analyzing network infrastructure with neo4j
TRANSCRIPT
NEO4JANALYZING NETWORK INFRASTRUCTURE WITH
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
WHY?
▸ Visual analysis is more natural than textual analysis
▸ Because graphs are the most efficient and natural way of working with data
▸ Big network infrastructure is headache for System Administrators and DevOps
▸ Firewall rules are forgotten
▸ No one knows about traffic type between hosts
▸ What is this shit, «gocheck» service? o_O
▸ And because it is fun :)
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOW?
▸ Install Neo4j
▸ Collect needed data from hosts
▸ Parse data
▸ Load data into Neo4j
▸ Analyze! :)
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
BENEFITS
▸ Relationships with direction between hosts based on:
▸ Firewall rules
▸ Traffic
▸ Services that installed on each host with ability to:
▸ View all hosts that contain concrete service
▸ Check service usage (based on traffic or firewall rules)
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
BENEFITS
▸ Ability to find cases like:
▸ Forgotten firewall rules based on rule and traffic analyze
▸ Network services without rule or traffic to it (with loopback of course)
▸ Unused traffic (for example Zabbix agents without Zabbix endpoint)
▸ Ability to find and prevent security breaches like:
▸ Open SSH to whole internet (0.0.0.0/0)
▸ Vulnerable services with open ports
▸ And etc :)
WITH SYSTEM OVERVIEW
EXAMPLES AND CODE
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J ТЕКСТ
DATA COLLECTING
stasiand
Host 1
Host 2
Host N
iptables, netstat, tcpdump
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
DATA PARSING
▸ Data readers for each data format
▸ IpTables
▸ Netstat
▸ Tcpdump
▸ Import controller (Neo4jImporter)
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
DATA PARSING
▸ Reader interface (for IoC container) with default realization
▸ Parser interface
▸ Concrete parser realizations with magic inside :)
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IOC CONTAINER CONFIGURATION
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IMPORT MAGIC!
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IMPORT MAGIC!
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IMPORT MAGIC!
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
CYPHER QUERIES
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
CYPHER QUERIES
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
CYPHER QUERIES
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
FUNNY CIRCLES!
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
OPEN SSH PORTS
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
SSH TRAFFIC
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
SERVICES ON UTILITY
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
INBOUND/OUTBOUND TRAFFIC ON UTILITY
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
FIREWALL RULES ON UTILITY
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOSTS WITH APACHE SERVICE
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOSTS WITH B17 SERVICE TRAFFIC
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOSTS WITH HTTP TRAFFIC
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
EPP TRAFFIC FROM CHECK AVAILABILITY
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
ALL RELATIONS OF SOME RANDOM HOST
ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
ZABBIX TRAPPER TRAFFIC TO HOSTS WITHOUT ZABBIX SERVER
THANKS FOR WATCHING
Yaroslav Lukyanov