Netflow has changed since Cisco first introduced it. To get the maximum security benefit from this useful protocol, make sure collectors operating on your network are able to collect, analyze and store Flexible NetFlow templates and data.
Cisco dominates the networking hardware market, and with its Adaptive Security
Appliance (ASA) it is looking to extend its reach into network security. The ASA,
however, can introduce a security issue. The appliance supports both Simple Network
Management Protocol (SNMP) and Flexible NetFlow, both of which can provide essential
information on security threats. However, most NetFlow monitoring vendors support only
earlier versions of NetFlow, not Flexible NetFlow, and thus they are blind as to the
source of threatening packets.
NetFlow, originally released as part of Cisco’s Internetwork Operating System (IOS)
and now also used by other switch and router vendors, provides certain information on the
packets flowing through a port. The network device gathers the data and exports it to a
server running software to collect and report on the NetFlow data (i.e., the
Flexible NetFlow – an extension of NetFlow v.9 – allows administrators to specify the
fields they want to gather on the packet flows. It provides enhanced optimization,
reduces costs, and improves capacity planing and security detection beyond traditional
flow technologies. For the ASA appliances, it solves the problem of Network Address
Translation (NAT), which makes it appear that all the traffic is coming from a single
host – the firewall.
Read “Plugging the Cisco ASA Security Hole” at Enterprise IT Planet