visualization of network security configuration · graph databases group member of permissions to...
TRANSCRIPT
![Page 1: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/1.jpg)
VISUALIZATION OF NETWORK SECURITY CONFIGURATION
Scott Lee - Central Alabama Electric Cooperative
Jacek Szamrej – SEDCGreg Gray - SEDC
![Page 2: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/2.jpg)
![Page 3: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/3.jpg)
Agenda
• Data visualization concepts
• Using graphs for configuration visualization
• Use cases:• Enterprise Application• Active Directory• BloodHound
![Page 4: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/4.jpg)
Examples of Text and Tabular Data
https://www.active-directory-security.com/2016/08/how-to-easily-dump-export-active-directory-security-permissions-acls.html
![Page 5: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/5.jpg)
![Page 6: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/6.jpg)
Energy Usage Visualization
![Page 7: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/7.jpg)
Data Visualization Examples
![Page 8: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/8.jpg)
Visualization Using Graphs
![Page 9: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/9.jpg)
Benefits of Security Configuration Visualization• See the “big picture” of
• Physical or logical structure of network• System and application permissions
• Discover Misconfigurations
• Analyze Attack Paths – Blue<>Red Team
• On-boarding and off-boarding employees
![Page 10: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/10.jpg)
Graph Databases Node1
Node2
Node3
Edge
Edge
![Page 11: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/11.jpg)
Graph Databases
Group
Member of
Permissions to object
(Edge)
(Edge)
User(Node)
Folder(Node)
Group(Node)
![Page 12: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/12.jpg)
Graph Databases
TCP
TCP
10.10.15.21
10.10.15.23
10.10.15.25
UDP
![Page 13: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/13.jpg)
Why graph databases?
• Graph databases are much faster than relational databases for connected data
• Schema is not needed
• SQL lacks the syntax to easily perform graph traversal
• SQL performance degrades quickly as we traverse the graph
![Page 14: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/14.jpg)
Visualization Use Cases
•Enterprise application
•Active Directory
•Configuration inventory
![Page 15: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/15.jpg)
Enterprise Application Visualization
Made of several thousands of report lines
![Page 16: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/16.jpg)
Enterprise Application Visualization
![Page 17: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/17.jpg)
Enterprise Application Visualization
![Page 18: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/18.jpg)
Demo
Custom visualization of permissions structure in enterprise application
-RBAC
-Discover similarities and anomalies in groups
-How can this help Central Alabama EC?
![Page 19: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/19.jpg)
Microsoft Active Directory
• #1 Directory Services implemented by Coops and many other companies as well…
•Integrated with other applications or IAM
•How Central Alabama EC is using AD?
![Page 20: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/20.jpg)
Demo
BloodHound
- Intro
-Pre-define queries for analysis
-Custom queries
-Can Central Alabama EC use BloodHound?
![Page 21: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/21.jpg)
Demo
Graph visualization:
Active Directory + Enterprise Application
![Page 22: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/22.jpg)
Network DependencyGraph
![Page 23: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/23.jpg)
Demo
Network Dependency Graph
![Page 24: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/24.jpg)
Graph DatabasesRanking (first 20)
https://db-engines.com/en/ranking/graph+dbms
![Page 25: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/25.jpg)
Testing BloodHound1. Install Java on designated computer without admin to AD
2. Install Community edition of Neo4jhttps://neo4j.com/download-center/#releases
3. Install BloodHound – (Linux, Windows or OSX)https://github.com/BloodHoundAD/BloodHound/wiki/getting-started
4. Check that neo4j ports (7474, 7687) are limited to localhost
![Page 26: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/26.jpg)
Testing BloodHound5. Run BloodHound
6. Use sample database or generate new one with DBCreatorhttps://github.com/BloodHoundAD/BloodHound-Tools (Python)
7. Import your AD data into Neo4j/BloodHoundhttps://github.com/BloodHoundAD/Bloodhound/wiki/Data-Collection-Intro
Use SharpHound (.ps1 or .exe) to collect AD data.SharpHound enumerates AD and collect information about current sessions.
![Page 27: VISUALIZATION OF NETWORK SECURITY CONFIGURATION · Graph Databases Group Member of Permissions to object (Edge) (Edge) User (Node) Folder (Node) Group (Node) Graph Databases TCP TCP](https://reader034.vdocuments.site/reader034/viewer/2022050119/5f4f48d22afa395c63033d17/html5/thumbnails/27.jpg)
Testing BloodHound8. Play with default queries in BloodHound
9. Learn about Cypher and create your own queriesMany sources: https://blog.cptjesus.com/posts/introtocypher
10. Import other data into Neo4j
11. Shutdown Neo4j if not using, may encrypt folder with collected data