How to analyze network infrastructure with Neo4j and why with benefits, overview and examples.

1. NEO4J
ANALYZING NETWORK
INFRASTRUCTURE WITH

2. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
WHY?
▸ Visual analysis is more natural than textual analysis
▸ Because graphs are the most efficient and natural way of working with
data
▸ Big network infrastructure is headache for System Administrators and
DevOps
▸ Firewall rules are forgotten
▸ No one knows about traffic type between hosts
▸ What is this shit, «gocheck» service? o_O
▸ And because it is fun :)

3. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOW?
▸ Install Neo4j
▸ Collect needed data from hosts
▸ Parse data
▸ Load data into Neo4j
▸ Analyze! :)

4. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
BENEFITS
▸ Relationships with direction between hosts based on:
▸ Firewall rules
▸ Traffic
▸ Services that installed on each host with ability to:
▸ View all hosts that contain concrete service
▸ Check service usage (based on traffic or firewall rules)

5. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
BENEFITS
▸ Ability to find cases like:
▸ Forgotten firewall rules based on rule and traffic analyze
▸ Network services without rule or traffic to it (with loopback of course)
▸ Unused traffic (for example Zabbix agents without Zabbix endpoint)
▸ Ability to find and prevent security breaches like:
▸ Open SSH to whole internet (0.0.0.0/0)
▸ Vulnerable services with open ports
▸ And etc :)

6. WITH SYSTEM
OVERVIEW
EXAMPLES AND CODE

7. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J ТЕКСТ
DATA COLLECTING
stasiand
Host 1
Host 2
Host N
iptables,netstat,tcpdump

8. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
DATA PARSING
▸ Data readers for each data format
▸ IpTables
▸ Netstat
▸ Tcpdump
▸ Import controller (Neo4jImporter)

9. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
DATA PARSING
▸ Reader interface (for IoC container)
with default realization
▸ Parser interface
▸ Concrete parser realizations with
magic inside :)

10. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IOC CONTAINER CONFIGURATION

11. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IMPORT MAGIC!

12. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IMPORT MAGIC!

13. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
IMPORT MAGIC!

14. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
CYPHER QUERIES

15. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
CYPHER QUERIES

16. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
CYPHER QUERIES

17. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
FUNNY CIRCLES!

18. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
OPEN SSH PORTS

19. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
SSH TRAFFIC

20. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
SERVICES ON UTILITY

21. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
INBOUND/OUTBOUND TRAFFIC ON UTILITY

22. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
FIREWALL RULES ON UTILITY

23. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOSTS WITH APACHE SERVICE

24. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOSTS WITH B17 SERVICE TRAFFIC

25. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
HOSTS WITH HTTP TRAFFIC

26. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
EPP TRAFFIC FROM CHECK AVAILABILITY

27. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
ALL RELATIONS OF SOME RANDOM HOST

28. ANALYZING NETWORK INFRASTRUCTURE WITH NEO4J
ZABBIX TRAPPER TRAFFIC TO HOSTS WITHOUT ZABBIX SERVER

29. THANKS
FOR
WATCHING
Yaroslav Lukyanov