Chapter 13 — NetArch
Based on: SIH1708 — Secure Network Topology Tool
Skills Required:
- Networking fundamentals (TCP/IP, routing, switching)
- Network discovery protocols (SNMP, LLDP)
- Network security concepts (firewalls, segmentation)
- Python programming (network automation and visualization)
- Frontend web development (React, D3.js)
- Database design (PostgreSQL or equivalent)
Project Description: NetArch is an automated network topology visualization and security assessment tool. It discovers network devices and their interconnections using passive and active probes. The system constructs topology graphs enriched with device information, security posture metrics, and identifies risky configurations. The interactive dashboard allows network administrators to explore connectivity, enforce segmentation policies, and detect potential security gaps.
Tech Stack:
- Python for network discovery and data processing scripts
- SNMP, LLDP querying libraries (e.g., pysnmp)
- React.js and D3.js for frontend interactive visualization
- PostgreSQL for device and link data storage
- Flask or FastAPI to serve API endpoints
- Docker and Kubernetes for container orchestration and scalability
Week-wise Plan:
Week 1 — Network Discovery Module
- Set up development environment with necessary tools and libraries
- Implement SNMP and LLDP polling scripts to discover devices and gather attributes
- Store discovered devices and links in PostgreSQL database
- Deliverable: Basic device and link discovery scripts with database integration
Week 2 — Data Enrichment and Mapping
- Enhance discovered data with device configurations and security attributes (ACLs, firewall rules)
- Map connectivity data into graph data structures suitable for visualization
- Deliverable: Enriched network dataset with security metrics
Week 3 — Frontend Visualization
- Develop React.js frontend scaffold with routing and layout components
- Integrate D3.js for dynamic topology graph rendering
- Implement basic interactive features: zoom, pan, device info tooltips
- Deliverable: Interactive network graph visualizing discovered topology
Week 4 — Security Posture Analysis
- Define and integrate security posture indicators: segmentation, exposure, policy violations
- Implement algorithms to detect risky paths or misconfigurations in the topology
- Deliverable: Security assessment overlay on the network topology
Week 5 — Policy Management and Enforcement Integration
- Design policy definition schemas (firewall rules, segmentation zones)
- Integrate simulated enforcement actions and show impact on topology
- Deliverable: Policy editor backend and enforcement impact visualization
Week 6 — Alerting and Reporting
- Implement alert generation for newly discovered risks or topology changes
- Develop report generation module summarizing topology and security posture
- Deliverable: Alerting system and report export functions (PDF/CSV)
Week 7 — User Authentication and Collaboration
- Implement user management with roles and permissions
- Enable multi-user access and collaborative editing/viewing features
- Deliverable: Secure user access system and collaboration tools
Week 8 — Testing, Optimization, and Documentation
- Conduct end-to-end testing including scalability tests with large topologies
- Optimize frontend rendering and backend query performance
- Prepare comprehensive documentation and user guides
- Deliverable: Fully tested and documented network topology visualization platform
Testing and Deliverables:
- Setup laboratory with emulated network devices (e.g., Cisco VIRL, GNS3)
- Validate device discovery accuracy and latency
- Perform UI/UX evaluations with target user groups
- Deliver complete source code, deployment scripts, user manuals, and demonstration videos