SlideShare a Scribd company logo

Easing the Transition to IPv6 with NetFlow

Lancope, Inc.
Lancope, Inc.

Flow-based network monitoring solutions can help ease the transition to IPv6 by tracking how network devices and applications behave before, during and after the cutover, helping to mitigate any anomalies before they become a serious issue. Learn how NetFlow can help governments and enterprises make this important conversion.

Technology
1 of 13
Download to read offline
Easing the Transition to IPv6 with NetFlow Chris Smithee, Strategic Solutions Architect Know Your Network, Run Your Business
Why should we change to IPv6?  Federal mandate if you’re a government agency – Sept 28, 2010 a mandate was enacted to require federal agencies to have web facing IPv6 by EoY of 2012, and internal IPv6 by 2014 https://cio.gov/wp-content/uploads/downloads/2012/09/Transition-to-IPv6.pdf  Eventually companies will have to be on IPv6 to do business  Dwindling IP space creates problems – Lack of IP space for new Internet bound companies – Creation of solutions that have adverse impact on monitoring and mitigation  You may already be using it locally- inadvertently 2 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
Perception of the problem  Changing to IPv6 exposes me to unknown problems and threats – Yes, but so does not changing to IPv6. New threats are discovered and created daily. We always have to have a plan to mitigate the next unknown.  Its expensive to convert – Most companies have plans for refresh cycles on equipment, they simply need to time upgrades to coincide with the network refresh. Its possible to run mixed mode environments to prevent the need to do simultaneous global rollout of IPv6 as a service  I have to plan the upgrade and I don’t have enough time – Start planning if you haven’t already. Avoiding the problem won’t make it go away and simply introduces a time crunch later. This isn’t a change you have to make overnight.  I’m not sure I can monitor IPv6 traffic effectively – Virtually all classes of monitoring tools have caught up so that they have some level of support. Work with your vendor to find out if they do. If not, there ARE alternatives. Let your vendors know that you are aware of that. 3 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
How can NetFlow help me? Know Your Network, Run Your Business
NetFlow v5* (most common) * fixed format, cannot be extended to include new fields
IPv4 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) TTL Protocol Options bitmap Fragmentation Flags Version Fragmentation Offset Precedence Identification DSCP Header Length TOS Total Length Interface Input Output Flow Sampler ID Direction Source MAC address Destination MAC address Dot1q VLAN Source VLAN Layer 2 IPv6 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) DSCP Protocol Extension Headers Traffic Class Hop-Limit Flow Label Length Option Header Next-header Header Length Version Payload Length Dest VLAN Dot1q priority NetFlow Version 9: Key Fields
Track Rate of Adoption 7 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
Inventory Reporting 8 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)  Significant implications to Vulnerability scans  IPv6 has a LOT of addresses  Leading practice for ISPs is to provide a /48 netmask. That’s 80 bits of usable IP  Unfiltered scans can be challenging  Helpful subnetting link: https://supportforums.cisco.com/docs/DOC- 17232
See the unseen  There will always be something that slides through the cracks of your best detection technologies. At a minimum NetFlow is the network accounting that shows you how it happened 9 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
Flow-based Anomaly Detection
Behavior-based Analysis
NetFlow security use cases • Identifying BotNet Command & Control Activity. BotNets are implanted in the enterprise to execute commands from their Bot herders to send SPAM, Denial of Service attacks, or other malicious acts. • Revealing Data Loss. Code can be hidden in the enterprise to export of sensitive information back to the attacker. This Data Leakage may occur rapidly or over time. • Detecting Sophisticated and Persistent Threats. Malware that makes it past perimeter security can remain in the enterprise waiting to strike as lurking threats. These may be zero day threats that do not yet have an antivirus signature or be hard to detect for other reasons. • Finding Internally Spread Malware. Network interior malware proliferation can occur across hosts for the purpose gathering security reconnaissance data, data exfiltration or network backdoors. • Uncovering Network Reconnaissance. Some attacks will probe the network looking for attack vectors to be utilized by custom-crafted cyber threats.
Sales sales@lancope.com Marketing marketing@lancope.com Questions and Contact

Recommended

Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
Saline_Interface_Mapping
Saline_Interface_MappingSaline_Interface_Mapping
Saline_Interface_MappingBenjamin Seive
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
Definite and Indefinite and Zero Articles
Definite and Indefinite and Zero ArticlesDefinite and Indefinite and Zero Articles
Definite and Indefinite and Zero ArticlesAsmae Azzamouri
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesLancope, Inc.
 
(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per Second
(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per Second(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per Second
(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per SecondAmazon Web Services
 
SUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAM
SUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAMSUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAM
SUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAMDr. Oliver Massmann
 
Hunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsHunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsLancope, Inc.
 

Recommended

Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
Saline_Interface_Mapping
Saline_Interface_MappingSaline_Interface_Mapping
Saline_Interface_MappingBenjamin Seive
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
Definite and Indefinite and Zero Articles
Definite and Indefinite and Zero ArticlesDefinite and Indefinite and Zero Articles
Definite and Indefinite and Zero ArticlesAsmae Azzamouri
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesLancope, Inc.
 
(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per Second
(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per Second(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per Second
(BDT323) Amazon EBS & Cassandra: 1 Million Writes Per SecondAmazon Web Services
 
SUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAM
SUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAMSUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAM
SUPPORTING REGIME FOR SMALL AND MEDIUM ENTERPRISES (“SMEs”) IN VIETNAMDr. Oliver Massmann
 
Hunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsHunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsLancope, Inc.
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
I wonder ... Designing for Curiosity
I wonder ... Designing for CuriosityI wonder ... Designing for Curiosity
I wonder ... Designing for CuriositySebastian Deterding
 
FARO REPORT Premium Sample
FARO REPORT Premium SampleFARO REPORT Premium Sample
FARO REPORT Premium SampleMiyu Mito
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法Yuki Yokoyama
 
Rapid Software Development Process
Rapid Software Development ProcessRapid Software Development Process
Rapid Software Development ProcessThanh Nguyen
 
Starbucks Strategic Analysis
Starbucks Strategic AnalysisStarbucks Strategic Analysis
Starbucks Strategic AnalysisNavneet Madan
 
Dengue
DengueDengue
DengueSebastián Ávila
 
CUADRO SINOPTICO
CUADRO SINOPTICOCUADRO SINOPTICO
CUADRO SINOPTICOguestfff150
 
Grocery Application Development In Android and iOS
Grocery Application Development In Android and iOSGrocery Application Development In Android and iOS
Grocery Application Development In Android and iOSRapidsoft Technologies
 
Tata Cara Pengaturan Kunjungan Tamu Negara
Tata Cara Pengaturan Kunjungan Tamu NegaraTata Cara Pengaturan Kunjungan Tamu Negara
Tata Cara Pengaturan Kunjungan Tamu Negaraactnow2profit
 
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016Notice of Hearing Curative Petition Criminal (D) 41026 of 2016
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016Om Prakash Poddar
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 

More Related Content

Viewers also liked

Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
I wonder ... Designing for Curiosity
I wonder ... Designing for CuriosityI wonder ... Designing for Curiosity
I wonder ... Designing for CuriositySebastian Deterding
 
FARO REPORT Premium Sample
FARO REPORT Premium SampleFARO REPORT Premium Sample
FARO REPORT Premium SampleMiyu Mito
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法Yuki Yokoyama
 
Rapid Software Development Process
Rapid Software Development ProcessRapid Software Development Process
Rapid Software Development ProcessThanh Nguyen
 
Starbucks Strategic Analysis
Starbucks Strategic AnalysisStarbucks Strategic Analysis
Starbucks Strategic AnalysisNavneet Madan
 
CUADRO SINOPTICO
CUADRO SINOPTICOCUADRO SINOPTICO
CUADRO SINOPTICOguestfff150
 
Grocery Application Development In Android and iOS
Grocery Application Development In Android and iOSGrocery Application Development In Android and iOS
Grocery Application Development In Android and iOSRapidsoft Technologies
 
Tata Cara Pengaturan Kunjungan Tamu Negara
Tata Cara Pengaturan Kunjungan Tamu NegaraTata Cara Pengaturan Kunjungan Tamu Negara
Tata Cara Pengaturan Kunjungan Tamu Negaraactnow2profit
 
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016Notice of Hearing Curative Petition Criminal (D) 41026 of 2016
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016Om Prakash Poddar
 

Viewers also liked (13)

Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
I wonder ... Designing for Curiosity
I wonder ... Designing for CuriosityI wonder ... Designing for Curiosity
I wonder ... Designing for Curiosity
 
FARO REPORT Premium Sample
FARO REPORT Premium SampleFARO REPORT Premium Sample
FARO REPORT Premium Sample
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法
Dreamweaverとfireworksを連携し、jQuery mobileのサイトを作る方法
 
Rapid Software Development Process
Rapid Software Development ProcessRapid Software Development Process
Rapid Software Development Process
 
Starbucks Strategic Analysis
Starbucks Strategic AnalysisStarbucks Strategic Analysis
Starbucks Strategic Analysis
 
Dengue
DengueDengue
Dengue
 
CUADRO SINOPTICO
CUADRO SINOPTICOCUADRO SINOPTICO
CUADRO SINOPTICO
 
Grocery Application Development In Android and iOS
Grocery Application Development In Android and iOSGrocery Application Development In Android and iOS
Grocery Application Development In Android and iOS
 
Tata Cara Pengaturan Kunjungan Tamu Negara
Tata Cara Pengaturan Kunjungan Tamu NegaraTata Cara Pengaturan Kunjungan Tamu Negara
Tata Cara Pengaturan Kunjungan Tamu Negara
 
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016Notice of Hearing Curative Petition Criminal (D) 41026 of 2016
Notice of Hearing Curative Petition Criminal (D) 41026 of 2016
 

More from Lancope, Inc.

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Lancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarLancope, Inc.
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 

More from Lancope, Inc. (20)

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 

Recently uploaded

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Easing the Transition to IPv6 with NetFlow

  • 1. Easing the Transition to IPv6 with NetFlow Chris Smithee, Strategic Solutions Architect Know Your Network, Run Your Business
  • 2. Why should we change to IPv6?  Federal mandate if you’re a government agency – Sept 28, 2010 a mandate was enacted to require federal agencies to have web facing IPv6 by EoY of 2012, and internal IPv6 by 2014 https://cio.gov/wp-content/uploads/downloads/2012/09/Transition-to-IPv6.pdf  Eventually companies will have to be on IPv6 to do business  Dwindling IP space creates problems – Lack of IP space for new Internet bound companies – Creation of solutions that have adverse impact on monitoring and mitigation  You may already be using it locally- inadvertently 2 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • 3. Perception of the problem  Changing to IPv6 exposes me to unknown problems and threats – Yes, but so does not changing to IPv6. New threats are discovered and created daily. We always have to have a plan to mitigate the next unknown.  Its expensive to convert – Most companies have plans for refresh cycles on equipment, they simply need to time upgrades to coincide with the network refresh. Its possible to run mixed mode environments to prevent the need to do simultaneous global rollout of IPv6 as a service  I have to plan the upgrade and I don’t have enough time – Start planning if you haven’t already. Avoiding the problem won’t make it go away and simply introduces a time crunch later. This isn’t a change you have to make overnight.  I’m not sure I can monitor IPv6 traffic effectively – Virtually all classes of monitoring tools have caught up so that they have some level of support. Work with your vendor to find out if they do. If not, there ARE alternatives. Let your vendors know that you are aware of that. 3 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • 4. How can NetFlow help me? Know Your Network, Run Your Business
  • 5. NetFlow v5* (most common) * fixed format, cannot be extended to include new fields
  • 6. IPv4 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) TTL Protocol Options bitmap Fragmentation Flags Version Fragmentation Offset Precedence Identification DSCP Header Length TOS Total Length Interface Input Output Flow Sampler ID Direction Source MAC address Destination MAC address Dot1q VLAN Source VLAN Layer 2 IPv6 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) DSCP Protocol Extension Headers Traffic Class Hop-Limit Flow Label Length Option Header Next-header Header Length Version Payload Length Dest VLAN Dot1q priority NetFlow Version 9: Key Fields
  • 7. Track Rate of Adoption 7 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • 8. Inventory Reporting 8 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)  Significant implications to Vulnerability scans  IPv6 has a LOT of addresses  Leading practice for ISPs is to provide a /48 netmask. That’s 80 bits of usable IP  Unfiltered scans can be challenging  Helpful subnetting link: https://supportforums.cisco.com/docs/DOC- 17232
  • 9. See the unseen  There will always be something that slides through the cracks of your best detection technologies. At a minimum NetFlow is the network accounting that shows you how it happened 9 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • 12. NetFlow security use cases • Identifying BotNet Command & Control Activity. BotNets are implanted in the enterprise to execute commands from their Bot herders to send SPAM, Denial of Service attacks, or other malicious acts. • Revealing Data Loss. Code can be hidden in the enterprise to export of sensitive information back to the attacker. This Data Leakage may occur rapidly or over time. • Detecting Sophisticated and Persistent Threats. Malware that makes it past perimeter security can remain in the enterprise waiting to strike as lurking threats. These may be zero day threats that do not yet have an antivirus signature or be hard to detect for other reasons. • Finding Internally Spread Malware. Network interior malware proliferation can occur across hosts for the purpose gathering security reconnaissance data, data exfiltration or network backdoors. • Uncovering Network Reconnaissance. Some attacks will probe the network looking for attack vectors to be utilized by custom-crafted cyber threats.