Security Products and Services

Last updated: 
4 months 2 weeks ago
Group Manager
Cyber security has long been an area of activity for those providing, protecting and supporting services in research and education. For many years we have provided security products and services to help preserve the confidentiality, integrity, and availability of the Janet network and everything on it. Over time the services we offer have evolved and grown to meet your changing needs and the different threats that we are all now seeing.  This Group aims to provide updates and articles about Jisc's security products and services as well as providing relevant news items and links about areas of security that affect Jisc members.
Log in to request membershipHide group description

Group administrators:

Recent members:

Security at Networkshop44

6 April 2016 at 3:47pm

As many of you will know, just before Easter we hosted our annual Networkshop conference at the University of Manchester. In case you were – like me – unable to attend, this post contains a roundup of the security related presentations. Where available I have included links to slides and/or videos, but as you would expect, some of the discussions were closed sessions due to the content that was presented.

In the opening plenary, Steve Kennet (Jisc’s Head of network operations and Jisc Group SIRO) provided:

  • an introduction to the Janet CSIRT team (including an advert for a current vacancy for a Janet network CSIRT security specialist !);
  • highlights of Jisc’s security programme;
  • an overview of some of our security services:
    • Workshop to Raise Awareness of Prevent (WRAP) –  free online training as an introduction to the Prevent strategy;
    • Web Filtering service (recently updated and now cloud-based);
    • a new web filtering framework - multi-supplier, multi-technology (available from mid-May);
  • and an update on Jisc’s ISO27001 progress.

Video: https://youtu.be/ttbNjdPnM2c?t=798 
Slides: http://www.slideshare.net/JISC/jisc-and-janet-network-updates-from-network-operations-operational-services-and-strategic-technologies

Steve was followed by John Seymour (Jisc’s Director of network operations) talking about the Janet network, but he also mentioned the DDoS incidents experienced on the Janet network:

  • 2 attacks a day somewhere on Janet
  • Engineers involved in dealing with 2 a week
  • Some attacks as high as 50Gbit/s, which can affect a whole region

Video: https://youtu.be/ttbNjdPnM2c?t=2023
Slides: http://www.slideshare.net/JISC/jisc-update-network-operations-networkshop44 (slide 12)

The final plenary on Day 1 was from Stephen Farrell from Trinity College Dublin about Pervasive Monitoring - a fascinating talk including some IETF and non-IETF stuff and some “hard problems”.

Video: https://www.youtube.com/watch?v=ttbNjdPnM2c&t=55m58s
Slides: http://www.slideshare.net/JISC/dealing-with-pervasive-monitoring-networkshop44

Day 2 of Networkshop44 had a parallel session devoted to “Learning from software vulnerabilities”. This session was chaired by Andrew Cormack (Jisc’s Chief regulatory adviser) who has also blogged about this more coherently than I can so I recommend you pop over to https://community.jisc.ac.uk/blogs/article/learning-software-vulnerabilities for more information.

Video: https://www.youtube.com/watch?v=ttbNjdPnM2c&t=234m32s

Slides:

Handling Vulnerability reports - http://www.slideshare.net/JISC/handling-vulnerability-reports-networkshop44

Finding vulnerabilities - http://www.slideshare.net/JISC/finding-vulnerabilities-networkshop44

Code review - http://www.slideshare.net/JISC/code-review-networkshop44

This was followed by a Security session covering: technologies currently being developed to assist in higher assurance networking; DDoS attacks at customer sites and on the Janet network and an overview of the Jisc security programme.

  • Henry Hughes (Head of information security, Jisc) spoke about the safe share project – our work to enable the secure exchange of data collected by government and the NHS using encrypted overlays.
    Video: https://www.youtube.com/watch?v=ttbNjdPnM2c&t=314m20s
    Slides: http://www.slideshare.net/JISC/safeshare-networkshop44
  • Steve Knibbs (ULCC) and Mike Turpin described DDoS attacks they have experienced. Following Networkshop, Steve has spoken in more detail to Computer Weekly about their attack.
    Slides: http://www.slideshare.net/JISC/customer-distributed-denial-of-service-ddos-experiences-networkshop44
  • Tim Kidd (Executive director, Jisc technologies) then went on to describe the attacks against the Janet network – our response, the challenge of dealing with large DDoS attacks and the impact of mitigating attacks.
  • Finally, Lee Harrigan-Green (Senior Security Architect, Jisc) provided an overview of the current security programme:
    • ISO27001 – recently passed Stage 1 audit for our initial scope
    • Security x-ray – considering how to benchmark an institution’s spend on security
    • Vulnerability assessment and information service – announcement coming soon! But in the meantime, this presentation from Dirk Schrader from Greenbone was well received on Day 3: http://www.slideshare.net/JISC/greenbone-vulnerability-assessment-networkshop44
    • Safe share – see above
    • Malware analysis – CSIRT have deployed some systems to analyse malware and plan to be able to accept submitted samples from institutions in the near future
    • Phishing mitigation – an extension to the Certificate Service to offer personal s/mime certificates
    • Cyber security intelligence – wider roll out of Abusehelper. Lee also spoke about this in more detail the next day: http://www.slideshare.net/JISC/abuse-helper-app-networkshop44
    • Digital forensics – considering a procurement framework
    • Password managers – considering a procurement framework
    • Web filtering – see Steve Kennet’s talk, above
    • Community awareness – raising awareness of the importance of information security through events, activities and this blog!
    • DDoS mitigation – accelerating planned enhancements

Video: https://www.youtube.com/watch?v=ttbNjdPnM2c&t=332m30s
Slides: http://www.slideshare.net/JISC/development-of-jisc-security-programme-networkshop44

Ian Levy, Technical Director, CESG also gave what I’ve been told was a fascinating plenary about “A day in the life of government cyber security", but if you want to know more you'll have to look out for when he next presents.

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo
Networkshop44