Technical Track
For network security teams of any size, an accurate analysis of the traffic situation is essential. The well-known traffic graphs, do not give enough information especially to investigate security related incidents. To work with netflow data turned out to be a good balance between collecting and processing the data and the information gained from this process.
A lot of tools to collect netflow data are available, but the flexibility to process the flows was either poor, or resulted in expensive commercial systems. The Open Source tools nfdump and NfSen close this gap. They provide a flexible and powerful system to collect and process netflow data for a great variety of tasks.
The presentation starts with a small introduction of netflow and explains how nfdump and NfSen can be used to look at your network traffic, to create easily top N statistics of hosts and networks demanding most bandwidth of your network, as well as to detect host and port scans. It shows how a security incident can be tracked and profiled. Last but not least it gives an overview how to extend NfSen with custom plugins for dedicated tasks specific to your network.
A lot of tools to collect netflow data are available, but the flexibility to process the flows was either poor, or resulted in expensive commercial systems. The Open Source tools nfdump and NfSen close this gap. They provide a flexible and powerful system to collect and process netflow data for a great variety of tasks.
The presentation starts with a small introduction of netflow and explains how nfdump and NfSen can be used to look at your network traffic, to create easily top N statistics of hosts and networks demanding most bandwidth of your network, as well as to detect host and port scans. It shows how a security incident can be tracked and profiled. Last but not least it gives an overview how to extend NfSen with custom plugins for dedicated tasks specific to your network.
http://www.first.org/conference/2006/papers/haag-peter-slides.pdf
Type: Slides
Format: application/pdf
Last updated: May 18, 2006
Size: 7.27 Mb
http://www.first.org/conference/2006/papers/haag-peter-slides.pdf
Type: Slides
Format: application/pdf
Last updated: July 12, 2006
Size: 7.27 Mb
http://www.first.org/conference/2006/papers/haag-peter-papers.pdf
Type: Paper
Format: application/pdf
Last updated: July 12, 2006
Size: 2.36 Mb
Authors & presenters
(SWITCH-CERT – The Swiss Education and Research Network, CH)
