Good network security requires good network monitoring. Network monitoring provides baseline information about normal network behavior and can alert staff to potential problems. During or after a security incident, the data collected with network monitoring tools can assist network managers in determining what has happened, what remediation needs to be done, and how to prevent future occurrences. Cisco did not design NetFlow services with security analysis in mind; the problems inherent in the flow data demonstrate that. Nonetheless, NetFlow data has been and can be profitably used for security-related analysis. NetFlow can provide otherwise hard-to gather information; it allows network managers to view traffic patterns without having to deploy sniffers or LAN probes on every segment. While neither silver bullet nor Swiss army knife, NetFlow data can provide network managers with a rich source of fairly compact data for security-related tasks.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
