Network Security Control Reviews

Network Security Control Reviews

Enables automated review and analysis of network security controls (AWS Security Groups, Network ACLs) using natural language queries. Supports NSC configuration reviews, network segmentation testing, and identifying security gaps through conversational LLM interaction.

Category
Visit Server

README

Network Security Control Reviews with MCP and LLMs

Illustrative diagram showing the architecture of the NSC Reviews with MCP and LLMs

Overview

An educational lab exercise demonstrating how to use Model Context Protocol (MCP) servers with LLMs to perform automated Network Security Control (NSC) configuration reviews and network segmentation analysis. This lab uses AWS Security Groups and Network ACLs as examples of Network Security Controls, enabling security professionals to "talk to" NSC configurations using natural language queries. While this implementation focuses on AWS, the architecture is extensible to support other NSC types including Azure Network Security Groups (NSGs), GCP Firewall Rules, OCI Security Lists, and traditional on-premises firewalls.

Key Features

  • Read-only MCP Server - Parse and query NSC configurations
  • Natural Language Queries - Use LLMs to analyze NSC rules and segmentation through conversational queries
  • Network Segmentation Test Environment - AWS test environment with production and development VPCs demonstrating NSC configurations
  • Segmentation Testing - Test network segmentation between zones/VPCs using NSC rules

Quick Start

  1. Set up AWS environment with Terraform - Follow the AWS Setup Guide to deploy test infrastructure (VPCs, Security Groups, Network ACLs) using Infrastructure as Code
  2. Install and configure MCP server - Follow the MCP Setup Guide to install dependencies and connect to your LLM
  3. Start querying - Load NSC configurations from AWS and analyze them using natural language queries such as those in LLM Usage Examples.

Project Structure

.
├── mcp-server/          # MCP server implementation
│   ├── src/
│   │   ├── parsers/    # NSC parsers
│   │   └── tools/       # MCP tool definitions
│   └── tests/          # Unit tests (mocked) and integration tests (real AWS)
├── terraform/          # Terraform Infrastructure as Code (IaC) for AWS test environment
│   └── main.tf         # Defines VPCs, Security Groups, Network ACLs, and rules
└── docs/               # Documentation

MCP Server Tools

The MCP server provides tools for querying NSC configurations. This implementation uses AWS Security Groups and Network ACLs as examples:

  • list_vpcs - List all VPCs in AWS account with filtering by tags
  • get_config - Load NSC configurations (AWS Security Groups and Network ACLs) directly from AWS
  • query_rules - Query NSC rules by various criteria (source, destination, port, protocol, tags), or get all rules with no parameters

Example Use Cases

  • NSC Configuration Review - Review Network Security Control rules to identify overly permissive configurations, security gaps, and compliance issues
  • Segmentation Testing - Verify network isolation between production and development networks using NSC rules and detect NSC rules that violate network segmentation policies

See LLM Usage Examples for detailed examples using AWS Security Groups and Network ACLs.

Documentation

  • AWS Setup Guide - Set up AWS test environment with Security Groups and Network ACLs (NSC examples)
  • MCP Setup Guide - MCP server installation, configuration, and secure credential management
  • LLM Usage Examples - Detailed examples of NSC reviews and segmentation testing using AWS Security Groups and Network ACLs
  • Troubleshooting - Common issues and solutions

Network Security Controls (NSCs)

This lab demonstrates NSC reviews using AWS Security Groups and Network ACLs as practical examples. NSCs are rules and policies that govern network traffic flow, including, but not limited to:

  • AWS Security Groups: Stateful, instance-level firewalls (the example used for this lab)
  • AWS Network ACLs: Stateless, subnet-level firewalls (the example used for this lab)
  • Azure Network Security Groups (NSGs): Azure's NSC implementation
  • Google Cloud Platform (GCP) Firewall Rules: GCP's NSC implementation
  • Oracle Cloud Infrastructure (OCI) Security Lists: OCI's NSC implementation
  • Traditional On-Premises Firewalls: Palo Alto, Check Point, Fortinet, Cisco

Extensibility

This MCP server architecture is designed to be extensible. While the current implementation uses AWS Security Groups and Network ACLs as examples, you can extend it to support other NSC types:

  1. Create a parser: Implement a parser class following the pattern in mcp-server/src/parsers/aws_security_groups.py or aws_network_acls.py
  2. Add MCP tools: Extend mcp-server/src/tools/nsc_tools.py to support the new NSC parser
  3. Update documentation: Add examples and usage instructions for the new NSC type

See mcp-server/src/parsers/README.md for extensibility documentation and examples.

Learning Objectives

After completing this lab, you should be able to:

  • Infrastructure as Code (Terraform): Deploy and manage AWS infrastructure using Terraform, including VPCs, Security Groups, Network ACLs, and their rules
  • MCP Server Development: Understand how MCP servers enable LLM interaction with structured data
  • NSC Analysis: Use natural language and LLMs to query NSC configurations
  • Security Review: Identify security and segmentation issues in NSC rules
  • NSC Architecture: Understand how different AWS NSC types (Security Groups vs Network ACLs) operate at different layers (instance-level vs subnet-level)

License

MIT License - See LICENSE file for details

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
E2B

E2B

Using MCP to run code via e2b.

Official
Featured