VISUALIZATION OF NETWORK SECURITY CONFIGURATION

Scott Lee - Central Alabama Electric Cooperative

Jacek Szamrej – SEDCGreg Gray - SEDC

Agenda

• Data visualization concepts

• Using graphs for configuration visualization

• Use cases:• Enterprise Application• Active Directory• BloodHound

Examples of Text and Tabular Data

https://www.active-directory-security.com/2016/08/how-to-easily-dump-export-active-directory-security-permissions-acls.html

Energy Usage Visualization

Data Visualization Examples

Visualization Using Graphs

Benefits of Security Configuration Visualization• See the “big picture” of

• Physical or logical structure of network• System and application permissions

• Discover Misconfigurations

• Analyze Attack Paths – Blue<>Red Team

• On-boarding and off-boarding employees

Graph Databases Node1

Graph Databases

Member of

Permissions to object

(Edge)

User(Node)

Folder(Node)

Group(Node)

Graph Databases

10.10.15.21

10.10.15.23

10.10.15.25

Why graph databases?

• Graph databases are much faster than relational databases for connected data

• Schema is not needed

• SQL lacks the syntax to easily perform graph traversal

• SQL performance degrades quickly as we traverse the graph

Visualization Use Cases

•Enterprise application

•Active Directory

•Configuration inventory

Enterprise Application Visualization

Made of several thousands of report lines

Enterprise Application Visualization

Custom visualization of permissions structure in enterprise application

-Discover similarities and anomalies in groups

-How can this help Central Alabama EC?

Microsoft Active Directory

• #1 Directory Services implemented by Coops and many other companies as well…

•Integrated with other applications or IAM

•How Central Alabama EC is using AD?

BloodHound

- Intro

-Pre-define queries for analysis

-Custom queries

-Can Central Alabama EC use BloodHound?

Graph visualization:

Active Directory + Enterprise Application

Network DependencyGraph

Network Dependency Graph

Graph DatabasesRanking (first 20)

https://db-engines.com/en/ranking/graph+dbms

Testing BloodHound1. Install Java on designated computer without admin to AD

2. Install Community edition of Neo4jhttps://neo4j.com/download-center/#releases

3. Install BloodHound – (Linux, Windows or OSX)https://github.com/BloodHoundAD/BloodHound/wiki/getting-started

4. Check that neo4j ports (7474, 7687) are limited to localhost

Testing BloodHound5. Run BloodHound

6. Use sample database or generate new one with DBCreatorhttps://github.com/BloodHoundAD/BloodHound-Tools (Python)

7. Import your AD data into Neo4j/BloodHoundhttps://github.com/BloodHoundAD/Bloodhound/wiki/Data-Collection-Intro

Use SharpHound (.ps1 or .exe) to collect AD data.SharpHound enumerates AD and collect information about current sessions.

Testing BloodHound8. Play with default queries in BloodHound

9. Learn about Cypher and create your own queriesMany sources: https://blog.cptjesus.com/posts/introtocypher

10. Import other data into Neo4j

11. Shutdown Neo4j if not using, may encrypt folder with collected data

jaceks@sedata.com

VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to...

Documents

+ struct Node { + int x; + Node * next; + }; + Node mylist; + Node mylist = NULL; head 121

22 Introduction to Distributed Databases · 13 Node Application Server Node Node P3 →ID:101-200 P1→ID:1-100 P2→ID:201-300. 15-445/645 (Fall 2020) EARLY DISTRIBUTED DATABASE

Similarity Searches on Sequence Databases - EMBnet node Switzerland

Tor Node Anonymity Systems Requirements and … Systems Requirements and Architecture Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Network Web server

Dell EMC NetWorker 9.x and later Upgrade Quick Start Guide · Storage Node TCP/390111 Dynamic TCP port from the service port range nsrnsmd . Firewall requirements ... Nsradmin> p

Text Databases. Outline Spatial Databases Temporal Databases Spatio-temporal Databases Data Mining Multimedia Databases Text databases Image and video

23 Distributed OLTP Databases - CMU 15-445/645 · 2020-02-11 · Federated Databases 8. CMU 15-445/645 (Fall 2019) ATOMIC COMMIT PROTOCOL When a multi-node txn finishes, the DBMS

Field Experiments in RFI Detection using an Array · CNVRT ANT A/D FIFO LNA 12 3 416 CONTROL NODE GPS PROCESSING NODE PROCESSING NODE PROCESSING NODE CONTROL NET (TCP/IP) DATA NET

Appfield uc - Netfarmers€¦ · Appfield UC CUCMs 8443/TCP AXL Request/Response ... CUCM Primary Node Enter the IP of the CUCM node that should be used primarily for AXL and UDS

tcp ip4 vs tcp ip6

Appfield uc - Netfarmers · Appfield UC CUCMs 8443/TCP AXL Request/Response ... CUCM Primary Node Enter the IP of the CUCM node that should be used primarily for AXL and UDS requests

Node Patterns - Databases Volume I - LevelDB, Redis and CouchDB

Graph Databases, Neo4j, Cypher - Univerzita Karlova Databases Basic Characteristics To store entities and relationships between these entities Node is an instance of an object Nodes

Replacement kit for Hiquel TCP-M2, TCP-M2A and TCP-M2B. · Replacement kit for Hiquel TCP-M2, TCP-M2A and TCP-M2B. ... TCP-M2A & TCP-M2B installations. ... NOTE: Connections Y1 and

Undersea node localization using node-to-node acoustic

F Razo / CSUEB TE51105. F Razo / CSUEB TE5110 PRINTER SERVER FILE SERVER COMMUNICATIONS SERVER USER COMPUTERS INTERNET NETWORK NODE COMPUTERS TCP/IP

Study Guide 10 Physical Sciencesassets.cambridge.org/97805217/05776/frontmatter/...node f = 2f 1 node f = 3f 1 node f = 4f 1 node node node node node Strings attached to a ﬁ xed

Program Structure B.E. Computer Engineering, (Rev. 2016) w ... · 3.4 Mobile TCP : Traditional TCP, Classical TCP Improvements like Indirect TCP, Snooping TCP & Mobile TCP, Fast Retransmit

TCP Congestion Control TCP Tahoe TCP Reno TCP Vegas

UDP in Node · TCP vs UDP TCP Protocols • HTTP • SMTP • BitTorrent • SSH UDP Protocols • DNS • DHCP • UPnP / NAT-PMP • Games / VoIP / Skype