7. Network Visualization

You are here:
< All Topics

Network visualization is one of the most powerful function of NP-View and NP-Live.  After the user creates a workspace and imports configuration files and supporting meta data, the visualization function process the information into a usable network diagram. From the network diagram, the user can rearrange the objects on the canvas by selecting and dragging a device to a new location.

Topology Network Map

Devices can be assigned a name (e.g., grey text tag), a category (colored text tag) and criticality (colored ring).

If a device has active alerts, the number of alerts is displayed in the top-right corner (red circle).

If a device has comments, the number of alerts is displayed in the top-left corner (blue circle).

Multiple devices can be selected by holding the shift key down and dragging the mouse.  Once selected, the devices can be assigned to a zone (yellow grouping) by selecting the “Create new zone from selection” link .  The zone can be named, categorized and assigned a criticality. Zones can be edited to add and remove devices, color coded and deleted.

Additional topology features include expand / collapse a node, auto arrange peers in a circle, auto define all zones and pin / unpin a specific node.

Right clicking on a device will provide options available to that device which can include running analyses and formatting.

When selecting a device, the device attributes will be displayed on the left device information menu.

Unmapped hosts (nodes) indicate IP addresses that could not be connected to a subnet in the topology based on IP and netmask relationship.

Tip: When importing a large number of devices, the topology map may initially display with overlapping devices.  By selecting unpin, moving one device, selecting center and then pin, the map will auto arrange.

Firewall Device Information

For Firewalls, the panel to the left will be displayed.

The user can rename the device, assign a category and a device criticality. Additional information includes being able to review multiple version of configuration files and compare them with the diff viewer.

A risk assessment grade is assigned for each firewall based on the number of open risks and warnings and their associated criticality.

The connectivity matrix shows all of the connections for the selected firewall and the IP rules for each connection.

Risks and Warnings shows the active risks, warnings and their criticality for the selected device.

Access Rules shows the rule table for the selected device with the ability to compare two sets of rules and display the differences.

Object groups shows the object groups for the selected device.

A summary of the number of routes and a table of the interfaces is also displayed.

Administrators and Workspace Admin’s can delete the device from the workspace.




Network & Gateway Information

For networks and gateways, the panel to the left will be displayed:

The user can rename the device, assign a category and a device criticality.

Additional information includes being able to review IP address of the connected hosts.

Display inbound connectivity / outbound paths as well as displaying traces and stepping stone analysis. (See below)

Traces can be loaded from PCAP files, which are network data captures recorded by tools such as Wireshark or TCPDump.

Stepping stone analysis displays the number of hops between the selected system and its nearest neighbors. (See below)

The user can also search the config file for the device.



Host Information

And for hosts, the following is displayed

The user can rename the device, assign a category and a device criticality.

Display inbound / outbound connectivity paths as well as displaying traces and stepping stone analysis.  Inbound and outbound connections are filtered to show the exact match for a given path. In some cases, no inbound or outbound paths will be displayed. (See below)

Display the services loaded from netstat files.

Display vulnerabilities loaded from Nmap, Nexpose, Nessus, and Qualys files.

The user can also search the config file for the device.




Connectivity Information

Clicking on the arrow (>) in the above will expand the inbound and outbound connections.  Clicking on any service or IP will highlight the path on the topology map.  Source objects are designated by red  circles (out) and destination objects are highlighted by blue circles (in).

Additional path information is shown including the rule associated with the path.  Clicking on the blue text will invoke the rule table and associated information.  The user can also add a comment if required.

Stepping Stone Analysis

Clicking on the stepping stone button will invoke the stepping stone analysis.  The stepping stone analysis depicts the number of hops away from the target device other devices are.

Main Menu Features

Several topology features are presented on the main menu available in the top-left corner.

  • Auto group – automatically creates a series of zones based on the connections in the workspace. Once enabled, zones need to be manually deleted if no longer wanted.
  • Custom Views – Two views are automatically created for each workspace.  Default shows all of the devices in the workspace and the birds eye view shows only the firewalls in the workspace.  Additional views displaying selected devices can be created by the user to simplify the viewing of complex topologies.
  • Highlight paths – Allows the user to view device / open port combinations on the topology map.
  • Export map – exports the topology map to PDF of Visio for record retention.
Table of Contents