Program detects dangers that run silent, run deep

 

Connecting state and local government leaders

When it comes to security, the problem with large enterprise networks is that most network defenses are static, but connectivity is dynamic.

When it comes to security, the problem with large enterprise networks is that most network defenses are static, but connectivity is dynamic. Over time, even the most secure networks develop vulnerabilities'and there is little network administrators can do to prevent it. IPsonar version 3.6.3 from Lumeta Corp. can help get a handle on both known and unknown network configurations and the vulnerabilities within them.The known network comprises systems you know are attached to your network and should be configured in a certain way. The unknown network is made up of clients and devices that you did not even know existed. With large networks, the unknown parts can easily outnumber the known.IPsonar is designed to be the first step in an overall security plan. It scans a network using various protocols to see what devices can connect to the outside world and to each other. The software can run on a 1U appliance or from a standard notebook. We tested the notebook version.We hooked up IPsonar to the dirtiest, craziest, most hodgepodge network we could find'the GCN Lab test bed. With hundreds of software and hardware products coming and going throughout a year of testing, the lab network can start to look pretty chaotic to a data packet trying to navigate its way through. Interestingly enough, though, the same network will look different depending on the packets that are used to analyze it. IPsonar takes a 'packet's eye view'; some packets can't find their way out of certain devices while others can. At the end of a scan, the software generates a graphic that shows what types of packets can connect throughout a network, which provides important information, and could be a little surprising if you happen to believe your network is properly locked down.Scanning the GCN Lab network took only about 15 minutes, with about 200 active devices scanned. But the program can handle virtually any size network. Because IPsonar does not actually try to access each device (it merely maps the connectivity options among them), the scans are surprisingly quick considering the detailed info they generate.The program performs three main functions. First is network discovery. In the network discovery phase, the program will identify the route-based connectivity between devices and also identify how aggressively subnet masking is implemented. It will zero in on any forwarding devices and filtering devices, such as network firewalls.Beyond just finding the firewalls, IPsonar examines them to determine their impact on the network; you can see if the firewall is configured properly based on what you think it should be doing. Given that firewalls are one of the most difficult devices to configure correctly, it is good that IPsonar pays particular attention to them and other filtering devices. It also looks at router access control lists in the same manner.The second task IPsonar performs is host discovery. In this phase, the program finds what devices are on a network. It does this by conducting a census of all the IP addresses.Because IPsonar uses multiprotocol discovery, it can dig into a network and find devices hidden from the main network by protocol restrictions. If there is a way to reach the device using an alternate protocol, IPsonar can find them.The third part of the program, the leak discovery phase, is probably the most useful for federal administrators charged with keeping data secure. In this phase, IPsonar will scan all discovered hosts to see if they have the ability to accept inbound or send outbound packets beyond the network to the Internet or other network devices. In this manner you might discover a communications chain through which a device on a secure network can chat with a device on a nonsecure network. This does not necessarily mean a breach has occurred, just that it is possible. You can set the number of hops you want the program to check for leaks.Leaks can be discovered using a leak sensor. Lumeta maintains several leak sensors in New Jersey that you can use for testing, but feds worried about security can use their own internal sensors if they wish.Here's how it works: The software spoofs a packet that supposedly comes from a leak sensor. If a device responds back to the sensor'and it will if it can since the packet was spoofed'then you know you have an open communications chain on a certain protocol. IPsonar is smart enough to know that if a device can't respond to a leak sensor but can send traffic to another device that can, then a possible security hole exists and the connection will be mapped.The leak discovery phase will also find rogue or unmanaged devices such as wireless access points. If a wireless AP is properly managed, then it won't be identified as a rogue client. But if you simply plug in an AP out of the box, IPsonar will find it.In our test scan, IPsonar found a wireless AP with all its factory default settings. More disturbingly, it found an unknown rogue router too. Examining the results for the routers, we were able to see how it was affecting the test bed's topology. We saw that the router was filtering packets, not letting certain ones pass while allowing others. Knowing we were looking for a router-type device that could filter, we were able to find a firewall that everyone thought had been disconnected months ago. Once we turned off the firewall, we pinged the IP address that IPsonar provided and confirmed it was gone.With weekly scanning, you can make sure you plug holes as quickly as they form. Scanning a network is unobtrusive, and you can set the speed of the scan if you're worried about bandwidth.Scans can occur at speeds from one packet per second up to 1,200 packets per second. This is important because unlike virus scanning, which can run during off-hours, you really want to run IPsonar during peak network times when there is a better chance that rogue devices will be active.You can also tell the system to avoid scanning certain areas on your network by restricting the scan from looking at certain CIDR (Classless Inter-Domain Routing) blocks. This will keep the program from your executives' systems and off of highly classified networks, if necessary.You can view reports remotely through a Web browser. The Web reports give fairly canned data, but are nonetheless helpful in fixing problems. For a more detailed look, you can use MapViewer, a program that comes with IPsonar that gives incredibly granular details about each device and packet type within the network environment.Combining IPsonar with a secondary program such as a patch management system would go a long way to securing a network's static defenses in a dynamic world.

Related Links

Box scores

IPsonar can find vulnerabilities you didn't know existed









Rapid network scans





















Weekly check-ups








X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.