Access "Mining NetFlow"
This article is part of the January 2006 issue of How to stop data leakage
Your routers and switches can yield a mother lode of security information about your network--if you know where to dig. Excavating endless logs to detect malicious network activity is a lot like mining for gold-- randomly digging holes to find a nugget or two isn't very efficient. Your search will be a lot more fruitful if you know what to look for and where to look for it. Fortunately, data generated by NetFlow, a de facto UDP-based traffic reporting protocol, yields a rich vein of specific information about data flow--source and destination IP addresses and port numbers, protocol and service types, and the router input interface. Mining NetFlow data can still be extremely difficult, but a handful of free and/or relatively inexpensive tools allow you to hit pay dirt by easily sorting, viewing and analyzing the information you want to use. The results can help you identify and shut down everything from spam to botnets. This technique is particularly valuable for ISPs, but can produce invaluable security information in any organization. Drilling Operations ... Access >>>
Premium Content for Free.
Recent Releases: Security product briefs, January 2006
Learn about the security products that launched in January 2006.
Authentication: TriCipher Armored Credential System v3.1.1
TriCipher's TACS v3.1.1
Preventing Data Theft, Combating Internal Threats
Defend against internal threats and prevent information leakage and hacker attacks with several tactics such as employee monitoring, behavioral analysis tools, encryption and incident response.
Your routers and switches can yield a mother lode of security information about your network--if you know where to dig
by Dr. Juergen Schneider
This tip covers ways that you can secure a network to protect data from internal as well as external attacks.
- Recent Releases: Security product briefs, January 2006
Peak of Security
IE 7.0, Firefox, Netscape: One of these browsers comes out on top—we'll tell you which one.
Secure Reads: Security and Usability
Read a review of the book Security and Usability.
Hot Pick: M-Tech Information Technology's ID-Synch 4.0
M-Tech Information Technology's ID-Synch v4.0
Help From Above
Security managers are looking to the keepers of the Internet cloud for relief.
- Peak of Security
Perspectives: Midmarket organizations short on security budgets and respect
Industry solutions are tailored for big companies and big budgets--leaving SMBs in the dust.
Ping: Marcus Sachs
Editor's Desk: The state of patching
Party Like It's 1999?
Layer 8: Time to call a security specialist?
- Perspectives: Midmarket organizations short on security budgets and respect
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...