Netflow Compromise Network Infrastructure Device

Posted on  by admin
  1. Netflow Compromise Network Infrastructure Device Reviews
  2. Netflow Compromise Network Infrastructure Device System

Sometime ago, I was involved in a short project where a particular data-center was unavailable (or access was very slow). Our task was to find out what the problem was and fix it as soon as possible being a critical data-center. Since we could not access the devices, we could not perform on-the-spot troubleshooting.Thankfully, the organization had been monitoring (and keeping logs of) all traffic going through the data-center and from their Cisco Devices. After combing through the logs, we found the problem (a denial of service attack) and restored access to the data-center.Troubleshooting is one of the reasons to perform monitoring on your network as evident from that personal story. Other reasons include:.: Is your ISP being sneaky or is a worm is eating up your bandwidth?. Performance monitoring: Monitoring can help you determine if your network is performing optimally or if there is network congestion (e.g.

Netflow Compromise Network Infrastructure Device Reviews

Network infrastructure design

Netflow Compromise Network Infrastructure Device System

At certain times of the day). Intrusion Detection: If you keep getting failed login attempts, it could mean someone is trying to break into your network. Also, sudden spikes in network traffic can indicate an attack. You will only detect these attacks if you are monitoring your network. Network planning: By monitoring your network, you can determine what parts of your network to improve. For example, by keeping an accurate inventory, you will be prepared to change devices that are going obsolete (end-of-life).

Also, you can better plan the quality of service (QoS) that should be applied to different kinds of traffic.What must you monitor?It is important to note that while you can monitor all the devices on your network (including workstations), you may not want to. For example, you may not have the capacity to manage all the data/logs generated by the numerous devices on your network.Ideally, you should monitor the critical devices on your network e.g. The Internet Edge Router/Firewall. For example, it is common practice for banks with several branches/ATM points to monitor the edge devices at those branches to detect when something goes wrong and fix it promptly.In this article, we are going to talk specifically about monitoring Cisco devices including routers (e.g. ), switches (e.g. ), security devices (e.g. ) and wireless devices (e.g.

).ProtocolsThere are various protocols that help in network monitoring including:. SNMP: Simple Network Management Protocol operates using an agent-manager model. Can be used to “get” and “set” information and is probably the most used monitoring protocol.: Internet Control Message Protocol is mostly used to determine the reachability of a network device i.e. Using ping, although it can provide other information like delay. Syslog: Syslog is used to send logs (e.g.

Interface up/down) to a. RADIUS and TACACS+: Even though these two protocols can be used for other things like authentication and authorization, they also provide good accounting (logs) features. RADIUS is an industry standard while TACACS+ is Cisco proprietary. NetFlow: is a Cisco developed protocol used to.