Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
VISUALIZATION OF NETWORK SECURITY CONFIGURATION
Scott Lee - Central Alabama Electric Cooperative
Jacek Szamrej – SEDCGreg Gray - SEDC
Agenda
• Data visualization concepts
• Using graphs for configuration visualization
• Use cases:• Enterprise Application• Active Directory• BloodHound
Examples of Text and Tabular Data
https://www.active-directory-security.com/2016/08/how-to-easily-dump-export-active-directory-security-permissions-acls.html
Energy Usage Visualization
Data Visualization Examples
Visualization Using Graphs
Benefits of Security Configuration Visualization• See the “big picture” of
• Physical or logical structure of network• System and application permissions
• Discover Misconfigurations
• Analyze Attack Paths – Blue<>Red Team
• On-boarding and off-boarding employees
Graph Databases Node1
Node2
Node3
Edge
Edge
Graph Databases
Group
Member of
Permissions to object
(Edge)
(Edge)
User(Node)
Folder(Node)
Group(Node)
Graph Databases
TCP
TCP
10.10.15.21
10.10.15.23
10.10.15.25
UDP
Why graph databases?
• Graph databases are much faster than relational databases for connected data
• Schema is not needed
• SQL lacks the syntax to easily perform graph traversal
• SQL performance degrades quickly as we traverse the graph
Visualization Use Cases
•Enterprise application
•Active Directory
•Configuration inventory
Enterprise Application Visualization
Made of several thousands of report lines
Enterprise Application Visualization
Enterprise Application Visualization
Demo
Custom visualization of permissions structure in enterprise application
-RBAC
-Discover similarities and anomalies in groups
-How can this help Central Alabama EC?
Microsoft Active Directory
• #1 Directory Services implemented by Coops and many other companies as well…
•Integrated with other applications or IAM
•How Central Alabama EC is using AD?
Demo
BloodHound
- Intro
-Pre-define queries for analysis
-Custom queries
-Can Central Alabama EC use BloodHound?
Demo
Graph visualization:
Active Directory + Enterprise Application
Network DependencyGraph
Demo
Network Dependency Graph
Graph DatabasesRanking (first 20)
https://db-engines.com/en/ranking/graph+dbms
Testing BloodHound1. Install Java on designated computer without admin to AD
2. Install Community edition of Neo4jhttps://neo4j.com/download-center/#releases
3. Install BloodHound – (Linux, Windows or OSX)https://github.com/BloodHoundAD/BloodHound/wiki/getting-started
4. Check that neo4j ports (7474, 7687) are limited to localhost
Testing BloodHound5. Run BloodHound
6. Use sample database or generate new one with DBCreatorhttps://github.com/BloodHoundAD/BloodHound-Tools (Python)
7. Import your AD data into Neo4j/BloodHoundhttps://github.com/BloodHoundAD/Bloodhound/wiki/Data-Collection-Intro
Use SharpHound (.ps1 or .exe) to collect AD data.SharpHound enumerates AD and collect information about current sessions.
Testing BloodHound8. Play with default queries in BloodHound
9. Learn about Cypher and create your own queriesMany sources: https://blog.cptjesus.com/posts/introtocypher
10. Import other data into Neo4j
11. Shutdown Neo4j if not using, may encrypt folder with collected data