Mapping What Can Reach What

Step 1: Read the network assessment guide

Open materials/network-assessment-guide.md. This gives you the structured approach for connectivity testing.

The core idea: for every pair of system types in the network, test whether one can reach the other. You are not looking for vulnerabilities in individual services. You are mapping which systems can communicate at all. A tenant Wi-Fi device that can reach a building management system is a segmentation failure regardless of whether the BMS has any specific vulnerabilities.

The guide provides a connectivity matrix template -- a table where rows are source systems, columns are destination systems, and each cell records whether the connection succeeds or fails, on which ports, using which protocols. This matrix becomes your primary assessment artifact.

The findings classification is straightforward: Critical means a life-safety system is accessible from an untrusted zone. High means cross-zone access without business justification. Medium means excessive permissions. Low means documentation gaps.

Step 2: Scan from each container type

The assessment approach is to scan from inside each container. This shows the network from the perspective of a device in that zone.

Start with the tenant Wi-Fi container. Direct AI to run Nmap from inside the container:

docker exec tenant-wifi-1 nmap -sT bms-doha

This shows what a compromised tenant device could reach. If port 8080 on the BMS container comes back as "open," that is the segmentation failure the insurance company flagged: tenant Wi-Fi can reach the system that controls HVAC, fire suppression, and elevators.

Repeat from each container type. Scan from bms-doha to see what the BMS can reach. Scan from cctv-manager. Scan from access-control. Each scan reveals a different perspective on the network topology.

AI will run the scans and report results. Your job is interpreting the connectivity: which connections are expected (management to BMS for monitoring) and which are dangerous (tenant Wi-Fi to access control).

Step 3: Document the connectivity matrix

Compile the scan results into a connectivity matrix. For every source-destination pair, record: the ports that are open, the protocol, the service running on that port, and the classification (Critical, High, Medium, Low).

The matrix should show a clear picture of the problem. On a flat Docker bridge network where all containers share the default network, everything can reach everything. The tenant Wi-Fi container can reach the BMS, the CCTV management port, the access control system, and the monitoring stack. The BMS can reach tenant Wi-Fi. There are no boundaries.

Step 4: Identify critical failures

Walk through the connectivity matrix and mark the critical failures:

• Tenant Wi-Fi reaching BMS ports -- if someone compromises a guest's laptop on the Wi-Fi, they could send commands to the building management system. In August in Qatar, disabling HVAC is not just an inconvenience.
• Tenant Wi-Fi reaching access control -- a compromised tenant device could potentially interact with the door lock system.
• CCTV management accessible from the tenant network -- surveillance systems should not be reachable from the guest Wi-Fi.

These are not theoretical risks. Your scans just proved the paths exist. The connectivity matrix is evidence.

Step 5: Create the building network threat model

Using the STRIDE approach you developed in P5, create a threat model specific to the building network infrastructure. No template this time -- you decide the structure.

Think about what the connectivity matrix revealed and what each threat means for a property management company:

• Spoofing: Could someone impersonate a BMS controller and send false commands?
• Tampering: Could someone on the tenant Wi-Fi modify BMS data or configurations?
• Information disclosure: Could someone access CCTV feeds or access control logs from the tenant network?
• Denial of service: Could someone disrupt HVAC or fire suppression by flooding the BMS with traffic?
• Elevation of privilege: Could someone move from the tenant network to the management network and gain administrative access?

The threat model is not a checklist exercise. It feeds directly into the segmentation design -- the threats you identify determine which network paths need to be blocked.