CH 5 Flashcards
technology originally created by Cisco that provides comprehensive visibility
into all network traffic that traverses a Cisco-supported device
netflow
a unidirectional series of packets between a given source and destination
flow
This is often referred to as the five-tuple
source and destination ip address, source and destination ports, and ip protocol
can track a wide range of Layer 2, IPv4,
and IPv6 flow information
flexible netflow
list 3 things that netflow can provide
non-repudiation, anomaly detection, investigative capabilities
(NIST) created the following
methodology on security incident handling, which has been adopted by many organizations,
including service providers, enterprises, and government organizations:
1) Preparation
2) Detection and Analysis
3) Containment, eradication and recovery
4) Post-incident activity (postmortem and lessons learned)
augments visibility where NetFlow is not available in the infrastructure device (router, switch,
and so on) or where NetFlow is available but you want deeper visibility into performance
metrics and packet data.
Cisco Stealthwatch Flow Sensor
a network flow standard led by
the Internet Engineering Task Force (IETF) created for a common, universal
standard of export for the flow information from routers, switches, firewalls, and other
infrastructure devices.
IPFIX (Internet Protocol Flow Information Export)
describes the structure of flow data records within a data set, composed of (information element [IE] and length) pairs
IPFIX template
provide field
type information for each template.
IE (information element)
provides a packet transport service designed to support several
features beyond TCP or UDP capabilities including Packet streams, Partial reliability (PR) extension, Unordered delivery of packets or records, and Transport layer multihoming
SCTP (Stream Control Transmission Protocol)
a collection of services available
in several Cisco network infrastructure devices to provide application-level classification,
monitoring, and traffic control.
AVC (Cisco Application Visibility and Control)
what are the 4 capabilities of AVC
■ Application recognition
■ Metrics collection and exporting
■ Management and reporting systems
■ Network traffic control
what does Cisco AVC use to to provide deep packet inspection (DPI) technology to identify a wide variety of applications
within the network traffic flow, using Layer 3 to Layer 7 data
NBAR2
List 6 netflow deployment scenarios
user access layer
wireless LAN
INET edge
Data Center
Site to Site VPN
Cloud Environments
