System for automatically analyzing computer network connectivity

Abstract

The invention discloses a system for automatically analyzing computer network connectivity, wherein the system acquires the connectivity of any two hosts alive in a network by analyzing configuration files of a device (which is mainly a firewall) influencing the connectivity in the network, and comprises a human-machine interaction part, an information acquisition part, an information preprocessing part, a core analysis part and a connected graph drawing part. The human-machine interaction part is used for realizing the interaction between a user and system information; the information acquisition part is used for completing the acquisition of the configuration files of the firewall and the detection of hosts alive in the network; the information preprocessing part is used for preprocessing information acquired by the information acquisition part; the core analysis part is used for analyzing a result generated by the information preprocessing part and acquiring the connectivity information between any two hosts alive; and the connected graph drawing part is used for drawing a network connected graph. The system disclosed by the invention is high in operating speed and basically free from network scale, can be applied to large-scale networks and further has the advantages of high automation degree, wide application range and strong expandability.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and more specifically relates to an automatic analysis system for computer network connectivity, which can obtain the connectivity between hosts in the entire network system by analyzing firewall configuration files in the network system. Background technique [0002] The connectivity between hosts in the network is the basis for vulnerability and penetration analysis of the entire network. For example, if one host exploits a target host's vulnerability, the prerequisite for successfully invading the host is that the two hosts are connected, that is, the successful exploit The vulnerability requires normal communication between two host-specific ports. Therefore, obtaining the connectivity of any two hosts in the entire network is of great significance for network security management and penetration testing. [0003] From domestic and foreign database retrieval and literature a...

AI Technical Summary

Problems solved by technology

This test method can only determine that two hosts can communicate through the ICMP protocol at the network layer, but high-level protocols such as TCP protocol communication status and specific communicable port numbers cannot be obtained, which is obviously not enough for vulnerability analysis. , and the number of tests of this method will be N with the increase of the number of hosts N in the network 2 The increase of the level cannot be applied to large-scale networks; the scanning method refers to using tools such as Nessus to scan the ports of each host to find the ports that are open and running

This method needs to scan all ports of all hosts in the network, which consumes a lot of time and is difficult to apply to large networks

Moreover, due to the existence of security devices such as firewalls, the accuracy of this method is not high

Images