Ryan Slosser, Author at Plixer

Data Exfiltration over DNS

How many companies out there are monitoring DNS traffic? Are you concerned about data exfiltration over DNS? How many people even know that is possible? These are questions I get to ask customers, and the response I get is the same with everyone. Not very many companies monitor their DNS traffic.

Configuration

Fortiswitch IPFIX Configuration

07.08.15 - Ryan Slosser

Today I want to talk a little about the Fortiswitch IPFIX configuration on the Fortiswitch-500. As of version 4.0 MR1 the Fortiswitch-500 can export IPFIX to your NetFlow Collector. IPFIX is the standard for flow information exports, hense the name IPFIX (Internet Protocol Flow Information eXport).

General

Baselining Network Traffic

05.06.15 - Ryan Slosser

What is baselining network traffic? Why worry about baselining network traffic and Is this used for network security? These are the questions I want to answer today and how you can start baselining network traffic with the use of NetFlow/IPFIX.

Network Operations

NetFlow Collector IPv6 Support

03.18.15 - Ryan Slosser

With the exhaustion of IPv4 addresses, the need to switch to IPv6 is inevitable and has been for many years. As your company makes the switch to IPv6, don’t forget NetFlow collector’s IPv6 support. I’m not only talking about the ability of your NetFlow collector to report on IPv6 conversations, but also the ability to collect NetFlow sent in IPv6 packets.

Security Operations

Detecting Tor Traffic

01.28.15 - Ryan Slosser

Detecting TOR traffic will help identify possible infections on your network. It keeps the eyes of your network team open to different types of malware that utilize Tor for disguising its intent end location. Tor not only encrypts its traffic, but also disguises its traffic as HTTPS communications thus making NetFlow/IPFIX a valuable asset in setting this traffic apart from normal HTTPS traffic that we all know is on the network.