2. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
WHY?
▸ Visual analysis is more natural than textual analysis
▸ Because graphs are the most efficient and natural way of working with
data
▸ Big network infrastructure is headache for System Administrators and
DevOps
▸ Firewall rules are forgotten
▸ No one knows about traffic type between hosts
▸ What is this shit, «gocheck» service? o_O
▸ And because it is fun :)
3. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOW?
▸ Install Neo4j
▸ Collect needed data from hosts
▸ Parse data
▸ Load data into Neo4j
▸ Analyze! :)
4. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
BENEFITS
▸ Relationships with direction between hosts based on:
▸ Firewall rules
▸ Traffic
▸ Services that installed on each host with ability to:
▸ View all hosts that contain concrete service
▸ Check service usage (based on traffic or firewall rules)
5. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
BENEFITS
▸ Ability to find cases like:
▸ Forgotten firewall rules based on rule and traffic analyze
▸ Network services without rule or traffic to it (with loopback of course)
▸ Unused traffic (for example Zabbix agents without Zabbix endpoint)
▸ Ability to find and prevent security breaches like:
▸ Open SSH to whole internet (0.0.0.0/0)
▸ Vulnerable services with open ports
▸ And etc :)
8. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
DATA PARSING
▸ Data readers for each data format
▸ IpTables
▸ Netstat
▸ Tcpdump
▸ Import controller (Neo4jImporter)
9. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
DATA PARSING
▸ Reader interface (for IoC container)
with default realization
▸ Parser interface
▸ Concrete parser realizations with
magic inside :)