Netflow Based Network Security Analysis presented at SyScan 2004

by Yann Berthier,

Tags: Security Analysis

Summary : Up until recently, security measures have been enforced at the perimeter, while ubiquitous
deployments of remote access links and wireless networks were eroding the network boundaries
thus defined. Recent worms history has clearly demonstrated the fact that the threat is now in
the inside, and that the border defenses are getting circumvented. As this trend is not going
to fade away, large networks must be somewhat domesticated to permit monitoring.While Network Flow data, as exported by routers, were designed for accounting, they represent an
efficient way to record transactions occurring on a network for real time or forensic analysis.
This talk will focus on the security applications of Network Flows, and how they can be used to
detect and analyze network misuses in corporate and service providers' networks.