Access "Mining NetFlow"
This article is part of the January 2006 issue of How to stop data leakage
Your routers and switches can yield a mother lode of security information about your network--if you know where to dig. Excavating endless logs to detect malicious network activity is a lot like mining for gold-- randomly digging holes to find a nugget or two isn't very efficient. Your search will be a lot more fruitful if you know what to look for and where to look for it. Fortunately, data generated by NetFlow, a de facto UDP-based traffic reporting protocol, yields a rich vein of specific information about data flow--source and destination IP addresses and port numbers, protocol and service types, and the router input interface. Mining NetFlow data can still be extremely difficult, but a handful of free and/or relatively inexpensive tools allow you to hit pay dirt by easily sorting, viewing and analyzing the information you want to use. The results can help you identify and shut down everything from spam to botnets. This technique is particularly valuable for ISPs, but can produce invaluable security information in any organization. Drilling Operations ... Access >>>
Premium Content for Free.
Recent Releases: Security product briefs, January 2006
Learn about the security products that launched in January 2006.
Authentication: TriCipher Armored Credential System v3.1.1
by Steven Weil, Contributor
TriCipher's TACS v3.1.1
Preventing Data Theft, Combating Internal Threats
Defend against internal threats and prevent information leakage and hacker attacks with several tactics such as employee monitoring, behavioral analysis tools, encryption and incident response.
Your routers and switches can yield a mother lode of security information about your network--if you know where to dig
by Dr. Juergen Schneider
This tip covers ways that you can secure a network to protect data from internal as well as external attacks.
- Recent Releases: Security product briefs, January 2006
Peak of Security
IE 7.0, Firefox, Netscape: One of these browsers comes out on top—we'll tell you which one.
Secure Reads: Security and Usability
Read a review of the book Security and Usability.
Hot Pick: M-Tech Information Technology's ID-Synch 4.0
M-Tech Information Technology's ID-Synch v4.0
Help From Above
Security managers are looking to the keepers of the Internet cloud for relief.
- Peak of Security
Perspectives: Midmarket organizations short on security budgets and respect
Industry solutions are tailored for big companies and big budgets--leaving SMBs in the dust.
Ping: Marcus Sachs
Editor's Desk: The state of patching
Party Like It's 1999?
Layer 8: Time to call a security specialist?
- Perspectives: Midmarket organizations short on security budgets and respect
More Premium Content Accessible For Free
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...