How to review information flow?  Does Cisco Netflow offers this?

sunhux
sunhux used Ask the Experts™
on
In one presentation by an IT regulator & Cyber Security Agency,
one slide mentioned about reviewing "Netflow" & a couple of
slides later, it require us is to perform periodic "review of
information flow" :

though I raised if these are related ie by reviewing "Cisco Netflow",
we are deemed to have addressed the requirement to "review
information flow" : the presenter doesn't quite seem to know,
thus I'm clarifying here:
does Cisco Netflow offers a form of documenting information
flow?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
I asked the presenter if reviewing the firewall rules (as it shows source & destination)
is good enough: he felt it's more of what data is viewed & entered for the various
IT services.

I tend to think along the line of "top talkers" (ie top sources & destinations of traffic).
Any free tools (PRTG?) that helps us do such reviews is appreciated
Distinguished Expert 2018
Commented:
Netflow can provide network traffic baseline. There is a need for longer period of gathering monitoring information to create proper baseline. The benefit is  that we can compare typical network throughput (including types of traffic) with current traffic (per host, between specific hosts etc). If there is sudden increase of traffic in some part of the network it can mean that someone is stealing data (for example by using ICMP or DNS traffic :) ) or that there is is DoS attack etc.
Netflow (IPFIX is standardized IETF protocol) provides information about traffic flows:
- Source IP
- Destination IP
- Source Port
- Destination port
- Protocol
- Amount of sent data in session
- Amount of received data in session
- Source interface
- Destination interface
- CoS/DCSP field
etc

PRTG can be analyze netflow information.

Author

Commented:
is Netflow something we need to purchase or it's free for Cisco customers?
Do we need to configure something on the various Cisco switches/routers to enable Netflow to capture the data?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018
Commented:
Netflow is already present on devices just need to be configured (at least middle to high end devices). Netflow increases CPU utilization, so monitor device parameters.
Configuration commands may differ from device to device, but pattern is generally the same. Need to be configured:
- Flow Record
- Flow Exporter
- Flow Monitor
- And need to be associate with interface

Configuration  example:
Solarwinds - How-To Configure NetFlow v5 & v9 on Cisco Routers

Author

Commented:
excellent, let me review this with colleagues & if there's no further
doubts, will close this in two days' time

Author

Commented:
Can the free version of Solarwinds extract & email us the reports of the
Netflow traffic (Top talkers, top Source/Destinations) on daily basis
or can help suggest other free tools that could do this (PRTG)
Distinguished Expert 2018

Commented:
I am not sure which tool(s) that could satisfy your requirements.
One note - PRTG is not free, it is free up to 100 sensors.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial