Operation¶
Devices¶
Your organization may divide devices into single or multiple groups. Every device may belong exactly to a single group only. Each must be a member of Device group
before they get monitored. Each group provides a security Policy
which is later conditionally applied to them. Whether the device is present on the internal
or external
network makes it active
or inactive
.
It separates the network location into internal
or external
and the biggest role here has the Internal domain
setting which must be defined in the Device group
. If HOS detects the Internal domain
the network location is decided as internal
. Detection is performed by running DNS query for the configured internal domain and receiving the configured answer.
States¶
HOS is constantly monitoring changes on the network interfaces and based on the conditions it changes its states.
Active
All DNS traffic is diverted to DoH server. HOS becomes
Active
when it is connected to the public network, but theInternal domain
is unreachable. This state is used for the danger zones such as public wifi.Inactive
DNS trafic is left intact. This state is used when device can’t connect to the Internet or when it is connected through internal network.
Security¶
In the background HOS uses DNS-over-HTTPs
or DoH
. The Hostname
of the Resolver
is never diverted and is cached. The identification and authenticity is left to the TLS protocol. When device belongs to any Domain
, then all domain names and their subdomains are allowed to reach the DNS servers they route to. HOS uses Win32_NetworkAdapterConfiguration WMI table to get the information.
Service requirements¶
Windows¶
Because HOS must intecept network traffic it requres to run as SYSTEM account. You can query the service by name hos
to see if it started properly. When none or invalid installation token is supplied the service it will stop.
C:\Users\admin>sc query "Whalebone Home Office Security"
SERVICE_NAME: HOS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
On first run HOS also installs windivert
system driver.
score*
C:\Users\admin>sc query windivert type=kernel
SERVICE_NAME: windivert
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Service is configured to recover after crash three times and then stay stopped.
Android¶
The Android app has access to:
Location
precise location (GPS and network-based)
Camera
take pictures and videos (to scan QR code of the Device group from the portal)
Wi-Fi connection information
view Wi-Fi connections
Other
view network connections
connect and disconnect from Wi-Fi
full network access (to create a VPN tunnel to Whalebone Cloud resolvers)
run at startup
Application Firewall Settings¶
Enable TCP port 443 for the Whalebone Home Office Security.exe in the application firewall. To enable it for all network profiles in Windows, adjust following command to let HOS connect to your DoH server (e.g. 185.150.10.71):
If HOS service does not work please ensure that HOS service can connect to hos.whalebone.io and mobileapi.whalebone.io.
netsh advfirewall firewall add rule name="Whalebone Home Office Security" dir=out action=allow program="C:\Program Files (x86)\Whalebone\Home Office Security\Whalebone Home Office Security.exe" enable=yes remoteip=185.150.10.71,LocalSubnet
It is not necessary for the service to listen on port 53, thus there is no requirement for the application firewall to follow.
Additionally, service is listening on TCP endpoint localhost:9000 to provide data endpoint for UI app, and UI app server whosui.exe
listens on TCP endpoint localhost:55221 to render graphical components. Even though these ports are not critical for HOS operation they are relevant for UI app AdminUI.exe
. Please ensure that services are allowed to listen on those local ports as this allows user to have insight into app operation.
Application Logs¶
Service logs can be found at c:\ProgramData\Whalebone\Home Office Security\Logs\
, which contain detailed information about application states and operation. In case you encounther unexpected service behaviour please include this Log folder and/or Config folder along inside your support ticket. Application provides additional information for operation trace, in AdminUI.exe app, Events tab may give you better insight in HOS operation.