CSIRT

Last updated: 
4 months 6 days ago
Blog Manager
Log in to request membershipHide blog description

We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Blog Article

Business Email Compromise (BEC) group targeting the academic sector

We have observed a regional threat, targeting and attacking the UK academic sector. We have identified them through their attacking behaviours, sources of login activity, and phishing techniques. Here we present the knowledge of their tactics, techniques and procedures (TTPs) observed and how to identify them, to help institutions defend against future attacks.

#CSIRT
#security
#phishing
5 February 2019 at 10:43am
Julian Fort
Blog Article

Incident Response Triage – Final steps

Incident Response Triage - Eradication, Recovery and Lessons Learned

This is part two of a two-part blog set covering an overview of the Incident Response life-cycle. In response to an incident, the next life-cycle steps that follow the containment stage are the remediation steps; eradication of the threat, recovery of systems and lessons learned. This second article focuses on each of these stages, highlighting the important areas to consider within the remaining life-cycle steps.

incident response
#security
CSIRT
20 December 2018 at 1:46pm
Julian Fort
Blog Article

The advantages of network segmentation

Running traditional flat networks is now an ageing model and it is an outdated assumption that everything on the inside of an organization’s network should be trusted.[1] By segmenting a network and applying appropriate controls, we can break a network into a multi-layer structure that hinders threat agents or actions from reaching hardened systems and restricts their movement across the network.

CSIRT
networking
#security
9 July 2018 at 9:24am
Julian Fort
Blog Article

Centralisation of logging using WEF

What I find in my daily incident response work with different sites is the need to promote the importance of logging: namely centralised log collection. It cannot be understated how logs prove invaluable in a security incident. Tracing through logs on a central location makes investigation so much easier, and allows incident responders to locate a security event. There shouldn’t be any surprise for Windows Infrastructure owners that a free method to centralise logs from servers exists. That is Windows Event Forwarding.

#security
incident response
Monitoring
14 December 2017 at 9:40am
Julian Fort
Blog Article

An Emotet malware incident write up

Janet network CSIRT recently provided guidance to a Janet-connected organisation that experienced a malware infection. The site performed a full analysis of the incident and wrote a post mortem of the event and the lessons learned from it. The report was created initially for internal use, but they have kindly allowed us to publish a redacted version, in case it is useful for other institutions:

1 Summary

malware
incident response
#security
4 December 2017 at 2:32pm
Julian Fort
Prev | Next