GEANT2 Security Toolset Training


SWITCH Offices, Zürich, Switzerland, 2 - 4 February 2009


This course has been designed to enable participants to understand and be able to use the Netflow-based GÉANT2 Security Toolset, which consists of the netflow analysis tools NfSen and NfDump and the FlowMon appliance. The course will teach participants to use NfDump and NfSen to analyse such Netflow data and it will explain how to use FlowMon appliances to acquire Netflow data. It will explain how to use the Security Toolset to identify and analyse network security threats. It will also give participants the opportunity to practice using the Toolset in a well-controlled environment.


  • Understand the relevance of Netflow to improving network security.
  • Understand the roles and functions of the GÉANT2 Security Toolset components.
  • Understand the concept of extending the functionality of the GÉANT2 Security Toolset with plugins.
  • Be able to use the GÉANT2 Security Toolset to identify and analyse potential security issues.


  • Why Netflow? Its use for improving network security.
  • Why FlowMon? An attractive way to get Netflow data.
  • Why NfDump and NfSen? Rationale and features.
  • How NfDump and NfSen are used: use cases.
  • Connecting and configuring the FlowMon probe
  • Creating profiles.
  • NfSen alerting.
  • Working with NfSen plug-ins.
  • The road ahead: future developments.
  • Hands-on exercises.

Part Two - Train the trainers (Optional)

The second part of the course will be an optional day to train the attendees in how to deliver a successful training course themselves. This will focus mainly on the non-technical aspects of training, including presentation skills, problem solving, how to create the right atmosphere and much more. Once this part of the course is completed, you will become an Approved Trainer for the GÉANT2 Security Toolset, which allows you to conduct further training in your local community and beyond and grants you permission to use the course materials for this purpose.

NOTE: Participants intending to deliver courses based on the materials used in this training course must have attended the training session on day two.

Timing and schedule

Day one will run from 13:00 - 18:00, day two will run from 09:00 - 18:00 and the last half a day will be from 09:00 - 13:00, allowing participants to fly in and out of Zürich on the first and last days' training respectively.

The main course will run from 13:00 on day one, until lunch on day two (approx. 13:00), then the Train The Trainers part will start after lunch on day two and end around 13:00 on the third day.