header image ≡ Menu

NetFlow to CYA for BYOD

As the BYOD promise of an increase in productivity and improvement to the bottom line becomes more apparent, its adoption in enterprises is inevitable. But BYOD has not been all wine and roses and its biggest impact has been on enterprise security and bandwidth. Let’s look at some of the BYOD problems and how you can use NetFlow to counter them.

Vanishing Network Perimeter:

BYOD causes the network perimeter to disappear. By allowing remote access to enterprise resources, users connect to the enterprise network fromtheir personal devices when away from the office. Problems start when a device falls into the wrong hands and they download sensitive information even before the device is reported lost.

Walk-In with the Malware:

What happens after the user leaves the network? Sometime, somewhere users will connect over an unsecured public Wi-Fi where they are more susceptible to viruses and malware. Edward Felten’s classic comment,“Given a choice between dancing pigs and security, users will pick dancing pigs every time”, is sadly true. If a user picks up a virus or malware and walks into the office next day, it is likely that your firewalls and IDS will not stop those that are physically carried in. Once plugged into the network, the virus or malware spread at the access and distribution layers while your firewalls, ACLs and IDS/IPS are all expecting malicious traffic to come in through the WAN link.

Application Explosion:

The growth in mobile devices has caused an application explosion. At the last count, the top 3 mobile eco-systems combined had more than one million applications1. BYODhas removed the norm of having only business applications on a device. Users install anything they find interesting and the result of it is that your network sees an influx of new, unverified and sometimes unapproved applications, some of which are malware in disguise or some simply bandwidth hogs like mobile versions of file sharing and peer-to-peer apps.

Personal @ Work:

The consumerization of IT has played a part in removing the thick line between personal and work. With BYOD, there is a tendency to use the devices for personal purposes. Do some bandwidth analysis and what you will find are a countless number of tweets, social media apps, personal emails, VoIP calls and YouTube videos.. Add streaming HD videos to the list and your WAN bandwidth can explode.

CYA with NetFlow

NetFlow has over the years become the de facto standard for bandwidth monitoring and traffic analytics and now it is increasingly being used for security. Most access or distribution layer devices support flow export. NetFlow answers the Who, What, When and Where of traffic  by reporting on source and destination IP Addresses, applications, protocols, port numbers, ToS, and more.

NetFlow identifies VPN tunneling protocols like GRE or ESP as well as many remote connection applications. It can be used to watch for high volume remote downloads to make sure no one is downloading more than they should. You can also have your NetFlow reporting tool alert you if the traffic volume crosses a pre-defined threshold or identify any unknown endpoints connecting to your data center.

You can also look at the top conversations or top sources report from your NetFlow tool. Do you see an end point sendingpacketsover one port to multiple destinations? That can be an infected system doing a port scan. Is there excessive SMTP traffic?It could be a bot using your network to send out spam!

Bandwidth monitoring and NetFlow go hand-in-hand. With NetFlow, you can find how much load BYOD has added to your network bandwidth, what applications are behind it or who the top talkers are. Based on the actionable information NetFlow gives, you can tweak your QoS policies to either drop theexcess non-business traffic or set priority for business applications. With NetFlow monitoring software, you can get your applications and sources reports and also make sure the QoS changes you made are really working.

If you have started BYOD adoption, don’t forget to add NetFlow export and reporting to the list of ‘To Do’. Check out Configuring NetFlow on Cisco Routers to see just how easy it is to enable NetFlow reporting.


Author: Don Thomas Jacob, Technical Marketing Specialist and Head Geek

Don Thomas Jacob is a Technical Marketing Specialist and Head Geek at SolarWinds, an IT management software provider based in Austin, Texas. He worked as a tech support engineer; product blogger, product evangelist, and tech marketing lead for close to eight years until he joined SolarWinds in 2013. Don’s experience and interests lie in network performance monitoring solutions, flow-based monitoring technologies like NetFlow, sFlow and IPFIX, and Cisco’s offering for traffic analytics such as Flexible NetFlow, Cisco ASA NSEL, Cisco NBAR, Cisco QoS reporting, Cisco IPSLA, and Cisco Medianet and MediaTrace.

 

Reference:

  1. Adding up available apps for Apple, Android and Microsoft from http://news.cnet.com/8301-1035_3-57542502-94/google-ties-apple-with-700000-android-apps/

Comments on this entry are closed.

  • LN

    So the true issue here is who is going to watch netflow… this is much like IDS, that unless folks babysit it, its useless until you start troubleshooting… and then only useful if you catch it at the right time.

    • DonTJ

      NetFlow is not resource or storage intensive and hence does not require constant monitoring/management. One enables NetFlow export and have a flow tool capture and store the data. Most NetFlow reporting tools in the market stores data and automatically alerts based on threshold violations. As for troubleshooting network incidents, the admin definitely has to be involved, whatever be the technology.

  • Guest

    Woow , that was a good piece of info..Don, I am sure the journey here has been great…

Google+