ProHoster > Blog > Administration > 1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

Welcome to our next mini course. This time we will talk about our new service βˆ’ CheckFlow. What it is? In fact, this is just a marketing name for a free audit of network traffic (both internal and external). The audit itself is performed using such a wonderful tool as flowmon, which can be used by absolutely any company, free of charge, within 30 days. But, I assure you that after the first hours of testing, you will begin to receive valuable information about your network. Moreover, this information will be valuable as for network administratorsAnd for the "security guards". Well, let's discuss what this information is and what is its value (At the end of the article, as usual, a video lesson).

Here, let's make a small digression. I’m just sure that the thought flashed through many now: β€œHow is this different from Check Point Security CheckUP?”. Our subscribers probably know what it is (we spent a lot of effort on this) πŸ™‚ Do not rush to conclusions, everything will fall into place during the lesson.

What a network administrator can check with this audit:

  • Network traffic analytics - what channels are loaded with, what protocols are used, which servers or users consume the largest amount of traffic.
  • Network delays and losses - the average response time of your services, the presence of losses on all your channels (the ability to find a bottleneck).
  • User traffic analytics β€” complex analysis of user traffic. Traffic volumes, applications used, problems in working with corporate services.
  • Application evaluation - identifying the cause of problems in the operation of corporate applications (network delays, response time of services, databases, applications).
  • SLA monitoring - automatically detects and reports critical delays and losses when using your public web applications based on real traffic.
  • Search for network anomalies - DNS/DHCP spoofing, loops, fake DHCP servers, anomalous DNS/SMTP traffic and more.
  • Configuration issues - detection of illegitimate traffic of users or servers, which may indicate incorrect settings of switches or firewalls.
  • Comprehensive Report β€” a detailed report on the state of your IT infrastructure that allows you to plan work or purchase additional equipment.

What can an information security specialist check:

  • Viral activity - detects viral traffic within the network, including unknown malware (0-day) based on behavioral analysis.
  • Distribution of ransomware - the ability to detect ransomware, even if the distribution is between neighboring computers without leaving its segment.
  • anomalous activity β€” abnormal traffic of users, servers, applications, ICMP/DNS tunneling. Identification of real or potential threats.
  • Network attacks - port scanning, brut-force attacks, DoS, DDoS, traffic interception (MITM).
  • Leakage of corporate data - detection of anomalous downloads (or uploads) of corporate data from the company's file servers.
  • Rogue Devices - detection of illegitimate devices connected to the corporate network (identification of the manufacturer and operating system).
  • Unwanted Applications - use of prohibited applications within the network (Bittorent, TeamViewer, VPN, Anonymizers, etc.).
  • Cryptominers and Botnets - checking the network for infected devices connecting to known C&C servers.

Reporting

Based on the results of the audit, you can see all the analytics on Flowmon dashboards or in PDF reports. Below are some examples.

General traffic analytics

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

Custom dashboard

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

anomalous activity

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

Discovered Devices

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

Typical testing scheme

Scenario #1 - one office

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

The key feature is that you can analyze both external and internal traffic that does not fall under the analysis of network perimeter protection devices (NGFW, IPS, DPI, etc.).

Scenario #2 - several offices

1. CheckFlow - fast and free comprehensive audit of internal network traffic using Flowmon

Video tutorial

Summary

CheckFlow audit is a great opportunity for IT/IS managers:

  1. Identify current and potential problems in your IT infrastructure;
  2. Detect problems with information security and the effectiveness of existing protection tools;
  3. Determine the key problem in the operation of business applications (network part, server, software) and those responsible for its solution;
  4. Significantly reduce the troubleshooting time in the IT infrastructure;
  5. Justify the need to expand channels, server capacity or additional purchase of security equipment.

I also recommend reading our previous article - 9 Typical Network Problems That Can Be Detected Using NetFlow Analysis (using Flowmon as an example).
If you are interested in this topic, then stay tuned (Telegram, Facebook, VK, TS Solution Blog, Yandex.Zen).

Only registered users can participate in the survey. Sign in, you are welcome.

Do you use NetFlow/sFlow/jFlow/IPFIX analyzers?

  • Present in several = 55,6%Yes5

  • Present in several = 11,1%No, but I plan to use

  • Present in several = 33,3%No3

9 users voted. 1 user abstained.

Source: habr.com

Add a comment