The Report "Network Profiling Using Flow" Released
Hi, this is Austin Whisnant of the CERT Network Situational Awareness Team (NetSA). After a long time in the making, NetSA has published an SEI technical report on how to inventory assets on a network using network flow data. Knowing what assets are on your network, especially those visible to outsiders, is an important step in gaining network situational awareness.
The report, Network Profiling Using Flow, maps out the steps to take to discover and classify assets, when given only network flow data. The report provides thorough explanations of why each step is taken, and examples of actual commands for those who just want to get things done. The end goal of network profiling using these steps is a list of externally visible hosts, what they do, who they talk to, and their possible security issues.
I authored the report under the guidance of Sid Faber who is also a member of the NetSA team. The approach described in this report represents a necessary first step toward understanding how your network connects to the global internet.
This post has been shared 0 times.
More In CERT/CC Vulnerabilities
The Latest Work from the SEI: Coordinated Vulnerability Disclosure, Cybersecurity Research, Cyber Risk and Resilience, and the Importance of Fostering Diversity in Software Engineering
CERT/CC Comments on Standards and Guidelines to Enhance Software Supply Chain Security
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.