Active DirectoryNetwork

Network Communication Mapping

Network Communication Mapping using Neo4J Graph Database

A customer wanted to increase security on the network in two steps:

  1. Understand the current network communication patterns
  2. Use the knowledge to create new network zoning and application isolation

In order to provide a clear overview of the current network communication I logged the communication from selected systems and formatted the data:

  • Removed IP4 and IP6 broadcasts
  • Removed NetBIOS broadcasts
  • Resolved internal IP's to host names
  • Filtered for uniqueness on protocol/src-IP/dst-IP/dst-port

The filtered data was fed into a Graph Database and various queries were produced to show selected parts of the network.

The pictures produced give a clear overview of all communication to/from central systems:

  • Protocol
  • Port number
  • Direction

With this information it's easy for any level of IT personnel to understand the communication patterns.

Based on the documentation produced new network zones can be designed for increased isolation of critical business applications.

Network Communication Mapping using graph database

Leave a Reply

Your email address will not be published. Required fields are marked *