Thursday, September 30, 2004

Using NetFlow for security monitoring

SecurityFocus published a great two-part article entitled Detecting Worms and Abnormal Activities with NetFlow (part 1 & part 2). If you have Cisco or other NetFlow-capable network equipment, I highly recommend these articles. They're not terribly technical, but they are a great overview of what NetFlow is and how you can use it to look for some common signs of malicious activity.

No comments: