Recording of the network infrastructure including review of automation possibilities.
The RONAL Group is a global wheel manufacturer with 23 locations across 11 countries. These locations have local IT and OT networks that are interconnected, resulting in a company network that needs documentation of the network topology, especially concerning visibility which needs improvement.
Marco Kaufmann, 2023
Bachelor Thesis, RONAL Group
Betreuende Dozierende: Christopher Scherb
Keywords: network topology, automation, documentation, network, infrastructure
The company network is grown historically and is maintained by local IT system engineers at the locations. This results in a complex and partially inconsistent network which is also reflected in its documentation. Harmonization efforts have been made but the standardization across the company has still room for improvement. Especially, global visibility is not as desired and is the main pain point from an information security standpoint. Manually ensuring that the network documentation is up-to-date and complete is impossible in practice.
In order to understand the needs of a solution, requirements were defined using multiple elicitation methods. This includes interviews, feedback, and support from members of the information security team throughout the work, a visit to a production site, as well as a requirements survey. The findings were processed into a requirements catalog with a decision matrix. Research was conducted to identify potential solutions. After a pre-selection, three solutions were evaluated using the decision matrix. Based on the evaluation, a recommendation for one solution was given.
The evaluation showed that two of the three solutions (A, B, and C) were suitable for the problem at hand. Besides having the lowest score, the third option (C) also focused on technical visualizations which are not the main pain point of the situation. Options A and B both provided a solution that matched the goals of the thesis by having interactive technical and logical maps to increase overall visibility. These maps are based on data collected from the network. The highest-ranked solution (A) uses a network scan whereas the second-placed solution (B) uses SSH to directly connect to the switches and routers, which is less invasive.
Option A is the most mature and feature-complete solution that provides many functionalities on top of the requirements. Option B is rather lightweight and focuses on bringing visibility to the network. Even though option A had the higher rating, it was option B that was recommended to the client. The lightweight approach reduces the time required to train employees, its decision not to have alerts prevents alert fatigue, and its focus on the key pain points makes it the most suitable solution for the problem.
Studiengang: Business Information Technology (Bachelor)
Fachbereich der Arbeit: