Thursday, November 21, 2013

Remote Graph Sharing with Maltego

With the new graph collaboration features in Maltego Tungsten 3.4 and Maltego CaseFile 2.0 it is possible for a whole team of people to work together on the same graph remotely and securely. Graphs are synchronized using the XMPP (Jabber) protocol so the graph is never stored anywhere in the 'cloud', it is only stored on the machines of the users sharing a graph. Communication is encrypted with TLS and 128-bit AES. With some configuration 256-bit encryption can also be used, but it is important to be wary of the cryptography laws in your country.

The best thing about the graph sharing in Maltego is that it's really easy, especially if using the default public Paterva communication server, which comes with all the security mentioned above. With a few clicks your whole team could be collaborating on a graph in no time.

As an example of how to share a graph the following tutorial shows how Bob can share a graph remotely with Alice.

Step 1 - Key Exchange

Bob and Alice decides to collaborate on a research project using Maltego. Beforehand they have to exchange the security key that they will use for sharing graphs. Since the security key must be kept secret they decide to meet up and exchange the key verbally in person.  

Step 2 - Bob shares a new graph

Later on Bob is at home and decides to start doing research. He fires up Maltego.

Step 2a - Share Graph

Bob clicks on Share Graph...

Step 2b - Session Info

Bob enters the following session info and clicks Connect...

Step 2c - Bob notifies Alice

Bob lets Alice know that he shared a graph with the name "Wonderland42".

Step 3 - Alice connects

Alice also fires up Maltego.

Step 3a - Share Graph

Alice clicks on Share Graph...

Step 3b - Session Info

Alice enters the same Session Name and Security Key as Bob but uses "Alice" as her User Alias...

Both Bob and Alice are now be connected to the same graph as shown in the Collaboration window...

Step 4 - Collaborate!

Bob and Alice can now chat using the chat window and both of them can make changes to the same shared graph... 

Bob and/or Alice can then save the graph locally and share it again later to continue collaborating and more than two people can share the same graph in this way.

One thing to note is that attachments are currently not synchronized to the other users. Your current view of the graph (location & zoom level) is also not synchronized to other users so that users can work with different parts of the graph at the same time, but everything else is synchronized including bookmarks, notes and the layout (per Main/Bubble view).

An encrypted XMPP communication channel is used to share a graph between users. When sharing graphs without changing the server settings (as with Bob and Alice) then a public XMPP server hosted by Paterva is used, but it is also possible to use another public XMPP server or configure and use your own XMPP server. If not using the public Paterva server then the server used must be specified in the "Server" tab of the Share Graph dialog.

Anton van Aswegen

