A customer wanted to increase security on the network in two steps:
- Understand the current network communication patterns
- Use the knowledge to create new network zoning and application isolation
In order to provide a clear overview of the current network communication I logged the communication from selected systems and formatted the data:
- Removed IP4 and IP6 broadcasts
- Removed NetBIOS broadcasts
- Resolved internal IP's to host names
- Filtered for uniqueness on protocol/src-IP/dst-IP/dst-port
The filtered data was fed into a Graph Database and various queries were produced to show selected parts of the network.
The pictures produced give a clear overview of all communication to/from central systems:
- Port number
With this information it's easy for any level of IT personnel to understand the communication patterns.
Based on the documentation produced new network zones can be designed for increased isolation of critical business applications.