Plug a Hole in Cisco's NetFlow Coverage

Netflow has changed since Cisco first introduced it. To get the maximum security benefit from this useful protocol, make sure collectors operating on your network are able to collect, analyze and store Flexible NetFlow templates and data.

By  Drew Robb | Dec 17, 2009
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Netflow has changed since Cisco first introduced it. To get the maximum security benefit from this useful protocol, make sure collectors operating on your network are able to collect, analyze and store Flexible NetFlow templates and data.

Cisco dominates the networking hardware market, and with its Adaptive Security Appliance (ASA) it is looking to extend its reach into network security. The ASA, however, can introduce a security issue. The appliance supports both Simple Network Management Protocol (SNMP) and Flexible NetFlow, both of which can provide essential information on security threats. However, most NetFlow monitoring vendors support only earlier versions of NetFlow, not Flexible NetFlow, and thus they are blind as to the source of threatening packets.

NetFlow, originally released as part of Cisco's Internetwork Operating System (IOS) and now also used by other switch and router vendors, provides certain information on the packets flowing through a port. The network device gathers the data and exports it to a server running software to collect and report on the NetFlow data (i.e., the Collector).

Flexible NetFlow - an extension of NetFlow v.9 - allows administrators to specify the fields they want to gather on the packet flows. It provides enhanced optimization, reduces costs, and improves capacity planing and security detection beyond traditional flow technologies. For the ASA appliances, it solves the problem of Network Address Translation (NAT), which makes it appear that all the traffic is coming from a single host - the firewall.

Read "Plugging the Cisco ASA Security Hole" at Enterprise IT Planet

Drew Robb is a freelance writer specializing in technology and engineering. Currently living in California, he was originally from Scotland where he received a degree in Geology/Geography from the University of Strathcyle. He is the author of Server Disk Management in a Windows Environment (CRC Press).

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >