NetMap

Description

In recent years, networks have evolved from mere communication means to a ubiquitous computational infrastructure. Networks have become larger, faster, and highly dynamic and, in particular, the Internet has become an everyday reality for millions of users outside the Information Technology community.

The incredible growth of networking technology has been driven by the immediate need for higher bandwidths and advanced services. This trend has delivered a number of promising results but has also produced solutions that are only partially satisfactory. As governments, enterprises, and end-users rely more and more on the services provided by the network, these flaws become more evident.

This situation has been caused by the limited knowledge that is at the basis of network solutions. Networks are complex systems and most approaches oversimplify their target model in an effort to limit the space of the problem. For example, firewall technologies often consider a limited subset of security mechanisms and do not take into account specific characteristics of the network being protected, such as the interactions among different protocols and services or the particular architecture and operating system installed on the protected nodes. As another example consider network management services, e.g., SNMP, that do not consider important aspects of the managed hosts such as trust relationships or protection domains.

A sound, comprehensive security approach must rely on a sound knowledge base. For this it is necessary to build a network model that can be relied upon in building, deploying, and maintaining the security protections of a computer network.

The NetMap Approach

NetMap is a tool for discovering and analyzing computer networks. NetMap includes a discovery tool, a network database and a viewer and analyzer application.

Network discovery is done by using existing tools, both commercially available and in the freeware domain. Given a query, the set of tools that best answers it is automatically chosen. The tools are run, and the results are fused together.

NetMap consists of different components:

NERD - The Network Entity Relation Database.: An SQL database that contains the information about the network topology. The schema is designed to contain all information needed to do a proper security analysis.
The NERD analyzer.: A Graphical front end to the NERD database. The application provides a graphical representation of the network and includes tools to analyze it.
NTL - The Network Tool Language.: A language that provides a semantic model for describing network tools and defines a syntax to issue queries about the network.
NetScript.: An application that receives queries about the network, and executes different network discovery tools in order to answer them. NetScript resolves the inconsistent and incomplete data received from the different tools and generates a homogeneous view of the network.

Software

The NetMap tool
The components of the NetMap tool (March 2003 version).
- NetMap-2003-03-12.tgz [MD5 Checksum]

Publications

G. Vigna, F. Valeur, J. Zhou, and R.A. Kemmerer, "Composable Tools For Network Discovery and Security Analysis,", in Proceedings of the Annual Computer Security Applications Conference (ACSAC), pp. 14-24, IEEE Press, Las Vegas, NV, December 2002.[PDF, BibTeX]

People

Acknowledgments

This research was supported by the Army Research Office, under agreement DAAD19-01-1-0484.