A new zero-day vulnerability in the popular Apache Log4j logging utility has been identified a few days ago ( CVE-2021-44228 ). Network Perception’s products are not subject to this vulnerability as we do not use the targeted Apache library. We encourage everyone to assess the impact of the vulnerability on their organization and to review the recommendation available on the CISA Vulnerability Guidance
NP-View and NP-Live have a similar feature set: 1) parsing configuration files from firewalls, routers, switches, 2) visualizing the network topology map, 3) reviewing rulesets, 4) visualizing path analysis.
The two key differences are:
- NP-View is a desktop application (one user at a time can work on a project) and NP-Live is a server application (multiple users can collaborate at the same time on a workspace)
- The import of configuration files into NP-View is a manual process. NP-Live includes data connectors to automate that import process.
- A detailed comparison can be found here:
The foundation of a NP-View project or NP-Live workspace is configuration files from layer-3 network device equipment (firewalls, routers, switches). The full list of supported devices is available here and is frequently updated with new manufacturers.
In addition to configuration files, one can also import network data to enrich the topology map with new nodes, ports and services information, and vulnerability information. The full list of additional data supported is available here.
If the import of a configuration file fails, the next step is to send the debug logs to the support team (email@example.com). This can be done automatically through the Log tab in NP-View Java, and the Help Center in NP-Live and NP-View HTML (available through the user menu in the top right corner).
NP-Live is a server application that runs on Linux. System recommendations can be found here:
NP-View is desktop application that runs on Windows, Linux and OSX.
System details can be found here:
No, NP-View and NP-Live are designed to work offline or in an isolated network. Automated updates are not possible if off-line.
- Import the first firewall configuration into a new project
- Go to File > Import and then choose “Import into this project”
- Select the second firewall configuration to add it to your existing project
- Once the import is complete, right-click on your firewall in the map and choose “Show native ruleset”
- A popup window will offer you “Show differences with previous version” (screenshot below)
- In addition, you can select the “Change tracking” button at the bottom of the Rule Audit tab or the Object Group tab
- You can also choose Options > “Compare with…” in the Path Analysis tab to show the differences between 2 path analysis
Unused address groups are groups found in the configuration file that are not used by a rule and could be removed. The detail of the unused group names can be found in the log tab.
Pseudo firewalls indicates that NP-View identified a VPN from a configuration file but could only show one of the 2 VPN endpoints in the map. Another end point was created but since NP-View makes an assumption about its existence, it’s called a pseudo firewall.
Windows server is default optimized for running background services. Changing the sever performance options to programs will provide the necessary server resources to render the graphics.
Custom views are used to provide sub-views of large workspaces. For example, if a workspace contains 12 primary devices and the user wishes to view them in groups of three. They can create custom views with three devices each. Alternatively, they can create a new workspace with three devices. The functionality is equivalent with the exception that user comments are workspace specific. If a user populates the comment fields in one workspace, the information is not shared with a new workspace containing the same devices. Additionally, large workspaces require more CPU and RAM to operate efficiently. Breaking the devices into smaller workspaces will perform better for lower powered computers.