Mining NetFlow - Information Security Magazine


	Home > Information Security Magazine > Features > Mining NetFlow

EMAIL THIS

Information Security Magazine

CURRENT ISSUE

FEATURES

COLUMNS

HOT PICK & PRODUCT REVIEWS

ARCHIVES

SUBSCRIBE/RENEW

Mining NetFlow

by Ned Lindberg

Issue: Jan 2006


		printer-friendly

< PREV PAGE | 1 | 2 | 3 | 4 | NEXT PAGE >

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Traffic at a Glance [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
WebView can show NetFlow data on traffic flows in graphs (right) and tables (below), useful in monitoring the type and volume of traffic on the network and understanding QoS issues. [IMAGE]

[IMAGE]

[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
Mining Tools
There are many automated tools for dealing with network threats, but recording virtually all traffic and being able to analyze it in many ways at will provides a powerful way to identify and deal with problems that have happened despite other controls.

NetFlow analysis is a largely manual, detailed process conducted over a lengthy time period; it can be a bit tedious, but automatically scheduled reports can expedite analysis of specific areas and complement the ad hoc capabilities. We recommend using a combination of tools for data mining and warehousing, enabling you to maintain several months of information for long-term analysis.

Mark Fullmer's Flow-Tools (www.splin tered.net/sw/flow-tools) is a compilation of libraries and programs used to collect, send, process and generate reports based on NetFlow data. Among a variety of functions, various programs can generate more than 50 reports, such as source destination IP pairs and most active devices, or any designated export field; tag flows based on a particular network; and import/export data in ASCII format. The Web site is an excellent resource for information about data flow analysis. An alternative free NetFlow analysis package is SiLK (http://silktools.sourceforge.net), created by the CERT Analysis Center. There are also commercial tools, such as AdventNet's ManageEngine NetFlow Analyzer (http://origin.manageengine.adventnet.com/ products/netflow).

WebView is a Web-based reporting tool from Berbee Information Networks, an IT/security managed service provider. A front end for Flow-Tools, WebView has a nice ad hoc query interface that makes it easy to rapidly dig through gigabytes of flow data to discover interesting trends and patterns. It allows selection based on such factors as ...

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information:

Email Address:

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

To read more you must become a member of SearchSecurity.com

As an existing member of the TechTarget network please activate your SearchSecurity.com account

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

IP addresses, ports, peers, number of flows, and amount of data. It's currently available only to Berbee customers, but it is open source, and Berbee says it will soon be available for free on SourceForge.net.

KEDIT, from Mansfield Software Group (www.kedit.com), is a powerful text editor that allows for further sorting of data and offers commands that enable easy data reduction; it is also a powerful macro capability used to remove uninteresting data, such as router-to-router chatter.

As threats evolve, the ad hoc nature of data mining makes it a valuable technique for identifying and adapting to new dangers as they emerge. Analyzing NetFlow data brings precious security information to the surface, helping managers understand what's going on in their networks and keeping them safe.

< PREV PAGE | 1 | 2 | 3 | 4 | NEXT PAGE >

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy