LLNL-PRES-641125 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-AC52-07NA27344. Lawrence Livermore National Security, LLC NeMS Network Mapping and Discovery for Cybersecurity Situational Awareness Celeste Matarazzo
NeMS Network Mapping and Discovery for Cybersecurity Situational Awareness by Celeste Matarazzo, LLNL Scientist
Nov 14, 2014
You will hear about Network Mapping System (NeMS), a software-based network characterization and discovery tool. The analysis and maps produced by the NeMS tool provides an iterative platform for network security managers and information technology personnel.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
- 1. LLNL-PRES-641125This work was performed under the auspices of theU.S. Department of Energy by Lawrence LivermoreNational Laboratory under contract DE-AC52-07NA27344.Lawrence Livermore National Security, LLCCeleste Matarazzo
2. Computer networks are organic and complex Network Mapping provides a current snapshot of a networks structure andactivity profile Network maps combine available data to provide a picture of HOW thenetwork is actually being used Mapping operations discover ACTUAL network topology including routers,switches and end hosts services running on these devices Mapping discovers changes in a networkLawrence Livermore National Laboratory LLNL-PRES-641125 3. Software-based network characterization anddiscovery tool Constructs visual representations of computernetwork based on observed behavior Iterative analysis platform from which networksecurity managers and information technology (IT)personnel can explore the findings of each mappingoperationLawrence Livermore National Laboratory LLNL-PRES-6411253 4. Network maps combine available active and passive data to providea picture of how the network is actually being used Mapping conducted from any vantage point within a network,including multiple vantage points Flexible controls to enable the mapping operations to meet speed,load and security requirements (e.g., throttle) Validated in controlled environments (with ground truth) and inoperational networks Found 100%of hosts were identified plus the unexpected discovery of anunknown external network connection Operational network measured load and found NO impact to performanceLawrence Livermore National Laboratory LLNL-PRES-6411254 5. Open ports Available services and versioninformation Operating Systems Network Topology Traceroute Router Interfaces (SNMP) Static Routes (SNMP)Operating Systems Passive Mapping techniques provide:SNMP Results Host discovery Host activity (transactions between nodes) The content of communicationsOpen PortsLawrence Livermore National Laboratory LLNL-PRES-641125 6. Software-based high-performancenetwork characterization and discovery Combines intelligent network probes,passive traffic analysis and host discovery Constructs OBSERVED network topologyand behavior including end hosts andsevices Mapping toolset provides iterativevisualization and analysis environment toexplore findings Network Mapping ArchitectureLawrence Livermore National Laboratory LLNL-PRES-641125 7. Configurable to minimize disruptions and impacts onthe target operational network and to require minimalintervention by network security staff System has a modular structure that allows the easyaddition of new capabilities Builds on 15 years of network analysis and highperformance computing expertise Focuses on discovery of the network rather thancompliance checkingLawrence Livermore National Laboratory LLNL-PRES-6411257 8. Charity [email protected] Livermore National Laboratory LLNL-PRES-641125 8
Related Documents
