Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
5
Replies

Implications to Network Security of Using NetFlow

Go to solution
ronomeara
Level 1
Level 1

‎06-13-2008 02:41 AM - edited ‎03-09-2019 08:54 PM

Does anyone know if there are any significant security risks involved in using NetFlow on an enterprise?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-13-2008 03:11 AM

Not really, if you enable it on the right devices using best practices there should not be any issues. Make sure you run the latest IOS version to avoid any bugs.

Make sure the collection device is also secured and so is the transit path between the Net-flow enabled device and the collector.

http://www.securityfocus.com/infocus/1796

Regards

Farrukh

View solution in original post

0 Helpful

Go to solution
michael.leblanc
Level 4
Level 4

‎06-13-2008 08:41 AM

Presumably you are referring to the exported data.

You might consider encapsulating the exported data in IPSec if you are worried about the data being used for reconnaissance, and have reason to think it may be sniffed in transit.

We've used IPSec to protect in-band configuration management (e.g.: TFTP transfer of config files) occasionally.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-13-2008 03:11 AM

Not really, if you enable it on the right devices using best practices there should not be any issues. Make sure you run the latest IOS version to avoid any bugs.

Make sure the collection device is also secured and so is the transit path between the Net-flow enabled device and the collector.

http://www.securityfocus.com/infocus/1796

Regards

Farrukh

0 Helpful

Go to solution
ronomeara
Level 1
Level 1
In response to Farrukh Haroon

‎06-13-2008 09:46 AM

Thanks, Farrukh, your answer is extremely helpful. I was thinking along the same lines, but I limited the possibilities for risk to login access to NetFlow-enabled routers/switches and other infrastructure devices.

Also, the link you provided has some great content!

Regards,

-- Ron "O"

0 Helpful

Go to solution
ronomeara
Level 1
Level 1
In response to Farrukh Haroon

‎06-13-2008 09:48 AM

Thanks, Farrukh, your answer is extremely helpful. I was thinking along the same lines, but I limited the possibilities for risk to login access to NetFlow-enabled routers/switches and other infrastructure devices.

Also, the link you provided has some great content!

Regards,

-- Ron "O"

0 Helpful

Go to solution
michael.leblanc
Level 4
Level 4

‎06-13-2008 08:41 AM

Presumably you are referring to the exported data.

You might consider encapsulating the exported data in IPSec if you are worried about the data being used for reconnaissance, and have reason to think it may be sniffed in transit.

We've used IPSec to protect in-band configuration management (e.g.: TFTP transfer of config files) occasionally.

0 Helpful

Go to solution
ronomeara
Level 1
Level 1
In response to michael.leblanc

‎06-13-2008 09:58 AM

Michael,

This is great feedback to add to our collective knowledge. I appreciate it very much.

I've been searching for every negative aspect (from a security perspective) of deploying NetFlow services. The pros are documented everywhere, but not the cons.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents