoints connected distribution /
deployment tracking
In addition, to distribute deception tokens directly from TSOC (rather than externally), allow:

Source Destination Port Purpose

TSOC Target Windows endpoints 445
139 SMB/PSEXEC
135 RPC
Dynamic ports assigned by RPC for WMI
Target Linux endpoints 22 or custom SSH/SFTP
Target endpoints TSOC 6443 HTTPS
Token Endpoint Requirements

• Some endpoint security products may block deception token distribution. In this case,
configure the security product to trust (whitelist) the following processes, by name or
by MD5. You can use standard tools to obtain the MD5s, but be aware that it may
change upon TrapX product upgrades.
• Windows endpoints:
• [Link]
• [Link]
• [Link]
• [Link]
• (For TSOC distribution) [Link]
• Linux endpoints: [Link]
• Mac endpoints: endpnt
• On Windows endpoints the logged-on user must be able to run PowerShell scripts,
and the PowerShell Language Mode must be: FullLanguage .

Deploying TSOC in Hyper-V

TSOC for Hyper-V is provided as a set of two VHD disk images.
To deploy TSOC in Hyper-V:
1. Make sure prerequisites are met (see Hyper-V Prerequisites on page 17).
2. In Hyper-V Manager, under Actions, go to New > Virtual Machine:

DeceptionGrid Installation Guide, © TrapX 19

 DeceptionGrid in Hyper-V

Begin going through the New Virtual Machine Wizard.

3. In the Specify Generation page (Windows 2012 only), select Generation 1:

4. In the Assign Memory page, set memory to 16000 MB:

5. In the Configure Networking page, select the virtual switch to use for management:

DeceptionGrid Installation Guide, © TrapX 20

 DeceptionGrid in Hyper-V

6. In the Connect Virtual Hard Disk page, select Use an existing virtual hard disk, and
Browse to the provided root VHD image:

Complete the wizard.

7. Right-click the created VM and select Settings:

8. Select Processor and set 2 processors:

DeceptionGrid Installation Guide, © TrapX 21

 DeceptionGrid in Hyper-V

Click Apply.
9. Select IDE Controller > Hard Drive and click Add:

10. Browse to the provided data VHD image:

DeceptionGrid Installation Guide, © TrapX 22

 DeceptionGrid in Hyper-V

Click OK.
11. Start the VM and connect to it. Log in as user: setup , password: Log2Setup . Follow
prompts to configure TSOC Administration Menu (mng user) password, and
networking. When complete, reboot.

Deploying DeceptionGrid Appliances in Hyper-V

DeceptionGrid Appliance for Hyper-V is provided as a VHD disk image.
To deploy a DeceptionGrid appliance in Hyper-V:
1. Make sure prerequisites are met (see Hyper-V Prerequisites on page 17).
2. In Hyper-V Manager, under Actions, go to New > Virtual Machine:

DeceptionGrid Installation Guide, © TrapX 23

 DeceptionGrid in Hyper-V

Begin going through the New Virtual Machine Wizard.

3. In the Specify Generation page (Windows 2012 only), select Generation 1:

4. In the Assign Memory page, set memory to 8192 MB:

5. Configure Networking. For now just select the virtual switch to use for management
(you'll add other interfaces later):

6. In the Connect Virtual Hard Disk page, select Use an existing virtual hard disk, and
Browse to the provided Appliance VHD image:

DeceptionGrid Installation Guide, © TrapX 24

 DeceptionGrid in Hyper-V

7. Complete the wizard.

8. Right-click the created VM and select Settings:

9. Select Processor and set 4 processors:

Click Apply.
10. Select Advanced Features > Enable MAC address spoofing:

DeceptionGrid Installation Guide, © TrapX 25

 DeceptionGrid in Hyper-V

11. Add three network adapters, to a total of four. To add each adapter, select Add
Hardware > Network Adapter > Add:

Click OK.
12. Start the VM, and log in to the Appliance as user: setup , password: Log2Setup .
Follow prompts to configure Appliance identity (Group ID and Appliance ID),

DeceptionGrid Installation Guide, © TrapX 26

 DeceptionGrid in Hyper-V

connection to TSOC (Management Server IP Address), and eth0 (management

interface) networking.
Note: For the Appliance eth0 management interface, setting a Static IP will enable
configuring multiple emulation traps in the management network. If set to
DHCP, only a single emulation trap will be enabled.

When complete, reboot.

13. Log into TSOC's web interface, configure licensing and other settings, and initialize
Appliances, as in the DeceptionGrid Administration Guide. In production
environments, make sure to follow the recommendations there for Securing
DeceptionGrid.
14. In TSOC, go to Appliances > Appliance > Configuration > Settings, and set the
Platform to Hyper-V. Click Apply.

DeceptionGrid Installation Guide, © TrapX 27

 DeceptionGrid in KVM

DeceptionGrid in KVM
This section provides information on setting up TSOC and DeceptionGrid Appliances in Kernel-
based Virtual Machines (KVM) environments.

In This Section
KVM Prerequisites ............................................................................28
KVM Bridge Configuration ................................................................30
Importing Guest Images to KVM ......................................................33

KVM Prerequisites
Before importing the guest images, prepare the following requirements.
Infrastructure Requirements
The TSOC and Appliance guest images use the following:

Item TSOC Appliance

Infrastructure KVM (tested OSs: CentOS 6.x, 7; Ubuntu 14.0, 16.04)
CPUs Minimum: 2 4
Recommended: 4
For >1000 traps: 6
RAM 16 GB Minimum: 8 GB
For >1000 traps: 18 GB For >100 VLANs or >200 traps: 16 GB
Disk capacity Root: 20 GB 10 GB
Data: 500 GB
Network One virtual 1Gigabit 4 virtual 1 Gigabit Ethernet controllers
Ethernet controller
Bridge configuration examples are available (see KVM Bridge Configuration on page 30).
An Appliance supports up to 512 traps across up to 200 networks (including VLANs). To deploy
more than 512 traps or to more than 200 networks, or to deploy traps in separate locations,
deploy multiple Appliances.
TSOC supports up to 5000 traps.
Network Connections
TSOC has a single network interface, which during deployment should be connected to the
same network to which the Appliance's eth0 management interface is connected.
Appliance network connections should be as follows:

• eth0: Connected to management network. For TSOC communications, and optionally

for emulation traps in management network
• eth1: For Network Intelligence Sensor (NIS) monitoring (optional), connected to a
port-mirroring perimeter device, and configured for Promiscuous mode (see the
DeceptionGrid Administration Guide).

DeceptionGrid Installation Guide, © TrapX 28

 DeceptionGrid in KVM

Note: 10GB NIC is not supported for NIS.

• eth2, eth3: For emulation trap interfaces, as needed connect to a network trunk to
monitor VLANs (recommended) or to a specific network to be monitored
Note: Make sure that the management network, that is connected to eth0, is not
connected to the trunk that is connected to eth2 / eth3.

For example, connect eth2 to a network trunk and eth3 to an additional single network:

Organizational Network (Firewall) Requirements

DeceptionGrid operations require organizational firewalls and other network devices to allow
the following network traffic:

Source Destination Port Purpose

Appliance TSOC 5443 Event data, file transfers
(management and trap management
interface)
8443 Software updates
Internal DNS 53 Reverse lookup
Full OS trap TSOC 9443 Event data
8443 File transfers
7443 Trap management
TSOC users TSOC 8443 Console
TSOC Malware sandbox. According to sandbox Send malware samples to
For default TrapX-provided requirements. sandbox
sandbox: [Link] For default TrapX-
provided sandbox: 443
[Link] 443 Update server
[Link] 443 License manager
[Link] 443 Attack Intelligence

DeceptionGrid Installation Guide, © TrapX 29

 DeceptionGrid in KVM

Source Destination Port Purpose

[Link] 443 VirusTotal
Token TSOC 6443 Deception token
endpoints connected distribution /
deployment tracking
In addition, to distribute deception tokens directly from TSOC (rather than externally), allow:

Source Destination Port Purpose

TSOC Target Windows endpoints 445
139 SMB/PSEXEC
135 RPC
Dynamic ports assigned by RPC for WMI
Target Linux endpoints 22 or custom SSH/SFTP
Target endpoints TSOC 6443 HTTPS
Token Endpoint Requirements

• Some endpoint security products may block deception token distribution. In this case,
configure the security product to trust (whitelist) the following processes, by name or
by MD5. You can use standard tools to obtain the MD5s, but be aware that it may
change upon TrapX product upgrades.
• Windows endpoints:
• [Link]
• [Link]
• [Link]
• [Link]
• (For TSOC distribution) [Link]
• Linux endpoints: [Link]
• Mac endpoints: endpnt
• On Windows endpoints the logged-on user must be able to run PowerShell scripts,
and the PowerShell Language Mode must be: FullLanguage .

KVM Bridge Configuration

To meet infrastructure requirements (see KVM Prerequisites on page 28), make the following
connections on the KVM host:

Bridge Type Configuration Switch Port DeceptionGrid Appliance

Configuration Interface

Management Access Mode on the eth0

Network management network

Port monitoring Promiscuous Port Mirror eth1

Mode

DeceptionGrid Installation Guide, © TrapX 30

 DeceptionGrid in KVM

Bridge Type Configuration Switch Port DeceptionGrid Appliance

Configuration Interface

VLAN trunk Promiscuous VLAN Trunk eth2 and/or eth3

Mode
Port Monitoring and VLAN trunk bridges have the same configuration, since both require
promiscuous mode.
The following are several examples of what the interface and bridge files might look like:
Management Network Bridge, CentOS
Configuration File: /etc/sysconfig/network-scripts/ifcfg-eth0
NAME=eth0
DEVICE=eth0
HWADDR=[Link]
TYPE=Ethernet
UUID=908546ff-9099-462d-8c61-74065684f4ce
ONBOOT=yes
BOOTPROTO=none
BRIDGE=virbr0
Configuration File: /etc/sysconfig/network-scripts/ifcfg-virbr0
NAME=virbr0
DEVICE=virbr0
BOOTPROTO=none
ONBOOT=yes
TYPE=Bridge
NM_CONTROLLED=no
IPADDR=[Link]
PREFIX=24
GATEWAY=[Link]
DNS1=[Link]
DEFROUTE=yes
Management Network Bridge, Ubuntu
Configuration File: /etc/network/interfaces.d/br0
auto br0
iface br0 inet static
address [Link]

DeceptionGrid Installation Guide, © TrapX 31

 DeceptionGrid in KVM

netmask [Link]
dns-nameservers [Link]
gateway [Link]
bridge_ports eth0
bridge_stp off
bridge_maxwait 0
Port Monitoring / VLAN Trunk Bridges, CentOS
Configuration File: /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=[Link]
TYPE=Ethernet
UUID=609628c6-11a8-4ad4-a64c-b1982767c421
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
BRIDGE=virbr1
Configuration File: /etc/sysconfig/network-scripts/ifcfg-virbr1
NAME=virbr1
DEVICE=virbr1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=[Link]
NETMASK=[Link]
NETWORK=[Link]
NOZEROCONF=yes
IPV6INIT=no
Port Monitoring / VLAN Trunk Bridges, Ubuntu
Configuration File: /etc/network/interfaces.d/br1
auto br1
iface br1 inet manual
bridge_ports eth1
bridge_stp off
bridge_maxwait 0

DeceptionGrid Installation Guide, © TrapX 32

 DeceptionGrid in KVM

Importing Guest Images to KVM

DeceptionGrid for KVM is supplied as three guest images in qcow2 format: two images for
TSOC (root + data), and one image for DeceptionGrid Appliances.
To import DeceptionGrid component guest images:
1. Make sure prerequisites are met (see KVM Prerequisites on page 28).
2. Place the provided qcow2 files in appropriate KVM data store locations. For multiple
Appliances, create renamed copies of the Appliance file (make sure to copy from an
original file as provided, not from a live Appliance).
3. To import TSOC, on KVM run virt-install with the following arguments:
• --connect qemu:///system
In clustered environments you may need to replace system with a relevant KVM
hypervisor.
• --ram 16384
• --name TSOC
• --network bridge=virbr0
Replace virbr0 with the correct parameter for the management network.
• --os-type=linux
• --disk path=<path>/tsoc <ver> root.qcow2,device=disk,format=qcow2
Replace <path> and <ver> according to relevant location and image filename.
• --disk path=<path>/tsoc <ver> data.qcow2,device=disk,format=qcow2
Replace <path> and <ver> according to relevant location and image filename.
• --vcpus=4
• --graphics vnc,port=5901,listen=[Link]
The above argument configures a console listening port (for example, for the
TSOC Setup wizard and Administration menu). Replace 5901 with an available
listening port (make sure not to use the same port as for another DeceptionGrid
component). In most cases it is recommended to leave [Link] as is to listen on
all available interfaces.
• --noautoconsole
• --import
For example:
virt install --connect qemu:///system --ram 4096 --
name TSOC --network bridge=virbr0 --os-type=linux --
disk path=/var/lib/libvirt/images/tsoc-1.0-
root.qcow2,device=disk,format=qcow2 --
disk path=/var/lib/libvirt/images/tsoc-1.0-
data.qcow2,device=disk,format=qcow2 --vcpus=2 --
graphics vnc,port=5901,listen=[Link] --noautoconsole --
import

DeceptionGrid Installation Guide, © TrapX 33

 DeceptionGrid in KVM

4. To import a DeceptionGrid Appliance, on KVM run virt-install with the

following arguments:
--connect qemu:///system
In clustered environments you may need to replace system with a relevant KVM
hypervisor.
--ram 16384
--name Appliance1
Change Appliance1 to a relevant unique name.
--network bridge=virbr0 --network bridge=virbr1 --
network bridge=virbr2 --network bridge=virbr2
Replace virbr0 with the correct parameter for the management network; virbr1 with
the correct parameter for NIS port-mirroring; and the 2 virbr2s with VLAN trunk /
intranet for emulation trap interfaces.
--os-type=linux
--
disk path=<path>/appliance <ver> root.qcow2,device=disk,form
at=qcow2
Replace <path> and <ver> according to relevant location and image filename.
--vcpus=4
--graphics vnc,port=5900,listen=[Link]
The above argument configures a console listening port (for example, for the TSOC
Setup wizard and Administration menu). Replace 5900 with an available listening
port (make sure not to use the same port as for another DeceptionGrid component).
In most cases it is recommended to leave [Link] as is to listen on all available
interfaces.
--noautoconsole
--import
For example:
virt-install --connect qemu:///system --ram 2048 --
name Appliance1 --network bridge=virbr0 --
network bridge=virbr1 --network bridge=virbr2 --
network bridge=virbr2 --os type=linux --
disk path=/var/lib/libvirt/images/appliance-
1.0.qcow2,device=disk,format=qcow2 --vcpus=2 --
graphics vnc,port=5900,listen=[Link] --noautoconsole --
import
5. On each imported component (TSOC, and each Appliance), log in as user: setup ,
password: Log2Setup . Follow prompts to configure (depending on component):
TSOC Administration Menu (mng user) password, Appliance identity (Group ID and
Appliance ID), connection to TSOC (Management Server IP Address), and eth0
(management interface) networking.
Note: For the Appliance eth0 management interface, setting a Static IP will enable
configuring multiple emulation traps in the management network. If set to
DHCP, only a single emulation trap will be enabled.

DeceptionGrid Installation Guide, © TrapX 34

 DeceptionGrid in KVM

When complete, reboot.

6. Log into TSOC's web interface, configure licensing and other settings, and initialize
Appliances, as in the DeceptionGrid Administration Guide. In production
environments, make sure to follow the recommendations there for Securing
DeceptionGrid.

DeceptionGrid Installation Guide, © TrapX 35

 DeceptionGrid in AWS EC2

DeceptionGrid in AWS EC2

This section provides information on setting up TSOC and DeceptionGrid Appliances in
Amazon Web Service (AWS) Elastic Compute Cloud (EC2) environments.

In This Section
AWS EC2 Prerequisites .....................................................................36
Token Endpoint Requirements.........................................................36
Creating DeceptionGrid EC2 Instances.............................................37

AWS EC2 Prerequisites

For deployment in EC2, your TrapX sales representative or reseller will share with you two
Amazon Machine Images (AMIs), for TSOC and TrapX Appliances respectively. Make sure the
AMIs are shared with your Amazon account ID specifically for your relevant Amazon region.
The EC2 instances launched from the provided AMIs will consume the following resources.
Note that this may accordingly affect Amazon pricing.

Component Instance type Interfaces CPUs RAM EBS storage

TSOC [Link] 1 4 16 GB Root 20GB
Data 500GB
Appliance [Link] Up to 3 interfaces x up to 10 IPs * 2 15.25 GB 40 GB
[Link] Up to 4 interfaces x up to 15 IPs * 4 16 GB
* Includes a single IP address on the eth0 interface connected to management network, for
TSOC communications; and additional IP addresses for emulation traps in interfaces’
respective subnets. In total, [Link] enables up to 29 traps in 3 subnets, and [Link] enables
up to 59 traps in 4 subnets.
For more information on EC2 instance types and Amazon pricing, see Amazon’s list:
[Link]/ec2/pricing/on-demand/

Token Endpoint Requirements

• Some endpoint security products may block deception token distribution. In this case,
configure the security product to trust (whitelist) the following processes, by name or
by MD5. You can use standard tools to obtain the MD5s, but be aware that it may
change upon TrapX product upgrades.
• Windows endpoints:
• [Link]
• [Link]
• [Link]
• [Link]
• (For TSOC distribution) [Link]
• Linux endpoints: [Link]
DeceptionGrid Installation Guide, © TrapX 36
 DeceptionGrid in AWS EC2

• Mac endpoints: endpnt

• On Windows endpoints the logged-on user must be able to run PowerShell scripts,
and the PowerShell Language Mode must be: FullLanguage .

Creating DeceptionGrid EC2 Instances

To create DeceptionGrid instances:
1. Make sure you have all prerequisites as above.
2. To launch a TSOC instance:
a. In the EC2 dashboard, go to AMIs and find the provided TSOC AMI. Right-click it
and select Launch:

b. Select [Link] and click Next:

c. Select the relevant Network (VPC) and Subnet for management. Enable a public
IP only if you might need to manage TSOC from outside the VPC.
Click Next.
d. Storage details are automatically set by the AMI and should not be changed.
Click Next.
e. Optionally add tags according to your management needs.
Click Next.
f. Assign a new or existing security group that allows inbound access over TCP ports
222, 5443, and 8443; for Full OS trap communications - 7443, 8443, and 9443;
and, for deception token connected distribution / deployment tracking - 6443:

DeceptionGrid Installation Guide, © TrapX 37

 DeceptionGrid in AWS EC2

You can safely disregard the warning about port 22 not being open (SSH access
will be over port 222).
g. Click Review and Launch.
If prompted about a key pair, select Proceed without a key pair, acknowledge,
and Launch Instance.
3. To launch a TrapX Appliance instance:
a. In the EC2 dashboard, go to AMIs and find the provided TrapX Appliance AMI.
Right-click it and select Launch.
b. Select [Link] or [Link] and click Next.
c. Select the relevant Network (VPC) and Subnet for management. Enable a public
IP only if you want traps to monitor external connections from the internet.
d. You need to add interfaces for your network’s subnets, and to each interface add
IP addresses to be used for traps in the interface’s subnet. You can add the
interfaces and IP addresses in one of the following ways:
• Later on, after launch, as below.
• Now, from the launch wizard (not available if you enabled a public IP address):
Still in the Configure Instance page, under Network interfaces (below), add
interfaces by clicking Add Device, and to each interface Add IP addresses.
The number of interfaces and IP addresses is limited by the instance type you
selected.
e. Storage details are automatically set by the AMI and should not be changed.
Click Next.
f. Optionally add tags according to your management needs.
Click Next.
g. Assign a new or existing security group that allows all inbound access (ports 0-
65535).
h. Click Review and Launch.
If prompted about a key pair, select Proceed without a key pair, acknowledge,
and Launch Instance.
4. If you haven’t yet added interfaces and IP addresses as above:
a. Go to Network Interfaces, and Create Network Interfaces for your network’s
subnets:

DeceptionGrid Installation Guide, © TrapX 38

 DeceptionGrid in AWS EC2

b. To then attach each interface to the instance, right-click the interface and select
Attach, select the Appliance instance and click Attach.
c. Reboot the Appliance instance (required after attaching interfaces).
d. To then add IP addresses to each interface (to be later assigned in TSOC to
subinterfaces), right-click the interface and select Manage IP Addresses. Click
Assign New IP as needed, and then click Yes, Update:

The number of interfaces and IP addresses is limited by the instance type you
selected.
5. On TSOC and on each Appliance, log in as user: setup , password: Log2Setup . Follow
prompts to configure (depending on component): TSOC Administration Menu (mng
user) password, Appliance identity (Group ID and Appliance ID), connection to TSOC
(Management Server IP Address), and networking. When complete, reboot.
Note: For the Appliance eth0 management interface, make sure to select DHCP.

6. To enable trap deployment on eth1:

DeceptionGrid Installation Guide, © TrapX 39

 DeceptionGrid in AWS EC2

a. In the Appliance’s Administration menu (PDMenu; see the DeceptionGrid

Administration Guide) go to Network Configuration > Configure VLANs.
b. Enter 1 and eth1, disable VLAN support and DHCP, and provide the relevant IP
settings.
For example:

7. Log into TSOC's web interface, configure licensing and other settings, and initialize
Appliances, as in the DeceptionGrid Administration Guide. In production
environments, make sure to follow the recommendations there for Securing
DeceptionGrid.
8. In TSOC, configure interfaces and traps as in the DeceptionGrid Security Deployment
Guide. Make sure to assign IP addresses as appearing in the AWS console.

DeceptionGrid Installation Guide, © TrapX 40

 DeceptionGrid in MS Azure

DeceptionGrid in MS Azure
This section provides information on setting up TSOC and DeceptionGrid Appliances in
Microsoft Azure environments.

In This Section
Azure Prerequisites ..........................................................................41
Token Endpoint Requirements.........................................................41
Creating DeceptionGrid Azure VMs .................................................41

Azure Prerequisites
For deployment in Azure, TrapX provides three VHD disk images: two for TSOC and one for
DeceptionGrid Appliances. The Azure VMs created from the provided images will consume
resources according to the following supported instance types. Note that this may accordingly
affect Microsoft pricing.

Component Instance type Interfaces CPUs RAM Storage

TSOC B4ms 1 4 16 GB Root: 20GB
Data: 500GB
Appliance B2ms Up to 3 2 8 GB 40 GB
B4ms Up to 4 4 16 GB

Token Endpoint Requirements

• Some endpoint security products may block deception token distribution. In this case,
configure the security product to trust (whitelist) the following processes, by name or
by MD5. You can use standard tools to obtain the MD5s, but be aware that it may
change upon TrapX product upgrades.
• Windows endpoints:
• [Link]
• [Link]
• [Link]
• [Link]
• (For TSOC distribution) [Link]
• Linux endpoints: [Link]
• Mac endpoints: endpnt
• On Windows endpoints the logged-on user must be able to run PowerShell scripts,
and the PowerShell Language Mode must be: FullLanguage .

Creating DeceptionGrid Azure VMs

To create DeceptionGrid VMs in Azure:

DeceptionGrid Installation Guide, © TrapX 41

 DeceptionGrid in MS Azure

1. For deployment in Azure, TrapX provides three VHD disk images: two for TSOC and
one for DeceptionGrid Appliances. To enable TrapX support to copy the images into
your deployment, you'll need to provide access to a Storage Account in your
deployment, as follows:
a. In Azure, create a Storage Account that can store Blobs (not a file-only account).
b. In the Storage Account, under Settings click Access keys, and under key1 copy the
Account Key:

Save the copied key.

c. In the Storage Account, create a Container.
d. In the Container, under Settings click Properties, and copy the Container URL:

e. Send the copied key and URL to TrapX support and request they copy the required
images to your Container.
2. For each of the three VHD images:
a. In Azure, go to All services > Compute > Disks (not Disks classic!) > Add, and
configure the details of a new managed disk:

DeceptionGrid Installation Guide, © TrapX 42

 DeceptionGrid in MS Azure

Select a relevant Resource group (same for whole TrapX deployment), and
provide an informative name and other details.
b. By Source type select Storage blob, and by Source blob Browse to the uploaded
VHD image.
c. By OS type, select:
• For TSOC root and for Appliance: Linux
• For TSOC data: None
d. By Size, Change size to:
• For TSOC root: 20
• For TSOC data: 500
• For Appliance: 40
Click OK.
e. Click Review + create, and Create. Wait until the new disk appears with Status of
OK (not just Accepted).
3. It is recommended at this point to create backup snapshots of all three of the above-
created managed disks, in case any of them becomes corrupted during the following
steps, as can happen in the Azure environment.
To do this, go to All services > Compute > Disks, select the disk and click Create
snapshot. Configure its details and click Create.
4. To create the TSOC VM:
a. In Disks, select the TSOC root disk and click Create VM:

b. In the Basics page:

• Select the above Resource group and provide an appropriate name.
• By Size, Select B4ms.
DeceptionGrid Installation Guide, © TrapX 43
 DeceptionGrid in MS Azure

c. In the Disks page, click Attach an existing disk, and select the TSOC data disk.
d. In the Networking page:
• Select the relevant Virtual network and Subnet for managing TSOC.
If you'll be accessing TSOC from outside the Azure environment, set a Public
IP.
• Select Advanced and select (if necessary - Create new) a network security
group that allows inbound access over TCP ports 222, 5443, and 8443; for Full
OS trap communications - 7443, 8443, and 9443; and, for deception token
connected distribution / deployment tracking - 6443.
Note: You may later change the IP address in Azure to Static (keeping the same
IP address). However, do not do this before going through the Setup
wizard as below.

e. In the Management page, everything should be Off. In the Advanced page, do not
configure anything.
f. Click Review + create, and Create.
5. To create each DeceptionGrid Appliance VM:
a. In Disks, select the Appliance disk and click Create VM:

b. In the Basics page:

• Select the above Resource group and provide an appropriate name.
• By Size, Select one of the supported types as above.
• Leave Inbound Port Rules as None.
c. In the Networking page:
• Select the Virtual network and Subnet through which the Appliance will be
managed by TSOC. These settings will apply to the Appliance's eth0 interface.
• Set a Public IP only if you want any of the Appliance's traps to monitor
external connections from the internet (such as Public Trap); or, if your
TSOC is external to the Azure environment.
• Select Advanced and select (if necessary - Create new) a Network security
group that allows all inbound access (ports 0-65535), for the Appliance's traps
to be able to monitor those ports. Alternatively, you can allow only ports that
traps will monitor.
d. In the Management page, everything should be Off. In the Advanced page, do not
configure anything.
DeceptionGrid Installation Guide, © TrapX 44
 DeceptionGrid in MS Azure

e. Click Review + create, and Create.

f. In Azure All services > Compute > Virtual machines, select the created Appliance
and Stop it (to be able to add interfaces as below).
Wait until the Appliance's Status changes to Stopped (deallocated).
g. Add up to 3 more interfaces. To add each one:
i. In the Appliance virtual machine's page, go to Networking > Attach network
interface > Create network interface:

ii. Name the interface, and select the Subnet that the interface's traps will
monitor.
iii. Click Create. Again click Attach network interface, select the newly-created
interface, and click OK.
iv. Select (if necessary - Create new) a Network security group that allows all
inbound access (ports 0-65535), for the Appliance's traps to be able to
monitor those ports. Alternatively, you can allow only ports that traps will
monitor.
v. Click Create, and OK.
h. To add IP addresses to each interface (to be later assigned in TSOC to
subinterfaces), in the Appliance virtual machine's Networking page click the
interface name and go to IP configurations. Add IPs (Dynamic or Static) as
needed.
i. Start the Appliance virtual machine.
6. On TSOC and on each Appliance, log in as user: setup , password: Log2Setup . Follow
prompts to configure (depending on component): TSOC Administration Menu (mng
user) password, Appliance identity (Group ID and Appliance ID), connection to TSOC
(Management Server IP Address), and networking. When complete, reboot.
Note: For the Appliance eth0 management interface, make sure to select DHCP.

7. To enable trap deployment on eth1:

a. In the Appliance’s Administration menu (PDMenu; see the DeceptionGrid
Administration Guide) go to Network Configuration > Configure VLANs.
b. Enter 1 and eth1, disable VLAN support and DHCP, and provide the relevant IP
settings.
For example:

DeceptionGrid Installation Guide, © TrapX 45

 DeceptionGrid in MS Azure

8. Log into TSOC's web interface, configure licensing and other settings, and initialize
Appliances, as in the DeceptionGrid Administration Guide. In production
environments, make sure to follow the recommendations there for Securing
DeceptionGrid.
9. In TSOC, configure interfaces and traps as in the DeceptionGrid Security Deployment
Guide. Make sure to assign IP addresses as appearing in Azure.

DeceptionGrid Installation Guide, © TrapX 46

Support
Support for TrapX products is provided by TrapX or by an authorized TrapX Service Partner.
More information and technical support for TrapX products are available at:

• [Link]/portal
• support@[Link]
• Americas: 1-855-249-4453
EMEA & Asia Pacific: +44-208-819-9849

Documentation Feedback
TrapX Security continually strives to produce high quality documentation. If you have any
comments, please contact Documentation@[Link].

About TrapX Security®

TrapX Security is the pioneer and global leader in cyber deception technology, with flagship
solution DeceptionGrid effectively detecting, deceiving, and defeating advanced cyber attacks
and human attackers in real-time. DeceptionGrid provides automated, highly accurate insight
into malicious activity unseen by other types of cyber defenses. Deploying DeceptionGrid
sustains a proactive security posture, fundamentally halting the progression of an attack.
DeceptionGrid changes cyber-attack economics by shifting the cost to the attacker.
The TrapX Security customer base includes worldwide Forbes Global 2000 commercial and
government customers in key industries including defense, healthcare, finance, energy, and
consumer products. Learn more at [Link] .

Disclaimer
Product specifications are subject to change without notice. This document is believed to be
accurate and reliable at the time of printing. However, due to ongoing product improvements
and revisions, TrapX cannot guarantee accuracy of printed material after the Date Published
nor can it accept responsibility for errors or omissions. Before consulting this document, check
the corresponding Release Notes regarding feature preconditions and/or specific support in
this release. In cases where there are discrepancies between this document and the Release
Notes, the information in the Release Notes supersedes that in this document. Updates to this
document and other documents as well as software files can be obtained by TrapX customers.

Trademarks and Copyright

© Copyright 2022 TrapX Security Ltd. All rights reserved. This document is subject to change
without notice. TrapX, TrapX Security, DeceptionGrid and CryptoTrap are trademarks or
registered trademarks of TrapX Security in the United States and other countries. Other
trademarks used in this document are the property of their respective owners.
Updated 25/1/22

DeceptionGrid Installation Guide, © TrapX 47