Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Readability of stored Flowmon monitoring data trough third-party nfdump tools

 

Information

 

Summary:

Flowmon nfcapd files are only readable trough Flowmon collectors

Environment:

Product: Flowmon collector

Version: any

Platform: any

Question/Problem Description:

"If an attacker steals Flowmon's data, is it possible for them to access the data inside the nfcapd file using certain tools?"

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

Monitored data that the collector works with are stored as nfcapd files.

 

In general, nfcapd files are just binary files, so there is no encryption securing them.

In Flowmon, the structure of nfcapd files is heavily modified compared to the standard nfcapd files outside of Flowmon, so they will not be readable / accessible by nfdump tools that are publicly available.

However, from the security standpoint, this isn't something the user should rely on - the transit between the probe and the collector can be encrypted via TLS, and the access to the collector itself should be secured internally if there are security concerns.

Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments