Chapter 6
Future Considerations and Challenge Problems
Abstract
This chapter provides a wrap-up of the book along with some critical observations and predictions by the author. In addition, several key challenge problems are presented to advance the core solutions presented in the text.
Keywords
Future
Challenge Problems
Author Observations
More Information
Source Code
Truth Tables
Download
“There are two levers for moving men: interest and fear.”
Napoleon Bonaparte
Author Observations
Developing this text and the associated scripts has been quite enjoyable. At the outset, my goal was to develop a text and scripts written in Python to perform the foundation of passive network mapping. This foundation has many uses and my hope is that it will continue to evolve.
In a world where we need to strike an achievable balance between security and privacy, I believe the concepts shared in this book provide the beginnings and underpinnings of that balance. None of the scripts or methods provided here analyze or expose the contents of network packets, rather they only focus on the end-to-end connections and key header information.
According to 18 U.S. Code § 3121 “a government agency authorized to install and use a pen register or trap and trace device under this chapter or under State law shall use technology reasonably available to it that restricts the recording or decoding of electronic or other impulses to the dialing, routing, addressing, and signaling information utilized in the processing and transmitting of wire or electronic communications so as not to include the contents of any wire or electronic communications”
I wanted to make sure that the P2NMAP scripts met these requirements for two basic reasons:
1. I wanted the scripts to be usable in a wide range of lawful situations both by law enforcement and within corporate environments.
2. I wanted to demonstrate that staying within these limits could provide a useful and extensible toolset. The results of this first step may generate enough probable cause to generate a warrant that would then allow the examination of content.
Additionally, my goal was to create a full open source solution in order to:
1. Provide a baseline for other researchers, developers, academics and students, allowing them to advance the scripts to suit their specific needs.
2. Demonstrate that it was possible to create a Python-only source code solution for the capture, analysis and OS Fingerprinting of observed network traffic.
3. Provide a solution that could be safely deployed in environments where it could be dangerous to perform active network mapping, where damage to, or shutdown of critical information systems could occur, (e.g. SCADA environments).
4. Provide a Python-only solution where the resulting scripts would be portable across a wide range of computing platforms.
5. Finally, to allow the review by others to ensure that what has been presented meets these goals and objectives.
Author Predictions
Figure 6-1 Future Predictions.
Due to the combination of….
▪ strengthening security controls
▪ mobile device integration
▪ the broad acceptance of Bring Your Own Device (BYOD) models
▪ the entrée of wearable networked devices
▪ the movement toward the Internet of Things (IOT) philosophies
▪ the increased use of data leak prevention systems
▪ the improved application of firewalls, content filters
▪ the widespread deployment of intrusion prevention apparatus within corporate infrastructures
▪ and the continued reduction in the cost of data storage devices
…. the following predictions seem reasonable:
1. Monitoring (in other words, continuous passive network capture) will increase dramatically. As the devices we utilize each day become more transient players in the networks we control, our ability to actively scan or map these activities will become almost impossible.
2. Our ability to track devices and the humans attached to them is already quite elusive, and will continue to become more difficult as the explosive nature of these devices we carry or wear expands.
3. The line between broadband and land based networks will continue to blur. Even today our devices automatically switch seamlessly from one wireless network, to another, to broadband and back again even when we don’t leave our homes!
4. Our ability to mine this data and make sense of it will become vital, if we wish to solve crimes, ferret out malicious insiders, stop the leakage of personal or corporate information and one day pre-empt nefarious acts instead of just reacting to them once they become the latest New York Times headline. We obviously must change our tactics.
Figure 6-2 New York Times Technology Headline 2-5-2015.
Of course privacy concerns continue to expand as the digital footprint that we leave with every click, post, tweet, music/video download, App purchase or now even every time we start our car or open our fridge expands. These actions become fodder for government monitoring, commercial gains and potential criminal activity.
Challenge Problems
Several key challenge problems exist that are logical next steps. These can be approached by individuals, graduate and undergraduate students (with assistance) and by organizations wishing to participate in the evolution of the P2NMAP technologies.
Challenge 1: Passive OS Fingerprints – The development a complete truth table or other decision making model for a wide variety of operating signatures is essential. This requires both an initial effort to develop the current baseline (moving back in time) as well as methods to measure new versions.
Challenge 2: IPv6 – The challenge of evolving P2NMAP scripts to support IPv6 environments is two-fold. First, in order to perform the same level of capture and analysis that is currently supported for IPv4. Second, to examine/analyze and observe IPv6 headers to identify key data elements that would improve OS Fingerprinting.
Challenge 3: Wireless Passive Network Mapping – P2NMAP today will capture connections from WiFi devices as they flow in and out of current network switches. However, providing the ability to passively capture and analyze wireless connection in the air and mapping their temporal behaviors would be beneficial.
Challenge 4: IP Activity Mapping – The current capture and analysis capabilities of P2NMAP provide the fundamental data necessary to map behavior by specific IP addresses (clients or servers). However, sorting, filtering and visualizing this behavior would add significant value to investigators.
Challenge 5: Cross IP Link Analysis – It is likely that multiple P2NMAP captures or PCAP files collected from multiple network vantages points or even geographically separated networks is likely. The ability to combine, process and analyze a set of captures would provide a more global perspective for investigators.
Challenge 6: Python 3.3x – Porting P2NMAP-Capture, P2NMAP-Analyze, P2NMAP-OS-Fingerprint and P2NMAP-PCAP-Extractor should prove to be fairly straight-forward. This is the reason I minimized the use of 3rd party packages which is typically the most difficult aspect relating to the port.
Challenge 7: GUI vs Command Line – Finally, the current P2NMAP scripts are command line based in order to focus on core details of passive capture, analysis and OS fingerprinting. However, there are certainly benefits to wrapping the core scripts into a GUI for ease of use, configuration, management of captures, reporting and general visualization.
More Information
For additional information, the latest source code downloads, updated truth tables and other P2NMAP information:
Visit:
To contact the author directly:
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.