A comprehensive guide for deploying, configuring, and troubleshooting NetFlow and learning big data analytics technologies for cyber security

Today's world of network security is full of cyber security vulnerabilities, incidents, breaches, and many headaches. Visibility into the network is an indispensable tool for network and security professionals and Cisco NetFlow creates an environment where network administrators and security professionals have the tools to understand who, what, when, where, and how network traffic is flowing.

Network Security with NetFlow and IPFIX is a key resource for introducing yourself to and understanding the power behind the Cisco NetFlow solution. Omar Santos, a Cisco Product Security Incident Response Team (PSIRT) technical leader and author of numerous books including the CCNA Security 210-260 Official Cert Guide, details the importance of NetFlow and demonstrates how it can be used by large enterprises and small-to-medium-sized businesses to meet critical network challenges. This book also examines NetFlow's potential as a powerful network security tool.

Network Security with NetFlow and IPFIX explores everything you need to know to fully understand and implement the Cisco Cyber Threat Defense Solution. It also provides detailed configuration and troubleshooting guidance, sample configurations with depth analysis of design scenarios in every chapter, and detailed case studies with real-life scenarios.

You can follow Omar on Twitter: @santosomar

  • NetFlow and IPFIX basics
  • Cisco NetFlow versions and features
  • Cisco Flexible NetFlow
  • NetFlow Commercial and Open Source Software Packages
  • Big Data Analytics tools and technologies such as Hadoop, Flume, Kafka, Storm, Hive, HBase, Elasticsearch, Logstash, Kibana (ELK)
  • Additional Telemetry Sources for Big Data Analytics for Cyber Security
  • Understanding big data scalability
  • Big data analytics in the Internet of everything
  • Cisco Cyber Threat Defense and NetFlow
  • Troubleshooting NetFlow
  • Real-world case studies



Autorentext

Omar Santos is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) part of Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and for the U.S. government. Prior to his current role, he was a Technical Leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

Omar is an active member of the security community, where he leads several industrywide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure.

Omar is the author of several books and numerous whitepapers, articles, and security configuration guidelines and best practices. He has also delivered numerous technical presentations at many conferences and to Cisco customers and partners, in addition to many C-level executive presentations to many organizations. Omar is the author of the following Cisco Press books:

  • CCNA Security 210-260 Official Cert Guide, ISBN-13: 9781587205668
  • Deploying Next-Generation Firewalls Live Lessons, ISBN-13: 9781587205705
  • Cisco's Advanced Malware Protection (AMP), ISBN-13: 9781587144462
  • Cisco ASA Next-Generation Firewall, IPS, and VPN Services (3rd Edition), ISBN-10: 1587143070
  • Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition), ISBN-10: 1587058197
  • Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance, ISBN-10: 1587052091
  • Cisco Network Admission Control, Volume: Deployment and Management, ISBN-10: 1587052253
  • End-to-End Network Security: Defense-in-Depth, ISBN-10: 1587053322



Inhalt

Introduction xvi

Chapter 1 Introduction to NetFlow and IPFIX 1

Introduction to NetFlow 1

The Attack Continuum 2

The Network as a Sensor and as an Enforcer 3

What Is a Flow? 4

NetFlow Versus IP Accounting and Billing 6

NetFlow for Network Security 7

Anomaly Detection and DDoS Attacks 8

Data Leak Detection and Prevention 9

Incident Response and Network Security Forensics 9

Traffic Engineering and Network Planning 14

IP Flow Information Export 15

IPFIX Architecture 16

IPFIX Mediators 17

IPFIX Templates 17

Option Templates 19

Introduction to the Stream Control Transmission Protocol (SCTP) 19

Supported Platforms 20

Introduction to Cisco Cyber Threat Defense 21

Cisco Application Visibility and Control and NetFlow 22

Application Recognition 22

Metrics Collection and Exporting 23

Management and Reporting Systems 23

Control 23

Deployment Scenarios 24

Deployment Scenario: User Access Layer 24

Deployment Scenario: Wireless LAN 25

Deployment Scenario: Internet Edge 26

Deployment Scenario: Data Center 28

Public, Private, and Hybrid Cloud Environments 32

Deployment Scenario: NetFlow in Site-to-Site and Remote VPNs 33

NetFlow Remote-Access VPNs 33

NetFlow Site-to-Site VPNs 34

NetFlow Collection Considerations and Best Practices 35

Determining the Flows per Second and Scalability 36

Summary 37

Chapter 2 Cisco NetFlow Versions and Features 39

NetFlow Versions and Respective Features 39

NetFlow v1 Flow Header Format and Flow Record Format 40

NetFlow v5 Flow Header Format and Flow Record Format 41

NetFlow v7 Flow Header Format and Flow Record Format 42

NetFlow Version 9 43

NetFlow and IPFIX Comparison 57

Summary 57

Chapter 3 Cisco Flexible NetFlow 59

Introduction to Cisco's Flexible NetFlow 59

Simultaneous Application Tracking 60

Flexible NetFlow Records 61

Flexible NetFlow Key Fields 61

Flexible NetFlow Non-Key Fields 63

NetFlow Predefined Records 65

User-Defined Records 65

Flow Monitors 65

Flow Exporters 65

Flow Samplers 66

Flexible NetFlow Configuration 66

Configure a Flow Record 67

Configuring a Flow Monitor for IPv4 or IPv6 69

Configuring a Flow Exporter for the Flow Monitor 71

Applying a Flow Monitor to an Interface 73

Flexible NetFlow IPFIX Export Format 74

Summary 74

Chapter 4 NetFlow Commercial and Open Source Monitoring and Analysis Software Packages 75

Commercial NetFlow Monitoring and Analysis Software Packages 75

Lancope's StealthWatch Solution 76

Plixer's Scrutinizer 79

Open Source NetFlow Monitoring and Analysis Software Packages 80

NFdump 81

NfSen 86

SiLK 86

SiLK Configuration Files 87

Filtering, Displaying, and Sorting NetFlow Records with SiLK 87

SiLK's Python Extension 88

Cou…

Titel
Network Security with Netflow and IPFIX
Untertitel
Big Data Analytics for Information Security
EAN
9780134033518
Format
E-Book (pdf)
Hersteller
Digitaler Kopierschutz
Wasserzeichen
Dateigrösse
5.18 MB
Anzahl Seiten
320