Security Management Strategies for the CIOAccess "Mining NetFlow"
This article is part of the January 2006 issue of How to stop data leakage
Your routers and switches can yield a mother lode of security information about your network--if you know where to dig. Excavating endless logs to detect malicious network activity is a lot like mining for gold-- randomly digging holes to find a nugget or two isn't very efficient. Your search will be a lot more fruitful if you know what to look for and where to look for it. Fortunately, data generated by NetFlow, a de facto UDP-based traffic reporting protocol, yields a rich vein of specific information about data flow--source and destination IP addresses and port numbers, protocol and service types, and the router input interface. Mining NetFlow data can still be extremely difficult, but a handful of free and/or relatively inexpensive tools allow you to hit pay dirt by easily sorting, viewing and analyzing the information you want to use. The results can help you identify and shut down everything from spam to botnets. This technique is particularly valuable for ISPs, but can produce invaluable security information in any organization. Drilling Operations ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Recent Releases: Security product briefs, January 2006
Learn about the security products that launched in January 2006.
-
Authentication: TriCipher Armored Credential System v3.1.1
TriCipher's TACS v3.1.1
-
Preventing Data Theft, Combating Internal Threats
Defend against internal threats and prevent information leakage and hacker attacks with several tactics such as employee monitoring, behavioral analysis tools, encryption and incident response.
-
Mining NetFlow
Your routers and switches can yield a mother lode of security information about your network--if you know where to dig
-
Secure communications
by Dr. Juergen Schneider
This tip covers ways that you can secure a network to protect data from internal as well as external attacks.
-
Recent Releases: Security product briefs, January 2006
-
-
Peak of Security
IE 7.0, Firefox, Netscape: One of these browsers comes out on top—we'll tell you which one.
-
Secure Reads: Security and Usability
Read a review of the book Security and Usability.
-
Hot Pick: M-Tech Information Technology's ID-Synch 4.0
M-Tech Information Technology's ID-Synch v4.0
-
Help From Above
Security managers are looking to the keepers of the Internet cloud for relief.
-
Peak of Security
-
Columns
-
Perspectives: Midmarket organizations short on security budgets and respect
Industry solutions are tailored for big companies and big budgets--leaving SMBs in the dust.
-
Ping: Marcus Sachs
Marcus Sachs
-
Editor's Desk: The state of patching
Party Like It's 1999?
-
Layer 8: Time to call a security specialist?
Security Obsolescence
-
Perspectives: Midmarket organizations short on security budgets and respect
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...