This is an enterprise Commercial Off The Shelf (COTS) solution for network intelligence that provides comprehensive network mapping and leak detection capability with interactive visualization tools for analyzing information on the state of the DoD IT infrastructure. The Enterprise Network Mapping and Leak Detection Solution (ENMLDS) grants discovery across an unlimited count of assets connected to the .mil domain (including both the classified and unclassified networks).
The operational vision of ENMLDS is to provide an enterprise leak detection capability as its primary focus, with support for continuous mapping of the SIPRNet and NIPRNet. ENMLDS provides the Services with an automated tool to improve situational awareness and Computer Network Defense (CND) while helping with compliance to the DoD Information Operations Condition (INFOCON) level.
ENMLDS is comprised of four components which provides for scalability and future growth of CND capabilities to fulfill current and future security and management gaps. ENMLDS will empower the network operators and defenders with a graphical mapping of the network interconnections including detailed reporting on each asset discovered across the enclave. The detailed reporting provides information on the quantity, model, operating system version, and interconnection of network assets.
Functioning as the data repository, Report Servers separate report generation from scanning to further reduce IPsonar’s operational footprint. A single remote Report Server can support multiple Scan Servers.
These resources are positioned at appropriate points in the network to assure that business applications and even the lowest-speed network links are unaffected by IPsonar network traffic. Multiple scans can be run simultaneously.
Accurate, complete network scanning is achieved through the use of network entry points called Sensors. These portable entry points provide the flexibility to address even the fastest changing networks.
Network Discovery proactively identifies the network and its perimeter including address space, hosts, devices and the true interconnectivity of sub-networks throughout the enterprise.
- Host Discovery
Host Discovery enumerates the IP devices on the active network segments.
Leak Discovery identifies end-point and network devices that have inbound and/or outbound connectivity beyond the network perimeter to the Internet or other networks via Internet Control Message Protocol (ICMP) and UDP protocols.
Service Discovery leverages information derived from IP stacks to identify current and emerging Internet services and proprietary IP applications active on hosts and devices on the enterprise network.
- Device Discovery
Device Discovery identifies wireless access points by "banner-grabbing" or probing known management interfaces, specifically Hypertext Transfer Protocol (HTTP) and SNMP based interfaces.