Welcome to Mayhem Tips and Tricks series! Our goal is to help you learn about the best features of Mayhem in small bite-size chunks. Today, we will explain the options for deploying Mayhem.
So you want to use Mayhem, but you are not sure where Mayhem is. Look no further! Below are a few considerations to keep in mind when preparing to deploy and install Mayhem.
There are multiple ways that Mayhem can be deployed in your environment. One of them is Software-as-a-Service (SAAS) which resides in the ForAllSecure Google Cloud Platform (GCP). Once you decide on Mayhem-as-a-Service, your dedicated Solutions Architect will build Mayhem in the Google Cloud. As long as you have Internet access, you should be able to reach your Mayhem instance in the Google Cloud.
Connecting to the Mayhem Web User Interface in the Google Cloud normally follows this format:
Since Mayhem is using https, most firewalls allow traffic to and from port 443.
Many customers on the Federal DoD side or Commercial customers with proprietary information often want to install Mayhem on-premise within their secure enclave. If you have dedicated hardware, reach out to your ForAllSecure Solutions Architect to make sure that you have the appropriate amount of CPUs, RAM, and Storage on your bare-metal system for the license you purchased.
Mayhem can be deployed as a standalone system on an air-gapped network. On the DoD side, if you wish to deploy Mayhem into an accredited environment with an Authority to Operate (ATO), we support deploying Mayhem on Red Hat Enterprise Linux (RHEL) with DISA STIGs.
Most DoD organizations already have RHEL in their security baseline.
ForAllSecure also supports deploying Mayhem into VMware ESXi environments. You will need to work with your Mayhem Solutions Architect to ensure that your VMware servers meet the requirements for the license you are purchasing.
If you just want to Plug-n-Fuzz , ForAllSecure can deliver a pre-built Mayhem appliance with either 48-cores or 128-cores (24C/48T, 64C/128T). All the install work is done by ForAllSecure on brand new Dell servers. The servers are configured, Mayhem is installed, and final QA checks for the hardware and software are done by ForAllSecure before the Mayhem appliance is shipped to you.
We hope that you found this Tips and Tricks article helpful.