Presentation is loading. Please wait.

Presentation is loading. Please wait.

Utilising open source tools to map and analyse a domain based IT system.

Published byEugenia King Modified over 9 years ago

Similar presentations

Presentation on theme: "Utilising open source tools to map and analyse a domain based IT system."— Presentation transcript:

1 Utilising open source tools to map and analyse a domain based IT system

2 I. Introduction II. Method overview III. Domain detail aggregation IV. Procedure V. Visualisation VI. Conclusion © Photo: O van Ginkel

3 Introduction: Domain mapping  Purpose of paper: Network mapping technique Visualisation Exposure of cyber-security risk to centrally managed Smart Grid IT infrastructure.  Stouffer et al. 2014: Centralised authentication management systems preferred? …to distributed access control solutions  Why? Scalability Large number of users and systems Frequent changes in access privileges I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion IV. Procedure

4 Introduction: Domain mapping  Typical centralised solution Microsoft TM Active Directory and the Lightweight Directory Access Protocol (LDAP) (Howes 1997: RFC 2254) Stores all accounts Manages authentication / authorization All individuals, systems in domain  Numerous concerns: centralised (Stouffer et al. 2014): Authentication servers require high security and availability Local credential caching Network infrastructure needs high reliability - prevent hindrance of authentication attempts. I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion IV. Procedure

5 Introduction: Domain mapping  This study endeavours to i nvestigate a technique: Enabling a person to gain knowledge of a domain network Using a set of simple readily available software tools AdFind Nmapnslookup I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion nmap.org support.microsoft.com/kb/200525 joeware.net IV. Procedure

6 Method overview: Domain mapping  Utilising the user detail exposed by an Active Directory server Simplify / speed up the process of mapping The domain network  3 Steps: 1. Query 2. Receive 3. Trace / map I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion IV. Procedure AdFindNmapftrace tracert

7 Method overview: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion IV. Procedure

8 Domain detail aggregation: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion IV. Procedure nslookup -types=any _ldap._tcp.domain.com adfind -h adserver.domain.com -b dc=domain,dc=com -f "objectcategory=computer">domainmachines.txt  4 minutes -> details of 50 000 machines of network AdFindnslookup GET AD SERVER AD SERVER DOMAIN FILTERRESULT

9 Domain detail aggregation: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion IV. Procedure  Too slow? 4 minutes… Add “-dn” parameter to adfind query less detail returned but 30 seconds for domain names of 50 000 machines  Further focus on Servers Limits the approximately 50 000 domain machines to 2 350 Smart Grid supporting servers can be identified and possibly be targeted

10 Domain detail aggregation: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion IV. Procedure Smart Grid Supporting Systems

11 Procedure: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation IV. Procedure V. Visualisation VI. Conclusion nmap --traceroute -sn -iL hostlist.txt -oN routes.txt  Other tools evaluated: Nmap ftrace tracert

12 Procedure: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation IV. Procedure V. Visualisation VI. Conclusion Route tracing tool comparative study 1 day: MAPPED 50 000 devices Only servers: 17 minutes

13 Procedure: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation IV. Procedure V. Visualisation VI. Conclusion Latency analysis histogram (all hops: 5 300 devices) Includes intermediary devices

14 Procedure: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation IV. Procedure V. Visualisation VI. Conclusion Latency analysis histogram (final hops: 2 350 devices) D C B A Excludes intermediary devices

15 Procedure: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation IV. Procedure V. Visualisation VI. Conclusion Spatial agreement of typical final hop latency D C B A Spatial location Province Associated average latency (milliseconds) Gauteng2 Free State10 KwaZulu-Natal15 Western Cape24  Pinpoint the location of critical cyber assets within the Smart Grid environment without the necessity of a geo-IP database

16 Visualisation: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion  Visualisation tools: Data design IV. Procedure RadialNetZenMapvis.js Support JSON For visualisation (Almende 2015)

17 Visualisation: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion Detail on demand added IV. Procedure

18 Visualisation: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion Mapped domain network IV. Procedure

19 Visualisation: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion Mapped domain network (zoom) IV. Procedure

20 Conclusion: Domain mapping I. Introduction II. Method overview III. Domain detail aggregation V. Visualisation VI. Conclusion  Requests launched at an Active Directory Server  Filtering prior to scanning and mapping of the network  In 20 minutes: knowledge of critical systems, both physical and network location  Ensure that Smart Grid architecture exhibits : Robustness Sufficient redundancy Communication network sustained Do not expose critical cyber assets to damage by accidental or malicious intruders IV. Procedure

21 Thank you!

Download ppt "Utilising open source tools to map and analyse a domain based IT system."

Similar presentations

The Conceptual Framework of mLearning Security for University in Thailand Sarawut Ramjan Department of e-Commerce Management North-Chiang Mai university.

The Conceptual Framework of mLearning Security for University in Thailand Sarawut Ramjan Department of e-Commerce Management North-Chiang Mai university.
Trust Management of Services in Cloud Environments:

Trust Management of Services in Cloud Environments:
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.

Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Technical Architectures

Technical Architectures
Understanding Active Directory

Understanding Active Directory
© Prentice Hall 2002 14.1 CHAPTER 14 Managing Technological Resources.

© Prentice Hall CHAPTER 14 Managing Technological Resources.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Component-Based Software Engineering Introducing the Bank Example Paul Krause.

Component-Based Software Engineering Introducing the Bank Example Paul Krause.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P11250192)

A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P )
Querying Active Directory From SSRS

Querying Active Directory From SSRS
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Similar presentations

Ads by Google