Plug a Hole in Cisco’s NetFlow Coverage

Netflow has changed since Cisco first introduced it. To get the maximum security benefit from this useful protocol, make sure collectors operating on your network are able to collect, analyze and store Flexible NetFlow templates and data.


Cisco dominates the networking hardware market, and with its Adaptive Security
Appliance (ASA) it is looking to extend its reach into network security. The ASA,
however, can introduce a security issue. The appliance supports both Simple Network
Management Protocol (SNMP) and Flexible NetFlow, both of which can provide essential
information on security threats. However, most NetFlow monitoring vendors support only
earlier versions of NetFlow, not Flexible NetFlow, and thus they are blind as to the
source of threatening packets.

NetFlow, originally released as part of Cisco’s Internetwork Operating System (IOS)
and now also used by other switch and router vendors, provides certain information on the
packets flowing through a port. The network device gathers the data and exports it to a
server running software to collect and report on the NetFlow data (i.e., the
Collector).

Flexible NetFlow – an extension of NetFlow v.9 – allows administrators to specify the
fields they want to gather on the packet flows. It provides enhanced optimization,
reduces costs, and improves capacity planing and security detection beyond traditional
flow technologies. For the ASA appliances, it solves the problem of Network Address
Translation (NAT), which makes it appear that all the traffic is coming from a single
host – the firewall.

Read “Plugging the Cisco ASA Security Hole” at Enterprise IT Planet

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including eSecurity Planet and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest Articles

Follow Us On Social Media

Explore More