Network in full view
IPsonar creates a working map to detect IP-connected devices within the enterprise.
- By Greg Crowe
- Sep 14, 2008
YOU MIGHT HAVE seen the poster that at first glance looks like either a view through a microscope or a time-release photo of a festive fireworks display. On closer inspection, of course, you'd see this is a map of the Internet, which displays all of the routers in existence organized by their IP numbers.
The first map was made in 1998 at Bell Labs, shortly before Lumeta, which owns the mapping technology, spun off from Bell. Since then, Lumeta has been improving its IPsonar technology and producing a new map of the Internet every year or so since.
The company's IPsonar 4.1 brings the power of the Internet Mapping Project to your own little corner of the Internet ' your network. It will detect all the devices in a specified range of IP numbers, and let you see what you have and how they relate to one another, and can identify if you have a leak.
IPsonar gathers information about network devices in four phases of discovery. During Network Discovery in our testing, the program identified the devices in the network and how they were interconnected. It paid particular attention to forwarding and filtering devices, in addition to the connectivity of network firewalls and router access control lists.
The second task was Host Discovery, in which the program conducted a search of all the IP addresses. IPsonar uses multiprotocol discovery to find previously unknown IP addresses, which always seem prevalent on larger networks.
The third phase, Leak Discovery, is probably the most useful for any network administrator concerned with data security. In this phase, IPsonar scanned our various hosts to see if they could accept inbound or send outbound packets to the Internet or other sub-networks. Even devices that are on a secure network but can exchange information with another device on a nonsecure network would be suspect.
You can set the number of links in the chain you want the program to check. Leaks are discovered using an external leak sensor ' Lumeta maintains several leak sensors that you can use for testing. IPsonar checks for open communication chains by sending a device a fake packet that looks as if it comes from a leak sensor. If a device responds back to the sensor, you know you have a leak. This pinging is like the old World War II method that submarines and sub hunters would use to find their targets, hence the name of the product.
Version 4.1 adds a Device Fingerprint Discovery sensor, which identifies services, wireless access points and computer operating system information on the network. It will allow a network administrator to balance application resources, get a grip on improperly secured access points, and know at a glance which machines are running which versions of operating systems.
We found IPsonar to be relatively easy to set up. After we connected a monitor and keyboard to the server and set its IP number, it was ready to be administrated through a Web-based graphical user interface.
Performing a search is only complicated because of all the options available to increase flexibility. We were pleased to find the option for Tactical Scan, which was quickly implemented and was only concerned with one IP address.
To initiate a more detailed scan, you click on a tab that has every conceivable option. You can choose which type of scan ' based upon the four phases mentioned above ' to perform. For each choice, there are options such as which protocols IPsonar will use to make its discoveries. You also can set IP ranges ' called Classless Inter- Domain Routing blocks ' to be targeted or specifically avoided in this scan. You can even schedule a scan to perform only within a certain window of time.
The Manage Reports page lets you display an existing report or generate a new one when a scan is performed. The raw data of the scan can be viewed in many ways, so it's fairly easy to find the format that makes the most sense for your situation. To get a view of your network and how the components relate to one another, you can use the Map Viewer software that comes with the Server. After loading all of the necessary .NET and Java enhancements and installing the software onto a client machine, Map Viewer can grab a report generated by IPsonar and show you a relational map of all of the routers on your network. This graphical display can help network administrators visualize how a network is functioning and how sweeping changes might affect it.
Additional sensors can be placed on the network to make the scans run faster and generate even more accurate information, while taking some of the load off of the server, which centrally manages everything. Additional servers can also be purchased to perform as dedicated report servers, which helps extremely large networks.
Lumeta sells the IPsonar 4.1 Server for $75,000, which is reasonable for such a powerful product that can find devices you didn't even know you had. Additional servers sell for $25,000, and additional sensors cost $7,500. For large networks, these will likely pay for themselves.
IPsonar is for any administrator of a medium to large network who needs to get a view of how it is organized and track down stray devices.Lumeta (732) 357-3500, www.lumeta.com