SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community
Latest NetFlow Release Brings Added Security

TMCnews


TMCnews Featured Article


December 25, 2012

Latest NetFlow Release Brings Added Security

By Mae Kowalke, TMCnet Contributor


The bring your own device (BYOD) trend has been a boon for workers in many cases, but it also has become a security nightmare.

“Anytime you let users do whatever they want or give them the impression they can do as they please with the network, major problems arise,” Adam Powers noted in blog post earlier this year for NetFlow Knights.


As I’ve reported before, one solution that helps counteract the security risk from BYOD is Cisco’s (News - Alert) NetFlow technology. NetFlow is a network protocol that collects IP traffic information and can be used to secure corporate networks.

With the release of Cisco’s adaptive security appliance (ASA) to version 8.4(5), NetFlow has gotten even smarter. With the latest release, bidirectional flows were fixed, Active Timeout was implemented, the firewall event type is exported with a new element, and there are now network address translation (NAT) reports, according to NetFlow Knights.

One security solutions provider that is taking advantage of the new functionality is Plixer. Its IPFIX and NetFlow Analyzer is the only NetFlow solution that supports the new bidirectional flows exported by the Cisco ASA, according to its Senior Solutions Engineer, Joanne Ghidoni.

Bidirectional monitoring is important because previously Netflow added the bytes between two hosts into one Octet Total Counter.

“Previously, we couldn’t distinguish between the traffic sent from A to B or from B back to A,” wrote Ghidoni in a blog post. “By having two counters, we can now report on the difference.”

The other Netflow improvements also will yield stronger security.

By exporting ACL information in the denied flows templates, companies now can not only track how many flows are denied, but also if they violated an ACL—and which ACL. The Plixer solution uses this functionality to alert users to excessive denied flows from their Cisco ASA, according to Ghidoni.

If a company’s NAT is performed by their Cisco ASA, the new functionality also means it is possible to display the address translations, showing the source and destination, post source and post destination IP addresses.

“So once you have isolated an issue to a specific host address,” noted Ghidoni, “you can then flip over to the Network Address Translation report and find out exactly who that address resolves to.”

Further, with a combination of exporting proxy data using IPFIXify and filtering on a host address, the Plixer solution is able to report on and analyze which URLs are accessed and by whom.

From this added contextual information around a security threat, a company can determine who else in the company has visited the malicious URL and might have an infected terminal.

The usefulness of NetFlow keeps on growing as the days pass.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.










Technology Marketing Corporation

800 Connecticut Ave, 1st Floor East, Norwalk, CT 06854 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.

STAY CURRENT YOUR WAY

© 2014 Technology Marketing Corporation. All rights reserved.