WIXLIB

NAVALPOSTGRADUATESCHOOLMONTEREY, CALIFORNIATHESISMAPPING, AWARENESS, AND VIRTUALIZATIONNETWORK ADMINISTRATOR TRAINING TOOL(MAVNATT) ARCHITECTURE AND FRAMEWORKbyDaniel C. McBrideJune 2015Thesis Advisor:Thesis Co-Advisor:Gurminder SinghJohn GibsonApproved for public release; distribution is unlimited

THIS PAGE INTENTIONALLY LEFT BLANK

REPORT DOCUMENTATION PAGEForm Approved OMB No. 0704–0188Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction,searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Sendcomments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, toWashington headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503.1. AGENCY USE ONLY (Leave blank)2. REPORT DATEJune 20153. REPORT TYPE AND DATES COVEREDMaster’s Thesis4. TITLE AND ADMINISTRATOR TRAINING TOOL (MAVNATT) ARCHITECTURE ANDFRAMEWORK6. AUTHOR(S) Daniel C. McBride7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)Naval Postgraduate SchoolMonterey, CA 93943-50009. SPONSORING /MONITORING AGENCY NAME(S) AND ADDRESS(ES)Marine Forces Cyber Command5. FUNDING NUMBERS8. PERFORMING ORGANIZATIONREPORT NUMBER10. SPONSORING/MONITORINGAGENCY REPORT NUMBER11. SUPPLEMENTARY NOTES The views expressed in this thesis are those of the author and do not reflect the official policyor position of the Department of Defense or the U.S. Government. IRB Protocol number N/A .12a. DISTRIBUTION / AVAILABILITY STATEMENTApproved for public release; distribution is unlimited13. ABSTRACT (maximum 200 words)12b. DISTRIBUTION CODEATactical networks are becoming more critical in maintaining centers of gravity for military operations as cyberspacebecomes contested at all levels of war. As a result, the growth of network centric operations and increased operationaltempo in the cyber domain has created a significant training gap for tactical network administrators. This researchsuggests that a computer-based environment can integrate the operational network and a training network into thesame system to allow tactical network administrators to concurrently administer the network and conduct realistictraining on an identical virtual network. A review of commercial and open-source tools identifies the baseline for anarchitecture and framework for this system. The architecture consists of a modular design comprised of mapping,awareness, and virtualization modules. The framework integrates these modules by defining a network topologyformat, programming language, graphical user interface solution, and virtualization solution. This research concludesby providing an implementation that demonstrates desired capabilities. While we demonstrate that the project goalsare attainable, there is a need for further research and development to deploy this capability to fleet units.14. SUBJECT TERMSnetwork administrator training, network management, network virtualization, tactical networktopology, rapid network design, modeling and simulation15.NUMBERPAGES9916. PRICE 0. LIMITATION OFABSTRACT18.SECURITYCLASSIFICATION OF THISPAGEUnclassifiedNSN 7540–01-280-550019.SECURITYCLASSIFICATION OFABSTRACTUnclassifiedOFUUStandard Form 298 (Rev. 2–89)Prescribed by ANSI Std. 239–18i

THIS PAGE INTENTIONALLY LEFT BLANKii

Approved for public release; distribution is unlimitedMAPPING, AWARENESS, AND VIRTUALIZATION NETWORKADMINISTRATOR TRAINING TOOL (MAVNATT) ARCHITECTURE ANDFRAMEWORKDaniel C. McBrideMajor, United States Marine CorpsB.S., University of Missouri - Columbia, 1999Submitted in partial fulfillment of therequirements for the degree ofMASTER OF SCIENCE IN COMPUTER SCIENCEfrom theNAVAL POSTGRADUATE SCHOOLJune 2015Author:Daniel C. McBrideApproved by:Gurminder SinghThesis AdvisorJohn GibsonThesis Co-AdvisorPeter DenningChair, Department of Computer Scienceiii

THIS PAGE INTENTIONALLY LEFT BLANKiv

ABSTRACTTactical networks are becoming more critical in maintaining centers of gravity formilitary operations as cyberspace becomes contested at all levels of war. As a result, thegrowth of network centric operations and increased operational tempo in the cyberdomain has created a significant training gap for tactical network administrators. Thisresearch suggests that a computer-based environment can integrate the operationalnetwork and a training network into the same system to allow tactical networkadministrators to concurrently administer the network and conduct realistic training on anidentical virtual network. A review of commercial and open-source tools identifies thebaseline for an architecture and framework for this system. The architecture consists of amodular design comprised of mapping, awareness, and virtualization modules. Theframework integrates these modules by defining a network topology format,programming language, graphical user interface solution, and virtualization solution. Thisresearch concludes by providing an implementation that demonstrates desiredcapabilities. While we demonstrate that the project goals are attainable, there is a need forfurther research and development to deploy this capability to fleet units.v

THIS PAGE INTENTIONALLY LEFT BLANKvi

TABLE OF CONTENTSI. INTRODUCTION .1A. OVERVIEW .1B. MOTIVATION.2C. SCOPE .3D. RESEARCH OBJECTIVE .3E. EXPLORATORY RESEARCH QUESTIONS .4F. ASSUMPTIONS .4G. APPROACH .5H. BENEFITS OF RESEARCH .5I. ORGANIZATION .5II. BACKGROUND .7A. OVERVIEW .7B. NETWORK ADMINISTRATOR TRAINING .81.Required Training .82.Skill Progression/Enhancement Training .93.Training & Readiness Individual and Collective Events .94.Network Administrator Training in Tactical Environments.105.Network Administrator Training Summary .11C. CURRENT TOOLS SURVEY.111.Mapping .12a.Internet Protocol Suite .13b.Simple Network Management Protocol (SNMP).14c.Angry IP Scanner.16d.Nmap/Zenmap. .17e.Mapping Summary.182.Awareness .19a.SolarWinds Network Performance Manager.19b.Nagios .21c.OpenNMS .22d.Awareness Summary .233.Virtualization.24a.VirtualBox .25b.VMware Fusion.26c.Kernel-Based Virtual Machine (KVM) .27d.Virtualization Summary.284.Network Simulators .29a.Graphical Network Simulator (GNS3) .29b.Common Open Research Emulator .30c.Netkit.31d.Network Simulator Summary .325.Current Tools Survey Summary .33D. SUMMARY .34vii

III. DESIGN AND METHODOLOGY .37A. OVERVIEW .37B. MAVNATT ARCHITECTURE .371.Mapping .38a.Objectives .38b.Requirements.382.Awareness .39a.Objectives nts.404.Architecture Summary .40C. MAVNATT FRAMEWORK .40D. NETWORK TOPOLOGY FORMAT .411.Network Topology Format Objectives .422.Network Topology Format Review .42a.Neo4j .43b.JSON Format .43c.GraphML Format .43d.Network Topology Format Survey Summary .443.Network Topology Format Component Prototypes .44a.JSON Prototype .44b.GraphML Prototype .454.Network Topology Format Component Summary .45E. PROGRAMMING LANGUAGE .451.Programming Language Objectives .462.Programming Language Review .46a.C .46b.Java .47c.Python .47d.Programming Language Review Summary .473.Programming Language Component Summary .48F. GUI .481.GUI Objectives .492.GUI Review.49a.Java Swing GUI .49b.Python Tkinter GUI .50c.Qt GUI .50d.GUI Review Summary .503.GUI Component Prototype .50a.Python Tkinter GUI Prototype .514.GUI Component Summary .51G. VIRTUALIZATION API .521.Virtualization API Objectives .522.Component Prototypes .53viii

a.Java VirtualBox API.53b.Python VirtualBox API.533.Virtualization API Component Summary .54H. COMPONENT PROTOTYPE SUMMARY .54I. SUMMARY .55IV. IMPLEMENTATION .57A. OVERVIEW .57B. INTEGRATED PROTOTYPE .571.Prototype Design .572.Prototype Capabilities .57C. IMPLEMENTATION .581.Overview .582.Mapping .583.Awareness .604.Virtualization.63D. SUMMARY .65V. CONCLUSIONS AND FUTURE RESEARCH .67A. SUMMARY .67B. CONCLUSIONS .671.Research Objective .672.Exploratory Research Questions .68C. RECOMMENDATIONS FOR FUTURE RESEARCH .691.MAVNATT Architecture Future Research.70a.Mapping Module .70b.Awareness Module .70c.Virtualization Module .712.MAVNATT Framework Future Research .72a.Network Topology Format Component.72b.GUI Component .723.MAVNATT System Future Research .724.MAVNATT Employment Considerations .73a.Network Planning and Validation Tool .73b.Integrated Network Training .73c.Cyber Operations.73LIST OF REFERENCES .75INITIAL DISTRIBUTION LIST .79ix

THIS PAGE INTENTIONALLY LEFT BLANKx

LIST OF FIGURESFigure 1.Figure 2.Figure 3.Figure 4.Figure 5.Figure 6.Figure 7.Figure 8.Figure 9.Figure 10.Figure 11.Figure 12.Figure 13.Figure 14.Figure 15.Figure 16.Figure 17.Figure 18.Figure 19.Figure 20.Figure 21.Figure 22.Figure 23.Figure 24.Figure 25.Figure 26.Figure 27.Figure 28.Figure 29.Figure 30.Figure 31.MAVNATT Conceptual Model .7Individual 0651 Training Events, from [7] .9Sample of Collective Training Events, from [7] .10Internet Protocol Suite, from [9] .13SNMP Model, from [14] .15Angry IP Scanner Interface on Mac OS X, from [15] .17Zenmap Interface on Mac OS X .18SolarWinds NPM 11.5 Interface, from [21] .20Nagios Interface, from [26].21OpenNMS Interface, from [27].22VirtualBox Interface on Windows, from [30].26VMware Fusion 7 Interface, from [35] .27KVM Interface .28GNS3 Interface, from [37] .30CORE Interface, from [38] .31Netkit Interface, from [40] .32MAVNATT Model compared to Network Monitoring and NetworkSimulation Tools .34MAVNATT Conceptual Model .37MAVNATT Framework .41MAVNATT Network Topology Format Integration .42MAVNATT Programming Language Integration .46MAVNATT GUI Integration .48Mockup - MAVNATT GUI .

network and a training network into the same system to allow tactical network administrators to concurrently administer the network and conduct realistic training on an identical virtual network. A review of commercial and open-source tools identifies the baseline for an architecture and