Infrastructure Discovery Report

Pre-requisites

In order to collect data required to produce this report, a single Sentinel agent program needs to be installed within the managed environment.

Read more about Apteriks distributed architecture.

Methodology

This report was automatically generated by the Apteriks portal. The following discovery techniques were used:

  • ICMP ping sweep & DNS name resolution
  • TCP Port scanning
  • SNMP Discovery and Inventory

Completeness

All discoveries and data collection were done by the Sentinel agent, and the following factors influence the completeness of this report:

  • Clear the path. Make sure that firewalls or network filters do not block the communication between the Sentinel and the scanned networks;
  • Scan for more. In order to detect active network services and vulnerabilities, you will need to scan for as many TCP ports as possible. If you do not have the premium account, you are scanning for a very small subset of network services.
  • Enable SNMP. Turn on this protocol on your devices and specify SNMP credentials during the scanning. This populates the inventory, such as Vendor/Hardware/Software details. Take care of the security - use SNMPv3 with encryption and authentication.

Target scope

VRF Company ABC
Network address 10.55.104.0/25
Network Name WEB hosting segment, DC South
Network Description
Report generation time 11/19/2019 8:54:11 PM (UTC)

Table of contents

Summary of key observations

Top 10 slowest hosts

Top 10 most exposed hosts

Top 10 TCP Services

IP Addresses with naming issues

Vendor distribution

Device Inventory

Databases

Domain Controllers

VMware ESXi servers

File shares

DNS servers

IP Addresses down or with unknown status

All discovered services

TCP service groups

All discovered IP Addresses

Summary of key observations

Network size (IP's)
126
Allocated IP's
9
Network utilization
7%
Hosts with naming issues
1
Hosts with TCP services
8 (88%)
Hosts with SNMP support
8 (88%)
TCP services
20
Vendors
8
Databases
4
File Shares
1
DNS Servers
2
Domain Controllers
1
VMware ESXi servers
0

Back to top

Top 10 slowest hosts

This chapter highlights IP addresses with the worst Round Trip Time. They were the slowest to reply to the discovery requests. Note that the time is measured between the Sentinel agent that performed the discovery and destination IP addresses.

The average Round Trip Time is 5.2 msec.

The following table provides the list of slowest hosts on the network.

Name DNS Name IP Address Round trip time (ms)
xps123 xps123.company.com 10.55.104.23 21
xs04 XS04.company.com 10.55.104.11 7
xs3 xs03.company.com 10.55.104.10 5
gateway gw.company.com 10.55.104.1 2
xps124 xps124.company.com 10.55.104.24 2
xps125 xps125.company.com 10.55.104.25 2
xps126 xps126.company.com 10.55.104.26 2
NAA16.company.com 10.55.104.12 1

Back to top

Top 10 most exposed hosts

This chapter lists IP addresses with the biggest amount of enabled TCP services. These would typically be the servers in the datacenter, but can also be hosts with a lot of default open TCP ports. Open TCP services can be exploited by malicious users to gain access to a computer. To improve the security, leave only the services that you know are necessary for the operation.

The following table provides the list of most exposed IP addresses on the network.

Name DNS Name IP Address # Services Enabled TCP Services
xps124 xps124.company.com 10.55.104.24 7 22, 53, 110, 143, 443, 993, 3306
xps125 xps125.company.com 10.55.104.25 6 53, 88, 139, 389, 445, 3306
xs04 XS04.company.com 10.55.104.11 5 21, 22, 23, 80, 8080
xps123 xps123.company.com 10.55.104.23 5 80, 1433, 3389, 5985, 47001
xs3 xs03.company.com 10.55.104.10 4 21, 22, 23, 80
gateway gw.company.com 10.55.104.1 2 22, 23
NAA16.company.com 10.55.104.12 2 80, 443
xps126 xps126.company.com 10.55.104.26 1 27017

Back to top

Top 10 TCP Services

This chapter lists TCP services that are most frequently enabled on scanned network(s).

TCP Service Enabled on # of IP addresses
22 (ssh), 80 (http) 4
23 (telnet) 3
21 (ftp), 53 (domain), 443 (https), 3306 (mysql) 2
88 (kerberos), 110 (pop3), 139 (netbios-ssn), 143 (imap), 389 (ldap), 445 (microsoft-ds), 993 (imaps), 1433 (ms-sql-s), 3389 (ms-wbt-server), 5985 (wsman), 8080 (http-alt), 27017, 47001 (winrm) 1

Back to top

IP Addresses with naming issues

This chapter lists IP addresses that lack DNS or administrative names. As a rule, every IP host must have the proper DNS name, especially when it comes to servers.

Out of 9 analyzed IP addresses 1 had naming issues.

The following table provides the list of IP addresses that lack DNS names.

IP Address Administrative name # TCP Services
10.55.104.13 caret 0

Back to top

Vendor distribution

This chapter shows the distribution of hardware/software vendors detected by the SNMP protocol.

The content of this chapter is determined by the level of SNMP protocol adoption on the network. If SNMP protocol is enabled on the device and credentials are provided during the infrastructure discovery, the device details will be retrieved.

During the discovery 8 device(s) responded to SNMP queries.

There are 1 other device(s) on this network without SNMP support; please enable it and scan the network again in order to derive better conclusions. Note that only SNMPv3 in "authPriv" mode provides the adequate level of security by enforcing proper encryption and authentication.

The following table provides the list of detected device vendors.

Vendor name Device count
ciscoSystems 1
Juniper Networks, Inc. 2
Network Appliance Corporation 1
Microsoft 4

Back to top

Device inventory

This chapter shows the inventory details as reported by devices during the scanning.

The content of this chapter is determined by the level of SNMP protocol adoption on the network. If SNMP protocol is enabled on the device and credentials are provided during the infrastructure discovery, the device details will be retrieved.

There are 1 device(s) on this network without SNMP support; please enable it and scan the network again in order to derive better conclusions.

During the discovery, 8 device(s) responded to SNMP queries.

Node Name Vendor System name System uptime System description
10.55.104.1 gateway (gw.company.com) ciscoSystems NLAMS-R03 Cisco IOS Software, C2900 Software, Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc.
10.55.104.10 xs3 (xs03.company.com) Juniper Networks, Inc. NLAMS-XS03 Juniper Networks, Inc. srx240h2 internet router, kernel JUNOS 11.4R10.3
10.55.104.11 xs04 (XS04.company.com) Juniper Networks, Inc. NLAMS-XS08 Juniper Networks, Inc. srx240h2 internet router, kernel JUNOS 11.4R10.3
10.55.104.12 (NAA16.company.com) Network Appliance Corporation NLAMS-NAA16 NetApp Release 8.1.1P1 7-Mode: Tue Aug 21 16:54:20 PDT 2018
10.55.104.23 xps123 (xps123.company.com) Microsoft Server Hardware: Intel64 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 9600 Multiprocessor Free)
10.55.104.24 xps124 (xps124.company.com) Microsoft Server Hardware: Intel64 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 9600 Multiprocessor Free)
10.55.104.25 xps125 (xps125.company.com) Microsoft Server Hardware: Intel64 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 9600 Multiprocessor Free)
10.55.104.26 xps126 (xps126.company.com) Microsoft Server Hardware: Intel64 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 9600 Multiprocessor Free)

Back to top

Databases

This chapter shows the list of discovered databases. They are listed based on the assumption that all databases use their default TCP ports.

Overview

Database type Count
Microsoft SQL 1
Oracle -
MySQL 2
PostgreSQL -
DB2 (pre-version 8) -
DB2 (version 8 and later) -
MongoDB 1
Sybase -
Teradata -
TOTAL 4

Microsoft SQL databases

Microsoft SQL Server is a relational database management system developed by Microsoft.

# IP Address Name DNS Name
1 10.55.104.23 xps123 xps123.company.com

MySQL databases

MySQL is a relational database management system (RDBMS) with open source code; it is the most widely used open-source database.

# IP Address Name DNS Name
1 10.55.104.24 xps124 xps124.company.com
2 10.55.104.25 xps125 xps125.company.com

MongoDB databases

MongoDB (from humongous) is a cross-platform document-oriented database. Classified as a NoSQL database, MongoDB eschews the traditional table-based relational database structure in favor of JSON-like documents with dynamic schemas (MongoDB calls the format BSON), making the integration of data in certain types of applications easier and faster. MongoDB is free and open-source software.

# IP Address Name DNS Name
1 10.55.104.26 xps126 xps126.company.com

Back to top

Domain Controllers

This chapter shows the list of discovered Domain Controllers. On Microsoft Servers, a domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain.

# IP Address Name DNS Name
1 10.55.104.25 xps125 xps125.company.com

Back to top

VMware ESXi servers

This chapter shows the list of discovered VMware ESXi servers. VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers. ESX runs on bare metal (without running an operating system) unlike other VMware products.

No ESXi servers were detected during the discovery.

Back to top

File Shares

This chapter shows the list of discovered file shares. The Common Internet File System (CIFS) is the standard way that computer users share files across corporate intranets and the Internet. An enhanced version of the Microsoft open, cross-platform Server Message Block (SMB) protocol, CIFS is a native file-sharing protocol in Windows and is supported by many other operating systems.

# IP Address Name DNS Name
1 10.55.104.25 xps125 xps125.company.com

Back to top

DNS Servers

This chapter shows the list of discovered DNS servers. The most important function of Domain Name System (DNS) servers is the translation (resolution) of human-memorable domain names and hostnames into the corresponding numeric Internet Protocol (IP) addresses.

# IP Address Name DNS Name
1 10.55.104.24 xps124 xps124.company.com
2 10.55.104.25 xps125 xps125.company.com

Back to top

IP Addresses down or with unknown status

This chapter provides the list of IP addresses that have the configured DNS name, but do not respond to discovery requests.

Typically, there would be two reasons for this situation:

There are 0 IP addresses detected in this category.

Back to top

All discovered services

This chapter provides the list of all discovered TCP services, giving you the precise operational status of active services.

In total 20 TCP services were discovered on 9 devices.

# TCP Service Enabled on # of IP addresses
1 TCP port 21 (ftp) 2
2 TCP port 22 (ssh) 4
3 TCP port 23 (telnet) 3
4 TCP port 53 (domain) 2
5 TCP port 80 (http) 4
6 TCP port 88 (kerberos) 1
7 TCP port 110 (pop3) 1
8 TCP port 139 (netbios-ssn) 1
9 TCP port 143 (imap) 1
10 TCP port 389 (ldap) 1
11 TCP port 443 (https) 2
12 TCP port 445 (microsoft-ds) 1
13 TCP port 993 (imaps) 1
14 TCP port 1433 (ms-sql-s) 1
15 TCP port 3306 (mysql) 2
16 TCP port 3389 (ms-wbt-server) 1
17 TCP port 5985 (wsman) 1
18 TCP port 8080 (http-alt) 1
19 TCP port 27017 1
20 TCP port 47001 (winrm) 1

Back to top

TCP service groups

This chapter groups IP addresses by the TCP Service that runs on them. It allows you to see which hosts perform a particular function on your network, putting guesswork aside.

TCP Service 21 ftp

Service description: File Transfer [Control]

More details on the utilization and abuse of port 21

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.10 xs3 xs03.company.com
2 10.55.104.11 xs04 XS04.company.com

TCP Service 22 ssh

Service description: The Secure Shell (SSH) Protocol

More details on the utilization and abuse of port 22

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.1 gateway gw.company.com
2 10.55.104.10 xs3 xs03.company.com
3 10.55.104.11 xs04 XS04.company.com
4 10.55.104.24 xps124 xps124.company.com

TCP Service 23 telnet

Service description: Telnet

More details on the utilization and abuse of port 23

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.1 gateway gw.company.com
2 10.55.104.10 xs3 xs03.company.com
3 10.55.104.11 xs04 XS04.company.com

TCP Service 53 domain

Service description: Domain Name Server

More details on the utilization and abuse of port 53

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.24 xps124 xps124.company.com
2 10.55.104.25 xps125 xps125.company.com

TCP Service 80 http

Service description: World Wide Web HTTP

More details on the utilization and abuse of port 80

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.10 xs3 xs03.company.com
2 10.55.104.11 xs04 XS04.company.com
3 10.55.104.12 NAA16.company.com
4 10.55.104.23 xps123 xps123.company.com

TCP Service 88 kerberos

Service description: Kerberos

More details on the utilization and abuse of port 88

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.25 xps125 xps125.company.com

TCP Service 110 pop3

Service description: Post Office Protocol - Version 3

More details on the utilization and abuse of port 110

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.24 xps124 xps124.company.com

TCP Service 139 netbios-ssn

Service description: NETBIOS Session Service

More details on the utilization and abuse of port 139

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.25 xps125 xps125.company.com

TCP Service 143 imap

Service description: Internet Message Access Protocol

More details on the utilization and abuse of port 143

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.24 xps124 xps124.company.com

TCP Service 389 ldap

Service description: Lightweight Directory Access Protocol

More details on the utilization and abuse of port 389

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.25 xps125 xps125.company.com

TCP Service 443 https

Service description: http protocol over TLS/SSL

More details on the utilization and abuse of port 443

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.12 NAA16.company.com
2 10.55.104.24 xps124 xps124.company.com

TCP Service 445 microsoft-ds

Service description: Microsoft-DS

More details on the utilization and abuse of port 445

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.25 xps125 xps125.company.com

TCP Service 993 imaps

Service description: imap4 protocol over TLS/SSL

More details on the utilization and abuse of port 993

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.24 xps124 xps124.company.com

TCP Service 1433 ms-sql-s

Service description: Microsoft-SQL-Server

More details on the utilization and abuse of port 1433

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.23 xps123 xps123.company.com

TCP Service 3306 mysql

Service description: MySQL

More details on the utilization and abuse of port 3306

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.24 xps124 xps124.company.com
2 10.55.104.25 xps125 xps125.company.com

TCP Service 3389 ms-wbt-server

Service description: MS WBT Server

More details on the utilization and abuse of port 3389

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.23 xps123 xps123.company.com

TCP Service 5985 wsman

Service description: WBEM WS-Management HTTP

More details on the utilization and abuse of port 5985

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.23 xps123 xps123.company.com

TCP Service 8080 http-alt

Service description: HTTP Alternate (see port 80)

More details on the utilization and abuse of port 8080

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.11 xs04 XS04.company.com

TCP Service 27017

Service description:

More details on the utilization and abuse of port 27017

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.26 xps126 xps126.company.com

TCP Service 47001 winrm

Service description: Windows Remote Management Service

More details on the utilization and abuse of port 47001

Devices on which this service is enabled:

# IP Address Name DNS Name
1 10.55.104.23 xps123 xps123.company.com

Back to top

All discovered IP Addresses

This chapter provides the list of all discovered IP addresses, along with TCP services that run on them.

Name DNS Name IP Address # TCP Services Enabled TCP Services
gateway gw.company.com 10.55.104.1 2 22, 23
xs3 xs03.company.com 10.55.104.10 4 21, 22, 23, 80
xs04 XS04.company.com 10.55.104.11 5 21, 22, 23, 80, 8080
NAA16.company.com 10.55.104.12 2 80, 443
caret 10.55.104.13 0
xps123 xps123.company.com 10.55.104.23 5 80, 1433, 3389, 5985, 47001
xps124 xps124.company.com 10.55.104.24 7 22, 53, 110, 143, 443, 993, 3306
xps125 xps125.company.com 10.55.104.25 6 53, 88, 139, 389, 445, 3306
xps126 xps126.company.com 10.55.104.26 1 27017

Back to top