Stefan Marksteiner
ABSTRACT
As today's organizational computer networks are ever evolving and becoming more and more complex, finding potential vulnerabilities and conducting security audits has become a crucial element in securing these networks. The first step in auditing a network is reconnaissance by mapping it to get a comprehensive overview over its structure. The growing complexity, however, makes this task increasingly effortful, even more as mapping (instead of plain scanning), presently, still involves a lot of manual work. Therefore, the concept proposed in this paper automates the scanning and mapping of unknown and non-cooperative computer networks in order to find security weaknesses or verify access controls. It further helps to conduct audits by allowing comparing documented with actual networks and finding unauthorized network devices, as well as evaluating access control methods by conducting delta scans. It uses a novel approach of augmenting data from iteratively chained existing scanning tools with context, using genuine analytics modules to allow assessing a network's topology instead of just generating a list of scanned devices. It further contains a visualization model that provides a clear, lucid topology map and a special graph for comparative analysis. The goal is to provide maximum insight with a minimum of a priori knowledge.
- J. Bau, E. Bursztein, D. Gupta, and J. Mitchell. State of the art: Automated black-box web application vulnerability testing. In 2010 IEEE Symposium on Security and Privacy, pages 332--345, May 2010. Google Scholar
Digital Library
- E. Bou-Harb, M. Debbabi, and C. Assi. Cyber scanning: a comprehensive survey. Communications Surveys & Tutorials, IEEE, 16(3):1496--1519, 2014.Google ScholarCross Ref
- B. Boyter, R. Engelbach, and R. Taylor. System and method for network security scanning, Nov. 13 2003. US Patent App. 10/249,666.Google Scholar
- S. Branigan, H. Burch, B. Cheswick, and F. Wojcik. What can you do with traceroute? IEEE Internet Computing, 5(5):96--, Sep 2001. Google ScholarDigital Library
- B. Bray. The JavaScript Object Notation (JSON) Data Interchange Format. RFC 7159, Internet Engineering Task Force, 2014.Google Scholar
- R. A. Burkhard. Learning from architects: the difference between knowledge visualization and information visualization. In Information Visualisation, 2004. IV 2004. Proceedings. Eighth International Conference on, pages 519--524, July 2004. Google ScholarDigital Library
- J. Carriere and R. Kazman. Research report. interacting with huge hierarchies: beyond cone trees. In Information Visualization, 1995. Proceedings., pages 74--81, Oct 1995. Google ScholarDigital Library
- P. Chatzimisios. Security issues and vulnerabilities of the snmp protocol. In 1st International Conference on Electrical and Electronics Engineering, pages 74--77, 2004.Google Scholar
- F. Cheng, S. Roschke, and C. Meinel. An integrated network scanning tool for attack graph construction. In Advances in Grid and Pervasive Computing, pages 138--147. Springer, 2011. Google ScholarDigital Library
- S. Convery and B. Trudel. Cisco safe: A security blueprint for enterprise networks. Technical report, Cisco Systems, 2000.Google Scholar
- V. Fuller and T. Li. Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan. RFC 4632, Internet Engineering Task Force, 2006.Google Scholar
- S. Grivet, D. Auber, P. J. Domenger, and G. Melancon. Computer Vision and Graphics: International Conference, ICCVG 2004, Warsaw, Poland, September 2004, Proceedings, chapter BUBBLE TREE DRAWING ALGORITHM, pages 633--641. Springer Netherlands, Dordrecht, 2006.Google ScholarCross Ref
- K. Ingols, R. Lippmann, and K. Piwowarski. Practical attack graph generation for network defense. In 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), pages 121--130, Dec 2006. Google ScholarDigital Library
- T. J. Jankun-Kelly and K.-L. Ma. Moiregraphs: radial focus+context visualization and interaction for graphs with visual nodes. In Information Visualization, 2003. INFOVIS 2003. IEEE Symposium on, pages 59--66, Oct 2003. Google ScholarDigital Library
- B. Johnson and B. Shneiderman. Tree-maps: a space-filling approach to the visualization of hierarchical information structures. In Visualization, 1991. Visualization '91, Proceedings., IEEE Conference on, pages 284--291, Oct 1991. Google ScholarDigital Library
- A. Koc and A. U. Tansel. A survey of version control systems. In The 2nd International Conference on Engineering and Meta-Engineering: ICEME 2011, Orlando, 2011. International Institute of Informatics and Systemics.Google Scholar
- C.-C. Lin and H.-C. Yen. Graph Drawing: 13th International Symposium, GD 2005, Limerick, Ireland, September 12--14, 2005. Revised Papers, chapter On Balloon Drawings of Rooted Trees, pages 285--296. Springer Berlin Heidelberg, Berlin, Heidelberg, 2006. Google ScholarDigital Library
- H. Liu, Y. Agam, J. R. Madsen, and G. Kreiman. Timing, timing, timing: Fast decoding of object information from intracranial field potentials in human visual cortex. Neuron, 62(2):281 -- 290, 2009.Google ScholarCross Ref
- G. Lyon. Nmap Network Scanning: Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure.Com, LLC, 2008. Google ScholarDigital Library
- P. Membrey, E. Plugge, and D. Hawkins. The definitive guide to MongoDB: the noSQL database for cloud and desktop computing. Apress, 2011. Google ScholarDigital Library
- J. Mirkovic and P. Reiher. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39--53, 2004. Google ScholarDigital Library
- C. Muelder, K.-L. Ma, and T. Bartoletti. Interactive visualization for network and port scan detection. In Recent advances in intrusion detection, pages 265--283. Springer, 2005. Google ScholarDigital Library
- A. Orebaugh and B. Pinkard. Nmap in the enterprise: your guide to network scanning. Syngress, 2011. Google ScholarDigital Library
- C. Phillips and L. P. Swiler. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 workshop on New security paradigms, pages 71--79. ACM, 1998. Google ScholarDigital Library
- E. M. Reingold and J. S. Tilford. Tidier drawings of trees. IEEE Transactions on Software Engineering, SE-7(2):223--228, March 1981. Google ScholarDigital Library
- N. B. Ruparelia. The history of version control. ACM SIGSOFT Software Engineering Notes, 35(1):5--9, 2010. Google ScholarDigital Library
- D. A. Shelly. Using a web server test bed to analyze the limitations of web application vulnerability scanners. Master's thesis, Virginia Polytechnic Institute and State University, 2010.Google Scholar
- M. Ward, G. G. Grinstein, and D. Keim. Interactive data visualization : foundations, techniques, and applications. CRC Press, Boca Raton, 2015. Google ScholarDigital Library
- R. K. Wong and N. Lam. Managing and querying multi-version xml data with update logging. In Proceedings of the 2002 ACM symposium on Document engineering, pages 74--81. ACM, 2002. Google ScholarDigital Library
Index Terms
- An Iterative and Toolchain-Based Approach to Automate Scanning and Mapping Computer Networks
Recommendations
Who is knocking on the Telnet Port: A Large-Scale Empirical Study of Network Scanning
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityNetwork scanning is the primary procedure preceding many network attacks. Until recently, network scanning has been widely studied to report a continued growth in volume and Internet-wide trends including the underpinning of distributed scannings by ...
Network Scanning on Multi Function Device
MMEDIA '09: Proceedings of the 2009 First International Conference on Advances in MultimediaNetwork print devices have evolved to support additional multifunction services, in particular a Scan Service. When network Scanners are installed in local office or enterprise networks, they need remote service, device, and job management capabilities ...
Detection and Protection Against Network Scanning: IEDP
ICCNMC '01: Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01)Network scanning is an increasing threat to network security. This paper classifies and analyzes current scanning methods, and draws a conclusion that the current detection and protection of scanning mainly aim at information concealment. A novel system ...
Comments