Chapter . Telemetry: Identifying and Isolating Attack Sources
Normal or Abnormal
Although it is critical to deploy the best security tools and systems available, including IBNS, firewalls, IPS, and NAC, it is possible to overlook one of the most useful security tools—“hiding in plain sight.”
Using common network traffic monitoring and analysis tools (such as Cisco NetFlow) that are available on many core Cisco network products (including routers and switches), you can gain a deep understanding of what a network looks like during normal operations and when an anomaly is present in the network.
If you understand and study the normal, the abnormal can become apparent. What comprises abnormal may vary from network to network and from attack to attack. ...
Get Cisco Networking Simplified, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.