There is no doubt that flow technology is revolutionizing network monitoring. In this  NetFlow/J-Flow/IPFIX/sFlow era, there is no need to settle with only knowing utilizations on the network. Besides, little analysis can be done in monitoring bandwidth only anyways.

Scott wrote a blog earlier that made a valid point: “A Network Administrator’s abilities are only as good as his awareness of what happens on his network.” In harmony with that statement, it’s beneficial to have useful tools to be able to collect that traffic information.

Recently, I learned that J-Flow is supported for the Juniper SRX series Gateways. I thought this might be good information for people who want to start monitoring flows on this type of device, especially our NetFlow and sFlow Analyzer users, since it can also process J-Flow packets. Below are some sample commands taken from Juniper’s Knowledge Base which walks you through your J-Flow configuration. Read more »

Has your company adopted a social media policy yet?  Social Networking sites such as Facebook, Twitter, and MySpace are increasingly being considered threats for at least a couple big reasons:  security risks and traffic risks.

Use of social medias at work can pose security risks to the company’s intellectual property through an employee’s personal communication habits.  On occasion, attackers assume the identity of someone who hasn’t actually joined sites like facebook.  Then the attacker determines who this person’s friends or schoolmates are and sends friend requests.  Once befriended, the attacker has personal information of users and can make targeted attacks.  Social engineering tactics like this can be very effective, especially when they get users to start sharing URLs leading to malicious sites or spoofs of actual businesses such as your local bank.  In some countries, criminals are not banned from using sites like facebook when they are incarcerated, as The Washington Times recently reported.

Use of social medias at work can also pose network traffic problems for the company.  Read more »

Over  the last few weeks I have taken a number of support calls from customers who were looking for some assistance configuring their Cisco ASA. So I figured that I would take this opportunity to revisit some older blog subjects.

In my opinion, the easiest way to get NSEL exporting from these security appliances is through the use of the ASDM interface. This simple, GUI-based firewall management tool allows you to quickly configure the Cisco ASA without having to use the cumbersome command-line interface.

And that brings me to the subject of this blog.

Configuring the Cisco ASA using the CLI is really not that much different that configuring NetFlow on any other router or switch. You define your timeout value, flow export destination, and which interface is going to send the export. The difference is that you need to set up a service policy, and access rules that allow the export. As well as define which events are going to get exported and where.

So let’s get started.

Read more »

Okay, back to the basics. We’ve been working with Cisco NetFlow technology for many years now, but what is NetFlow?

NetFlow is a traffic profile monitoring technology developed by Darren Kerr and Barry Bruins at Cisco Systems, back in 1996. At that time, network monitoring mostly consisted of seeing how much traffic was traversing your network, but did not include what that traffic was.
Read more »

Lawrence Technological University is among Michigan’s largest independent colleges and also Michigan’s first completely wireless laptop campuses, as well as one of the largest wireless networks in the Midwest.

This recently published case study demonstrates how successful network traffic analysis can be performed using NetFlow reporting with Scrutinizer NetFlow Analyzer. Monitoring NetFlow exported from devices such as Cisco ASA’s, routers, switches, and numerous other NetFlow compatible devices simplifies the task of managing your network, whether wired or, in LTU’s case, fully wireless.

Read more »

In today’s information technology world, security is an increasingly important topic and having the right tools for the job is utterly necessary. So, you ask yourself, how can a NetFlow and sFlow analysis tool help you? Scrutinizer gives you the ability to monitor all the traffic on your network to identify IP addresses, bandwidth and port usage, possible threats, and any IPFIX or Flexible NetFlow custom fields, but what if you could go even deeper?

Read more »

Need to find a certain host IP or application on your network? Do you have a user on your network who is violating network policies and you need to provide proof of that to management? Or do you suspect someone is using an application not allowed on your network? Using the searching utility in this network traffic analyzer, you can quickly find the offender, and more.
Read more »

To celebrate the release of Version 7.0 of Scrutinizer NetFlow and sFlow Analyzer, which is absolutely free, I thought I’d share with you three fabulous free resources for Cisco network administrators. Read more »

This is the final part in a two-part blog series on using Cisco NetFlow to identify if your network is part of a botnet. Part 1 gave a quick overview of distributed denial of service (DDoS) attacks and how they’re often caused by botnets flooding Web sites with requests, thus making the Web site inaccessible to others.

It’s not just home computers that could be part of botnets. Any work computer could be compromised if users unwittingly download malware or visit malicious Web sites, putting corporate networks at risk.  How can Cisco NetFlow be used to identify DDoS attacks?
Read more »

Distributed denial of service (DDoS) attacks are unfortunately par for the course on the Internet these days but when high-profile sites are targeted, the attacks are big news. Take for example last week’s DDoS attack on Twitter, which the microblogging site speculated was geopolitical in motivation.

Quick overview of DDoS

DDoS attacks are often caused by botnets flooding Web sites with requests thus bringing the site’s Web servers to their knees. A botnet is a collection of computers that have been compromised by viruses and worms so that they can be controlled by malicious individual(s). An example could be the collection of computers compromised by Conficker, however a Conficker botnet has yet to be leveraged to do harm.

In the case of Twitter, the irony is that it could have been the compromised computers of some of Twitter’s own users that caused the DDoS. Read more »