Page tree


What can I discover?
Leverage Lumeta to discover routes, routers, inter-connectivity of the network, the nature of external connections, your network's edge, the core of your network, hosts, devices attached to your network (as well as their characteristics), and the anomalies of your network (e.g., whether a device is leaking, whether a device is answering on TCP ports that are unexpected, unknown networks or connections).  

How do I know what my network is?
Lumeta is the means to knowing what your network is. It provides you with an authoritative understanding of your network is:  the assets that comprise it, its perimeter, its forwarders, what traffic is coming in and going out of it, and the IP addresses and CIDRs that compose it.  

What parameters do I set for Lumeta to know what to scan?
You'll configure a Zone and Collectors to begin acquiring an understanding of your network. Collectors may be set up to execute one or more of the following discovery types:

  • Broadcast
  • OSPF
  • SNMP
  • Path
  • Host
  • Port
  • Leak Path
  • Discovery Spaces
  • Profile

Which parameters you set depends on what you are trying to learn about your network. See Configuration by Objective for more. 

What is active discovery?
Active discovery is network exploration that continuously incorporates data uncovered via passive listening techniques and via targeted discovery spaces.  This information is analyzed against network norms and policies to identify components that require further assessment, ensuring that shadowy corners and suspicious configurations on your network do not go unexamined. 

What parameters need to be set for active scanning?
You need to configure your collector(s) in a particular zone(s) before beginning your active scanning. The following parameters need to be set for active scanning to occur (per collector):

  • SNMP
  • Path
  • Host
  • Port
  • Spaces

You also need to designate Zone Network(s). 

What is passive scanning?
Passive discovery involves the monitoring of broadcast packets via ARP, DHCP, and ICMPv6, and passively participating in OSPF to discover routing topology.

What parameters need to be set for passive scanning?
The following parameters need to be addressed before you can begin passive scanning (per collector):

  • Broadcast
  • OSPF

What is the optimum configuration needed to run a scan?
In order to run a scan, you will need to have at least three collectors configured in at least one zone. This collector has to have at least one of the following parameters activated:

  • Broadcast OSPF 
  • Path SNMP
  • Host Port Leak Path  Discovery Spaces

What is the difference between Zone Network and Collector Discovery Space?
The Collectors operate within space under the allotted Zone Network Space. Configuration changes made on the Zone level are applied across any/all collectors configured in that zone. Collector Discovery Spaces control what is, and what is not, discovered at the collector level.

Lumeta Configuration

Since Lumeta is always scanning, and has configurable rescan intervals, it's important to be aware of the impact of your configuration on the network.  In Lumeta collectors are the equivalent of a scan configuration in IPsonar, and each zone (similar to a report/SDG) can have multiple collectors.  Each collector has its own rescan interval and target list.  When configuring path discovery or host discovery to scan a large target list or discovered routes, that collector should use a longer rescan interval to avoid continuously scanning the network.  To check the status of already discovered IPs or SNMP discovered IPs, another collector can be configured with a short rescan interval and no target list.  Regardless of rescan interval, whenever a new device or target is discovered, it is immediately scanned and is not affected by the rescan interval.

How many collectors do I need to configure?
Best practice is to configure 3 collectors - passive, path,  and host discovery.  Insert picture. 

How frequently should each collector discover?
The frequency of discovery for each collector is a decision best made by you. It is, however, ideal that you enable each collector while you can observe its discoveries. If your collector is only performing passive keep is short, 10 minutes is good enougu.  If doing path medium  30 minutes or more. SNMP - 45 minutes. long.  SNMP data doesn't change that often, so no need to scan so repetitively. Dynamic gets captured more frequently. 
 

What is the best practice for configuring collectors?  

There are a few practices you can use to maximize the efficiency of your collectors:

  1. When configuring path discovery or host discovery to scan a large target list or discovered routes, that collector should use a longer rescan interval to avoid continuously scanning the network.
  2.  To check the status of already-discovered IPs or SNMP-discovered IPs, another collector can be configured with a short rescan interval and no target list.

Zones

Roles define the system features and commands users can access. Each user is assigned a set of permissions, or role.

Asset Manager comes with three pre-defined roles that you can assign to a user. You can assign all three rolls to a user, two of the roles to a user, or none of the rolls to a user.

SysAdmin - Manages the system. Is concerned with details at device level (i.e., software and hardware). Can manage the Asset Manager System (Installation of License, Upgrading the System, Configuring CEF, Resetting the IP, Restarting services or system). The SysAdmin cannot log in to the Asset Manager GUI unless he or she has also been given the Viewer role, the Manager role, or has been flagged as a superuser.

Manager - Concerned with Asset Manager-specific details. Manages the Organization to which he/she belongs. Creates zones and collectors, assigning roles to users, subscribes to notifications, configures dashboards.
Manager can access GUI for the following functionality:

  • Can modify users – can edit the roles and password of a user.
  • Can add/modify/delete zones

  • Can add/modify collectors (and all its sub functionality)

  • Can configure notifications

  • Can not configure CEF notifications

  • Can view reports, maps and zones

Manager can access the following commands in CLI:

Viewer - Read only. User cannot manipulate zones or Asset Manager system software or hardware. Views the organization to which he/she belongs. Can view zones, collectors, maps, and dashboards.

What separates two zones?

Zones vary in their individual rules and policies. They can be as simple or as complex as defined by an organization and can be comprised of logical networks and subnets. So, the variations of these networks and/or subnets in the zones, as well as variations in their rules and policies firmly establishes each of them as separate from one another.


What network space do I need to set for zones?
There are additional Zone Networks at the Zone level:

  • These options are applied across any/all collectors configured in that Zone.
  • Known List - used for labeling devices (via CIDR blocks) as "Known" for reporting and analysis purposes.
  • Eligible list - used to allow Lumeta to probe networks further when they are discovered via  SNMP, for example.
  • Internal List - used for labeling devices (via CIDR blocks) as "Internal" for purposes of reporting, mapping, and analysis.

Note that the only option in Zone Network that controls or limits discovery within collectors is the Eligible List; the other two (Known Internal are for post-discovery reporting and analysis.

Discovery Objectives

Recently, the focus of the overall Lumeta Discovery Process has shifted to a "task oriented" methodology.  This is a change from IPsonar Classic's scanning or phase focus in concept and positioning with the market.  Being a continuous product Lumeta shifts the linear approach of scanning to a "what do you want to do" approach.  As an example, no longer will we discuss Network Discovery as a scanning phase,  but switch to a mind set of the "client wants to discover their network".  Although this task oriented approach may seem like a minimal change, it does have a significant impact on how we describe how, what and why clients use the product.

  1. Discover the network: The focus of this task is to provide the client information on their infrastructure.  Discovering the routes and routers, inter-connectivity of the network, defining external connections to partners, the Internet, etc.  Produces a representation of the network from both Layer 2 and Layer 3 of the OSI model.
  2. Discovery Type Use:

Active discovery of targeted networks which provides accurate coverage at the edges of the network

Passive discovery using routing protocols which provides instantaneous network updates and broadens understanding of the core of the network

Targeted System Inquires using SNMP which provides rich data gathered from the network equipment

  1. Discover the hosts: 
  2. Profile the devices: The focus of this task is to provide the client information on devices attached to their network.  Determining which devices are "alive and what they are (device type, OS, hardware, etc.).
  3. Discover the anomalies:  The focus of this task is to provide the client information on anomalies that have been discovered by Lumeta.  Determining if a device is leaking, whether a device is answering on TCP ports that are unexpected, finding unknown networks or connections, or any other discovered information that may be deemed anomalous either through Lumeta "best practices" or as defined by the user.

 


  • No labels