Network Visibility and Segmentation Flashcards
Is a unidirectional series of packets between a given source and destination
Flow
In a “flow”, source , destination, source port, destination ports and ip protocols are often referred as?
five-tuple
Flexible Netflow, Cisco’s next generation NetFlow can track a wide range of Layer 2, IPv4, and IPv6 flow information, such as?
Source and Destination MAC Source and Destination IPv4/IPv6 Souce and Destination Ports ToS DSCP Packet and byte counts Flow timestamps Input and output interface TCP flags and encapsulated protocol Section of packet for deeper inspection All field in ipv4 and ipv6 routing information
- Type of Netflow Cache
- Default cache type. Entries in the flow are removed (aged out) based on the configured timeout active and timeout inactive seconds settings
Normal Cache
- Type of Netflow Cache
- Flow account for a single packet. Desirable for real-time traffic monitoring and DDOS detection
Immediate Cache
- Type of Netflow Cache
- Used to track a set of flows without expiring the flows from the cache. Entire cache is periodically exported
Permanent Cache
Is a technology created by Cisco that provides comprehensive visibility into all network traffic that traverse a Cisco-supported device.
Netflow
Is a network appliance that functions similarly to a traditional packet capture appliance or IDS in that it connect into a Switch Port Analyzer (SPAN), mirror port or a Test Access port (TAP).
Cisco Stealthwatch Flow Sensor.
What are network telemetry sources that ca also be correlated with Netflow while responding to security incidents and performing forensics
DHCP logs VPN Logs NAT information 802.1x logs server logs web proxy logs spam filter from email security appliance such as Cisco Email Security Appliance (ESA)
is a network flow standard led by the internet engineering task force (IETF). It was created for a common, universal standard of export for the flow information from routers, switches, firewall and other infra devices. Documented thru RFC7011-7015 and 5103
IPFIX(Internet Protocol Flow Information Export)
IPFIX defines different elements that are grouped into the following 12 categories
- identifiers
- metering and exporting process configuraiton
- metering and exporting process statistics
- IP header fields
- transport header fields
- sub-ip header fields
- derived-packet properties
- min/max flow properties
- flow timestamps
- per-flow counters
- miscellaneous flow properties
- padding
- Protocol used by IPFIX
- Refer as simple state machine than feature provided by TCP
- Combines the best effort reliability of UPD while still providing TCP-like congestion control
Stream Control Transmission Protocol (SCTP)
- Cisco Solution
- Is a collection of services available in serveral cisco network infra devices to provide application level classification,monitoring and traffic control. Supported by Cisco ISR, Cisco ASR 1000, WLC.
Cisco Application Visilbility and Control (AVC)
Netflow Deployment scenarios
User access layer Wireless lan Data Centre Internet Edge Netflow site-to-site and remote access VPN Netflow in cloud environments
This solutions allow network administrators and cybersecurity professionals to analyze network telemetry in a timely manner to defend against advance cyber threats
Cisco Stealtwatch
-Components of Cisco Stealtwatch
A physical or virtual appliance that collects Netflow data from infrastructure devices
FlowCollector
