CH 5 Flashcards
technology originally created by Cisco that provides comprehensive visibility
into all network traffic that traverses a Cisco-supported device
netflow
a unidirectional series of packets between a given source and destination
flow
This is often referred to as the five-tuple
source and destination ip address, source and destination ports, and ip protocol
can track a wide range of Layer 2, IPv4,
and IPv6 flow information
flexible netflow
list 3 things that netflow can provide
non-repudiation, anomaly detection, investigative capabilities
(NIST) created the following
methodology on security incident handling, which has been adopted by many organizations,
including service providers, enterprises, and government organizations:
1) Preparation
2) Detection and Analysis
3) Containment, eradication and recovery
4) Post-incident activity (postmortem and lessons learned)
augments visibility where NetFlow is not available in the infrastructure device (router, switch,
and so on) or where NetFlow is available but you want deeper visibility into performance
metrics and packet data.
Cisco Stealthwatch Flow Sensor
a network flow standard led by
the Internet Engineering Task Force (IETF) created for a common, universal
standard of export for the flow information from routers, switches, firewalls, and other
infrastructure devices.
IPFIX (Internet Protocol Flow Information Export)
describes the structure of flow data records within a data set, composed of (information element [IE] and length) pairs
IPFIX template
provide field
type information for each template.
IE (information element)
provides a packet transport service designed to support several
features beyond TCP or UDP capabilities including Packet streams, Partial reliability (PR) extension, Unordered delivery of packets or records, and Transport layer multihoming
SCTP (Stream Control Transmission Protocol)
a collection of services available
in several Cisco network infrastructure devices to provide application-level classification,
monitoring, and traffic control.
AVC (Cisco Application Visibility and Control)
what are the 4 capabilities of AVC
■ Application recognition
■ Metrics collection and exporting
■ Management and reporting systems
■ Network traffic control
what does Cisco AVC use to to provide deep packet inspection (DPI) technology to identify a wide variety of applications
within the network traffic flow, using Layer 3 to Layer 7 data
NBAR2
List 6 netflow deployment scenarios
user access layer
wireless LAN
INET edge
Data Center
Site to Site VPN
Cloud Environments
collects network flow information from an endpoint on or off premises
NVM (network visibility module for anyconnect)
uses NetFlow telemetry and contextual information
from the Cisco network infrastructure. This solution allows network administrators and
cybersecurity professionals to analyze network telemetry in a timely manner to defend
against advanced cyber threats
Cisco Stealthwatch
the concept of “proactively” or “actively” searching for advanced threats
that may evade your security products and capabilities.
threat hunting
can identify malicious (malware) communications in encrypted traffic through
passive monitoring, the extraction of relevant data elements, and a combination of behavioral
modeling and machine learning
Cisco ETA (encrypted traffic analytics)
a cloud-based Cisco solution that uses machine
learning and statistical modeling of networks to creates a baseline of the traffic in your network and identify anomalies
Cisco CTA (Cisco Cognitive Threat Analytics)
the process of logically grouping network assets, resources,
and applications
Network Segmentation
A micro-segment in ACI is also often referred to as a
uSeg EPG
a control plane protocol used to convey
IP-to-SGT mappings to network devices when you cannot perform inline tagging
SXP (Scalable Group Tag Exchange Protocol)
