Automatic Network Protection Scenarios Using NetFlow

• Authors: KRMÍČEK Vojtěch; VYKOPAL Jan
• Year of publication: 2012
• Type: R&D Presentation
• MU Faculty or unit: Institute of Computer Science

Attached files

• protection-scenarios_flocon.pdf

• Description: Protecting a computer network against various types of network attacks is becoming more difficult due to increasing speeds of current computer networks and due to new types of network threats appearing every day. NetFlow monitoring is used with advantage to inspect all incoming traffic and detect attacks against monitored networks. In this presentation we will describe five scenarios using NetFlow for an automatic protection of a local network: 1) NetFlow monitoring and remotely triggered black hole filtering; 2) NetFlow monitoring and firewalling; 3) NetFlow monitoring and phishing quarantine; 4) NetFlow monitoring and traffic shaping; and 5) NetFlow monitoring and counter-attacking. These scenarios will be illustrated using the example of an SSH brute force attack. Possibilities to use a hardware device for NetFlow monitoring and traffic filtering will be discussed and compared to software alternatives.

Related projects

• CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment