CSIRT

Last updated: 
4 days 14 hours ago
Blog Manager
Log in to request membershipHide blog description

We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Blog Article

Simple ways to improve your DNS resilience and security: #4 Open DNS Resolvers

Time to move from the mechanics and policy of DNS replication to a new topic. Within the global DNS there are two roles that a server can play: ones that hold data - nameservers, and ones that fetch that data for clients - resolvers. Nameservers need to provide their data to the entire Internet whereas resolvers serve a small set of client systems.

DNS
resolvers
DDOS
nameservers
udp
reflection
amplification
infosec
security
26 June 2014 at 10:10am
James Davis
Blog Article

Simple ways to improve your DNS resilience and security: #2 Zone Transfers

Having designed a redundant DNS infrastructure, one of the most common mistakes is failing to ensure that secondary nameservers can successfully replicate data for the domains it is hosting. The most common way this is done on the Internet is though zone transfers - the AXFR command. This command causes a DNS server to reply with all the data it knows for a domain.

DNS
Resilience
axfr
security
infosec
zone-transfer
24 June 2014 at 1:53pm
James Davis
Blog Article

Simple ways to improve your DNS resilience and security: #1 Redundancy

When providing DNS nameserver services a degree of redundancy is needed. In most cases the DNS records for a particular domain will be hosted by at least two nameservers, but is that enough by itself?

When building a resilient system the risks involved with the failure modes of the system need to be considered and weighed up against the associated costs and overheads. As a common example - does having both DNS servers on the same local network segment provide you with protection against network failure? Probably not.

DNS
primary nameserver
secondary nameserver
security
infosec
risk management
resiliency
24 June 2014 at 1:52pm
James Davis
Blog Article

Simple preparations for DDoS attacks

You can call CSIRT for help
 
If you suspect that your institution is suffering from a DDoS attack you can call on Janet CSIRT for assistance. We can help you understand and analyse the traffic, and in most cases can work with our network operations centre and transit partners to filter traffic. Where possible we work with other network providers to eliminate the sources of the attack.
 
chargen
DNS
CSIRT
security
infosec
DDOS
5 December 2013 at 4:09pm
James Davis
Blog Article

Reflected DDoS attacks

Following on from our messages and briefing at the start of the year, DDOS attacks are continuing to occur at a greater frequency than they have in previous years. We have been working to assist affected customers when they happen.

Many of the attacks make use of unauthenticated UDP based services to reflect and amplify traffic against the chosen target. Open DNS resolvers (53/udp) and increasingly CHARGEN (19/udp) are the two most abused services. It's not unusual to see attacks in the order of 10Gb/s.

CSIRT
security
DDOS
DNS
chargen
29 October 2013 at 11:06am
James Davis
Prev | Next