An Iterative and Toolchain-Based Approach to Automate Scanning and Mapping Computer Networks

TL;DR

This paper presents an automated, iterative toolchain-based method for scanning and mapping complex computer networks, enhancing security audits by providing detailed topology insights and comparison capabilities.

Contribution

It introduces a novel approach that augments existing scanning tools with context and analytics to generate comprehensive network topology maps automatically.

Findings

Automates network scanning and mapping process.

Provides clear topology visualization and comparison tools.

Enhances security audit efficiency and accuracy.

Abstract

As today's organizational computer networks are ever evolving and becoming more and more complex, finding potential vulnerabilities and conducting security audits has become a crucial element in securing these networks. The first step in auditing a network is reconnaissance by mapping it to get a comprehensive overview over its structure. The growing complexity, however, makes this task increasingly effortful, even more as mapping (instead of plain scanning), presently, still involves a lot of manual work. Therefore, the concept proposed in this paper automates the scanning and mapping of unknown and non-cooperative computer networks in order to find security weaknesses or verify access controls. It further helps to conduct audits by allowing comparing documented with actual networks and finding unauthorized network devices, as well as evaluating access control methods by conducting delta scans. It uses a novel approach of augmenting data from iteratively chained existing scanning tools with context, using genuine analytics modules to allow assessing a network's topology instead of just generating a list of scanned devices. It further contains a visualization model that provides a clear, lucid topology map and a special graph for comparative analysis. The goal is to provide maximum insight with a minimum of a priori knowledge.