Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Network Telemetry

Telemetry conjures images of satellites and aeronautics. It is a technology that allows the remote measurement and reporting of information of interest to the system designer or operator. It’s derived from a word with Greek roots: “tele” means remote, and “metron” means “measure.” When we apply telemetry to the networking world, we’re referring to metadata pertaining to IP communications between numerous systems. Several network equipment vendors support the ability to collect and export this network traffic metadata for analysis. The network telemetry tool we have used most extensively is Cisco’s NetFlow.

NetFlow

NetFlow measures IP network traffic attributes between any two or more IP addresses based on OSI Layer 3 and Layer 4 information. Cisco initially created NetFlow to measure network traffic characteristics such as bandwidth, application performance, and utilization. Historically, it was used for billing and accounting, network capacity planning, and availability monitoring. As mentioned in Chapter 2, NetFlow records are like what you see on a phone bill (see Figure 3-3), whereas packet capture (a.k.a. network protocol analyzers, sniffers, and deep packet inspection) is like what a wiretap collects. Much like a phone bill, NetFlow tells you who called, when they called, and for how long the conversation lasted (see Figure 3-4). Though not its primary use, security is a more recent application of this key network telemetry technology. NetFlow can provide non-repudiation, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page