Re: Network Mapping Software

[Ron Gula <rgula () tenable com>]

If it is political, you might be able to leverage their vuln management
program. If they are scanning with Nessus, you should have netstat
results which you could mine for evidence of connectivity where there
should not be.

Ron

From: Lester Nichols <ln61775 () gmail com<mailto:ln61775 () gmail com>>
Reply-To: PaulDotCom List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom com>>
Date: Thursday, February 28, 2013 8:57 AM
To: PaulDotCom List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom com>>
Subject: Re: [Pauldotcom] Network Mapping Software


The answer is a bit of yes to all the above. Because of the independence of the locations, an invasive scan cannot be 
done and we cannot "cross" into their LAN per se. But the goal is to obtain information about the environment and 
associated unauthorized connwction to go back to these groups and get consensus to corect thw issues...it is highly 
political.

On Feb 28, 2013 8:00 AM, "Ron Gula" <rgula () tenable com<mailto:rgula () tenable com>> wrote:
Are you concerned with connectivity and routing or do you
care about access control? There are tones of great net
mapping products out there like Lumeta, but if you really
need to see which ports are open between enclaves, you
either need to scan or sniff the connection, like with our
Tenable solution (distributed Nessus and Passive Vulnerability
Scanners), or model the firewall rules with something
like RedSeal.

If they are a Tenable customer, feel free to ping me offline.
This sort of data is collected passively and is pretty easy to
report on which enclaves have access to other enclaves
based on scan results or sniffed traffic.

Ron

From: Lester Nichols <ln61775 () gmail com<mailto:ln61775 () gmail com>>
Reply-To: PaulDotCom List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom com>>
Date: Wednesday, February 27, 2013 9:05 AM
To: PaulDotCom List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom com>>
Subject: [Pauldotcom] Network Mapping Software

All,

Trying to get recommendation on a network mapping software that could help identify unauthorized bridged networks. 
Ideally this would be something capable to identify divergent LANs across the WAN…

Back Story:

The unnamed federal agency has 600+ locations with public and private LANs, but each local LAN is not accountable to 
the other or to other Executive Branch mandates…as such there is a concern that there are unauthorized bridged 
connection to the local LAN. The need is to be able to identify those potential connection in a non-intrusive way.

Any ideas?

v/r

----------
Lester E. Nichols III, MSIA, CISSP, GCED,  GCFW, GSEC,
MCSA, CompTIA Security+
ln61775 () gmail com<mailto:ln61775 () gmail com>

cuiusvis hominis est erare, nulius nisi insipientis in errore perseverare.

http://www.linkedin.com/in/lnichols

Information Systems Security Association - General Member
Information Systems Audit and Control Association - Member
A proud member of the Federal Bureau of Investigation’s InfraGard

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com