larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security

Best Value Purchase

Book + eBook Bundle

  • Your Price: $59.39
  • List Price: $98.98
  • We're temporarily out of stock, but order now and we'll send it to you later.
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Individual Purchases

Book

  • Your Price: $43.99
  • List Price: $54.99
  • We're temporarily out of stock, but order now and we'll send it to you later.

eBook (Watermarked)

  • Your Price: $35.19
  • List Price: $43.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

  • Description
  • Sample Content
  • Updates
  • Copyright 2016
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 320
  • Edition: 1st
  • Book
  • ISBN-10: 1-58714-438-7
  • ISBN-13: 978-1-58714-438-7

A comprehensive guide for deploying, configuring, and troubleshooting NetFlow and learning big data analytics technologies for cyber security

Today’s world of network security is full of cyber security vulnerabilities, incidents, breaches, and many headaches. Visibility into the network is an indispensable tool for network and security professionals and Cisco NetFlow creates an environment where network administrators and security professionals have the tools to understand who, what, when, where, and how network traffic is flowing.

Network Security with NetFlow and IPFIX is a key resource for introducing yourself to and understanding the power behind the Cisco NetFlow solution. Omar Santos, a Cisco Product Security Incident Response Team (PSIRT) technical leader and author of numerous books including the CCNA Security 210-260 Official Cert Guide, details the importance of NetFlow and demonstrates how it can be used by large enterprises and small-to-medium-sized businesses to meet critical network challenges. This book also examines NetFlow’s potential as a powerful network security tool.

Network Security with NetFlow and IPFIX explores everything you need to know to fully understand and implement the Cisco Cyber Threat Defense Solution. It also provides detailed configuration and troubleshooting guidance, sample configurations with depth analysis of design scenarios in every chapter, and detailed case studies with real-life scenarios.

You can follow Omar on Twitter: @santosomar

  • NetFlow and IPFIX basics
  • Cisco NetFlow versions and features
  • Cisco Flexible NetFlow
  • NetFlow Commercial and Open Source Software Packages
  • Big Data Analytics tools and technologies such as Hadoop, Flume, Kafka, Storm, Hive, HBase, Elasticsearch, Logstash, Kibana (ELK)
  • Additional Telemetry Sources for Big Data Analytics for Cyber Security
  • Understanding big data scalability
  • Big data analytics in the Internet of everything
  • Cisco Cyber Threat Defense and NetFlow
  • Troubleshooting NetFlow
  • Real-world case studies

Online Sample Chapter

Big Data Analytics and NetFlow

Sample Pages

Download the sample pages (includes Chapter 5 and Index)

Table of Contents

Introduction xvi

Chapter 1 Introduction to NetFlow and IPFIX 1

Introduction to NetFlow 1

The Attack Continuum 2

The Network as a Sensor and as an Enforcer 3

What Is a Flow? 4

NetFlow Versus IP Accounting and Billing 6

NetFlow for Network Security 7

Anomaly Detection and DDoS Attacks 8

Data Leak Detection and Prevention 9

Incident Response and Network Security Forensics 9

Traffic Engineering and Network Planning 14

IP Flow Information Export 15

IPFIX Architecture 16

IPFIX Mediators 17

IPFIX Templates 17

Option Templates 19

Introduction to the Stream Control Transmission Protocol (SCTP) 19

Supported Platforms 20

Introduction to Cisco Cyber Threat Defense 21

Cisco Application Visibility and Control and NetFlow 22

Application Recognition 22

Metrics Collection and Exporting 23

Management and Reporting Systems 23

Control 23

Deployment Scenarios 24

Deployment Scenario: User Access Layer 24

Deployment Scenario: Wireless LAN 25

Deployment Scenario: Internet Edge 26

Deployment Scenario: Data Center 28

Public, Private, and Hybrid Cloud Environments 32

Deployment Scenario: NetFlow in Site-to-Site and Remote VPNs 33

NetFlow Remote-Access VPNs 33

NetFlow Site-to-Site VPNs 34

NetFlow Collection Considerations and Best Practices 35

Determining the Flows per Second and Scalability 36

Summary 37

Chapter 2 Cisco NetFlow Versions and Features 39

NetFlow Versions and Respective Features 39

NetFlow v1 Flow Header Format and Flow Record Format 40

NetFlow v5 Flow Header Format and Flow Record Format 41

NetFlow v7 Flow Header Format and Flow Record Format 42

NetFlow Version 9 43

NetFlow and IPFIX Comparison 57

Summary 57

Chapter 3 Cisco Flexible NetFlow 59

Introduction to Cisco’s Flexible NetFlow 59

Simultaneous Application Tracking 60

Flexible NetFlow Records 61

Flexible NetFlow Key Fields 61

Flexible NetFlow Non-Key Fields 63

NetFlow Predefined Records 65

User-Defined Records 65

Flow Monitors 65

Flow Exporters 65

Flow Samplers 66

Flexible NetFlow Configuration 66

Configure a Flow Record 67

Configuring a Flow Monitor for IPv4 or IPv6 69

Configuring a Flow Exporter for the Flow Monitor 71

Applying a Flow Monitor to an Interface 73

Flexible NetFlow IPFIX Export Format 74

Summary 74

Chapter 4 NetFlow Commercial and Open Source Monitoring and Analysis Software Packages 75

Commercial NetFlow Monitoring and Analysis Software Packages 75

Lancope’s StealthWatch Solution 76

Plixer’s Scrutinizer 79

Open Source NetFlow Monitoring and Analysis Software Packages 80

NFdump 81

NfSen 86

SiLK 86

SiLK Configuration Files 87

Filtering, Displaying, and Sorting NetFlow Records with SiLK 87

SiLK’s Python Extension 88

Counting, Grouping, and Mating NetFlow Records with Silk 88

SiLK IPset, Bag, and Prefix Map Manipulation Tools 88

IP and Port Labeling Files 89

SiLK Runtime Plug-Ins 89

SiLK Utilities for Packet Capture and IPFIX Processing 90

Utilities to Detect Network Scans 90

SiLK Flow File Utilities 90

Additional SiLK Utilities 91

Elasticsearch, Logstash, and Kibana Stack 92

Elasticsearch 92

Logstash 92

Kibana 93

Elasticsearch Marvel and Shield 94

ELK Deployment Topology 94

Installing ELK 95

Installing Elasticsearch 96

Install Kibana 105

Installing Nginx 106

Install Logstash 107

Summary 109

Chapter 5 Big Data Analytics and NetFlow 111

Introduction to Big Data Analytics for Cyber Security 111

What Is Big Data? 111

Unstructured Versus Structured Data 112

Extracting Value from Big Data 113

NetFlow and Other Telemetry Sources for Big Data Analytics for Cyber Security 114

OpenSOC 115

Hadoop 116

HDFS 117

Flume 119

Kafka 120

Storm 121

Hive 122

Elasticsearch 123

HBase 124

Third-Party Analytic Tools 125

Other Big Data Projects in the Industry 126

Understanding Big Data Scalability: Big Data Analytics in the Internet of Everything 127

Summary 128

Chapter 6 Cisco Cyber Threat Defense and NetFlow 129

Overview of the Cisco Cyber Threat Defense Solution 129

The Attack Continuum 130

Cisco CTD Solution Components 131

NetFlow Platform Support 133

Traditional NetFlow Support in Cisco IOS Software 133

NetFlow Support in Cisco IOS-XR Software 135

Flexible NetFlow Support 135

NetFlow Support in Cisco ASA 140

Deploying the Lancope StealthWatch System 140

Deploying StealthWatch FlowCollectors 142

StealthWatch FlowReplicators 146

StealthWatch Management Console 146

Deploying NetFlow Secure Event Logging in the Cisco ASA 148

Deploying NSEL in Cisco ASA Configured for Clustering 151

Unit Roles and Functions in Clustering 152

Clustering NSEL Operations 152

Configuring NSEL in the Cisco ASA 153

Configuring NSEL in the Cisco ASA Using ASDM 153

Configuring NSEL in the Cisco ASA Using the CLI 155

NSEL and Syslog 156

Defining the NSEL Export Policy 157

Monitoring NSEL 159

Configuring NetFlow in the Cisco Nexus 1000V 160

Defining a Flow Record 161

Defining the Flow Exporter 162

Defining a Flow Monitor 163

Applying the Flow Monitor to an Interface 164

Configuring NetFlow in the Cisco Nexus 7000 Series 164

Configuring the Cisco NetFlow Generation Appliance 166

Initializing the Cisco NGA 166

Configuring NetFlow in the Cisco NGA via the GUI 168

Configuring NetFlow in the Cisco NGA via the CLI 169

Additional Cisco CTD Solution Components 171

Cisco ASA 5500-X Series Next-Generation Firewalls and the Cisco ASA with FirePOWER Services 171

Next-Generation Intrusion Prevention Systems 172

FireSIGHT Management Center 173

AMP for Endpoints 173

AMP for Networks 176

AMP Threat Grid 176

Email Security 177

Email Security Appliance 177

Cloud Email Security 179

Cisco Hybrid Email Security 179

Web Security 180

Web Security Appliance 180

Cisco Content Security Management Appliance 184

Cisco Cloud Web Security 185

Cisco Identity Services Engine 186

Summary 187

Chapter 7 Troubleshooting NetFlow 189

Troubleshooting Utilities and Debug Commands 189

Troubleshooting NetFlow in Cisco IOS and Cisco IOS XE Devices 194

Cisco IOS Router Flexible NetFlow Configuration 195

Troubleshooting Communication Problems with the NetFlow Collector 201

Additional Useful Troubleshooting Debug and Show Commands 204

Verifying a Flow Monitor Configuration 204

Displaying Flow Exporter Templates and Export IDs 207

Debugging Flow Records 212

Preventing Export Storms with Flexible NetFlow 213

Troubleshooting NetFlow in Cisco NX-OS Software 214

Troubleshooting NetFlow in Cisco IOS-XR Software 217

Flow Exporter Statistics and Diagnostics 219

Flow Monitor Statistics and Diagnostics 222

Displaying NetFlow Producer Statistics in Cisco IOS-XR 226

Additional Useful Cisco IOS-XR Show Commands 228

Troubleshooting NetFlow in the Cisco ASA 228

Troubleshooting NetFlow in the Cisco NetFlow Generation Appliance 235

Gathering Information About Configured NGA Managed Devices 235

Gathering Information About the Flow Collector 236

Gathering Information About the Flow Exporter 237

Gathering Information About Flow Records 237

Gathering Information About the Flow Monitor 238

Show Tech-Support 239

Additional Useful NGA show Commands 245

Summary 246

Chapter 8 Case Studies 247

Using NetFlow for Anomaly Detection and Identifying DoS Attacks 247

Direct DDoS Attacks 248

Reflected DDoS Attacks 248

Amplification Attacks 249

Identifying DDoS Attacks Using NetFlow 250

Using NetFlow in Enterprise Networks to Detect DDoS Attacks 250

Using NetFlow in Service Provider Networks to Detect DDoS Attacks 253

Using NetFlow for Incident Response and Forensics 254

Credit Card Theft 254

Theft of Intellectual Property 259

Using NetFlow for Monitoring Guest Users and Contractors 262

Using NetFlow for Capacity Planning 267

Using NetFlow to Monitor Cloud Usage 269

Summary 271

TOC, 9781587144387, 8/25/2015

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020