What’s New in ntopng: Network Assets

Posted · Add Comment

Hello everybody!

Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback!

Today we are going to talk about the Asset Map.

Have you ever asked yourself, what are the NTP servers in your network? Or, are all active DNS servers?

Well, the Asset Map is useful  exactly in this case.

The Asset Map is a map we designed to know what exactly is (are) the DNS, NTP,… server(s) active in a network. This could be really useful in many case,  just think of a couple of cases:

  • If you are an ISP, many users “use” your network and you’d like to know if your network was compromised, or if the users you have are correctly using the resources you gave them, correctly.
  • If you instead have a large or small network, you’d like to know if you configured correctly the entire network with the right DNS, SMTP,… servers or if by mistake (or not) you have some unwanted server.

The Asset map is a “simply” a map showing the flows with specific protocols used in order to understand and see which are your assets (currently limited to):

  • DNS server
  • NTP server
  • SMTP server
  • POP server
  • IMAP server

The asset map will depict the above servers and include service edges. This is both useful to understand if there was some misconfiguration in your network, or if some of your machine is infected (there are many attacks where infected hosts presets themselves as DNS or NTP even if they are not).

This feature is the first step towards asset management support in ntopng. We’re working hard at developing it, and this will be one of the new features of the upcoming release. Stay tuned !