book

Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security

Name: Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security
Author: Omar Santos
ISBN: 9780134033549

by Omar Santos

September 2015

Beginner to intermediate

320 pages

8h 43m

English

Cisco Press

Read now

Unlock full access

About This eBook
Title Page
Copyright Page
About the Author
About the Technical Reviewers
Dedication
Acknowledgments
Contents at a Glance
Contents
Command Syntax Conventions

Introduction
Who Should Read This Book?How This Book Is Organized
Chapter 1. Introduction to NetFlow and IPFIX
Introduction to NetFlowThe Attack ContinuumThe Network as a Sensor and as an EnforcerWhat Is a Flow?NetFlow Versus IP Accounting and BillingNetFlow for Network SecurityAnomaly Detection and DDoS AttacksData Leak Detection and PreventionIncident Response and Network Security ForensicsTraffic Engineering and Network PlanningIP Flow Information ExportIPFIX ArchitectureIPFIX MediatorsIPFIX TemplatesIntroduction to the Stream Control Transmission Protocol (SCTP)Supported PlatformsIntroduction to Cisco Cyber Threat DefenseCisco Application Visibility and Control and NetFlowApplication RecognitionMetrics Collection and ExportingManagement and Reporting SystemsControlDeployment ScenariosDeployment Scenario: User Access LayerDeployment Scenario: Wireless LANDeployment Scenario: Internet EdgeDeployment Scenario: Data CenterPublic, Private, and Hybrid Cloud EnvironmentsDeployment Scenario: NetFlow in Site-to-Site and Remote VPNsNetFlow Collection Considerations and Best PracticesDetermining the Flows per Second and ScalabilitySummary
Chapter 2. Cisco NetFlow Versions and Features
NetFlow Versions and Respective FeaturesNetFlow v1 Flow Header Format and Flow Record FormatNetFlow v5 Flow Header Format and Flow Record FormatNetFlow v7 Flow Header Format and Flow Record FormatNetFlow Version 9NetFlow and IPFIX ComparisonSummary
Chapter 3. Cisco Flexible NetFlow
Introduction to Cisco’s Flexible NetFlowSimultaneous Application TrackingFlexible NetFlow RecordsFlow MonitorsFlow ExportersFlow SamplersFlexible NetFlow ConfigurationConfigure a Flow RecordConfiguring a Flow Monitor for IPv4 or IPv6Configuring a Flow Exporter for the Flow MonitorApplying a Flow Monitor to an InterfaceFlexible NetFlow IPFIX Export FormatSummary
Chapter 4. NetFlow Commercial and Open Source Monitoring and Analysis Software Packages
Commercial NetFlow Monitoring and Analysis Software PackagesLancope’s StealthWatch SolutionPlixer’s ScrutinizerOpen Source NetFlow Monitoring and Analysis Software PackagesNFdumpNfSenSiLKElasticsearch, Logstash, and Kibana StackSummary
Chapter 5. Big Data Analytics and NetFlow
Introduction to Big Data Analytics for Cyber SecurityWhat Is Big Data?Unstructured Versus Structured DataExtracting Value from Big DataNetFlow and Other Telemetry Sources for Big Data Analytics for Cyber SecurityOpenSOCHadoopFlumeKafkaStormHiveElasticsearchHBaseThird-Party Analytic ToolsOther Big Data Projects in the IndustryUnderstanding Big Data Scalability: Big Data Analytics in the Internet of EverythingSummary
Chapter 6. Cisco Cyber Threat Defense and NetFlow
Overview of the Cisco Cyber Threat Defense SolutionThe Attack ContinuumCisco CTD Solution ComponentsNetFlow Platform SupportDeploying the Lancope StealthWatch SystemDeploying StealthWatch FlowCollectorsStealthWatch FlowReplicatorsStealthWatch Management ConsoleDeploying NetFlow Secure Event Logging in the Cisco ASADeploying NSEL in Cisco ASA Configured for ClusteringConfiguring NSEL in the Cisco ASAConfiguring NetFlow in the Cisco Nexus 1000VDefining a Flow RecordDefining the Flow ExporterDefining a Flow MonitorApplying the Flow Monitor to an InterfaceConfiguring NetFlow in the Cisco Nexus 7000 SeriesConfiguring the Cisco NetFlow Generation ApplianceInitializing the Cisco NGAConfiguring NetFlow in the Cisco NGA via the GUIConfiguring NetFlow in the Cisco NGA via the CLIAdditional Cisco CTD Solution ComponentsCisco ASA 5500-X Series Next-Generation Firewalls and the Cisco ASA with FirePOWER ServicesNext-Generation Intrusion Prevention SystemsFireSIGHT Management CenterAMP for EndpointsAMP for NetworksAMP Threat GridEmail SecurityWeb SecurityCisco Identity Services EngineSummary
Chapter 7. Troubleshooting NetFlow
Troubleshooting Utilities and Debug CommandsTroubleshooting NetFlow in Cisco IOS and Cisco IOS XE DevicesCisco IOS Router Flexible NetFlow ConfigurationTroubleshooting Communication Problems with the NetFlow CollectorAdditional Useful Troubleshooting Debug and Show CommandsTroubleshooting NetFlow in Cisco NX-OS SoftwareTroubleshooting NetFlow in Cisco IOS-XR SoftwareFlow Exporter Statistics and DiagnosticsFlow Monitor Statistics and DiagnosticsDisplaying NetFlow Producer Statistics in Cisco IOS-XRAdditional Useful Cisco IOS-XR Show CommandsTroubleshooting NetFlow in the Cisco ASATroubleshooting NetFlow in the Cisco NetFlow Generation ApplianceGathering Information About Configured NGA Managed DevicesGathering Information About the Flow CollectorGathering Information About the Flow ExporterGathering Information About Flow RecordsGathering Information About the Flow MonitorShow Tech-SupportAdditional Useful NGA show CommandsSummary
Chapter 8. Case Studies
Using NetFlow for Anomaly Detection and Identifying DoS AttacksDirect DDoS AttacksReflected DDoS AttacksAmplification AttacksIdentifying DDoS Attacks Using NetFlowUsing NetFlow in Enterprise Networks to Detect DDoS AttacksUsing NetFlow in Service Provider Networks to Detect DDoS AttacksUsing NetFlow for Incident Response and ForensicsCredit Card TheftTheft of Intellectual PropertyUsing NetFlow for Monitoring Guest Users and ContractorsUsing NetFlow for Capacity PlanningUsing NetFlow to Monitor Cloud UsageSummary
Index
Code Snippets

Overview

A comprehensive guide for deploying, configuring, and troubleshooting NetFlow and learning big data analytics technologies for cyber security

Today’s world of network security is full of cyber security vulnerabilities, incidents, breaches, and many headaches. Visibility into the network is an indispensable tool for network and security professionals and Cisco NetFlow creates an environment where network administrators and security professionals have the tools to understand who, what, when, where, and how network traffic is flowing.

Network Security with NetFlow and IPFIX is a key resource for introducing yourself to and understanding the power behind the Cisco NetFlow solution. Omar Santos, a Cisco Product Security Incident Response Team (PSIRT) technical leader and author of numerous books including the CCNA Security 210-260 Official Cert Guide, details the importance of NetFlow and demonstrates how it can be used by large enterprises and small-to-medium-sized businesses to meet critical network challenges. This book also examines NetFlow’s potential as a powerful network security tool.

Network Security with NetFlow and IPFIX explores everything you need to know to fully understand and implement the Cisco Cyber Threat Defense Solution. It also provides detailed configuration and troubleshooting guidance, sample configurations with depth analysis of design scenarios in every chapter, and detailed case studies with real-life scenarios.

You can follow Omar on Twitter: @santosomar

NetFlow and IPFIX basics

Cisco NetFlow versions and features

Cisco Flexible NetFlow

NetFlow Commercial and Open Source Software Packages

Big Data Analytics tools and technologies such as Hadoop, Flume, Kafka, Storm, Hive, HBase, Elasticsearch, Logstash, Kibana (ELK)

Additional Telemetry Sources for Big Data Analytics for Cyber Security

Understanding big data scalability

Big data analytics in the Internet of everything

Cisco Cyber Threat Defense and NetFlow

Troubleshooting NetFlow

Real-world case studies

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Cisco NetFlow for Cyber Security Big Data Analytics

Publisher Resources

ISBN: 9780134033549Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills