cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
462
Views
0
Helpful
5
Replies

Implications to Network Security of Using NetFlow

ronomeara
Level 1
Level 1

Does anyone know if there are any significant security risks involved in using NetFlow on an enterprise?

2 Accepted Solutions

Accepted Solutions

Farrukh Haroon
VIP Alumni
VIP Alumni

Not really, if you enable it on the right devices using best practices there should not be any issues. Make sure you run the latest IOS version to avoid any bugs.

Make sure the collection device is also secured and so is the transit path between the Net-flow enabled device and the collector.

http://www.securityfocus.com/infocus/1796

Regards

Farrukh

View solution in original post

michael.leblanc
Level 4
Level 4

Presumably you are referring to the exported data.

You might consider encapsulating the exported data in IPSec if you are worried about the data being used for reconnaissance, and have reason to think it may be sniffed in transit.

We've used IPSec to protect in-band configuration management (e.g.: TFTP transfer of config files) occasionally.

View solution in original post

5 Replies 5

Farrukh Haroon
VIP Alumni
VIP Alumni

Not really, if you enable it on the right devices using best practices there should not be any issues. Make sure you run the latest IOS version to avoid any bugs.

Make sure the collection device is also secured and so is the transit path between the Net-flow enabled device and the collector.

http://www.securityfocus.com/infocus/1796

Regards

Farrukh

Thanks, Farrukh, your answer is extremely helpful. I was thinking along the same lines, but I limited the possibilities for risk to login access to NetFlow-enabled routers/switches and other infrastructure devices.

Also, the link you provided has some great content!

Regards,

-- Ron "O"

Thanks, Farrukh, your answer is extremely helpful. I was thinking along the same lines, but I limited the possibilities for risk to login access to NetFlow-enabled routers/switches and other infrastructure devices.

Also, the link you provided has some great content!

Regards,

-- Ron "O"

michael.leblanc
Level 4
Level 4

Presumably you are referring to the exported data.

You might consider encapsulating the exported data in IPSec if you are worried about the data being used for reconnaissance, and have reason to think it may be sniffed in transit.

We've used IPSec to protect in-band configuration management (e.g.: TFTP transfer of config files) occasionally.

Michael,

This is great feedback to add to our collective knowledge. I appreciate it very much.

I've been searching for every negative aspect (from a security perspective) of deploying NetFlow services. The pros are documented everywhere, but not the cons.

Thanks!