Library items tagged: security

Janet Network Security Incident Classification Scheme

James Davis
Tuesday, December 17, 2013 - 11:11
CSIRT
infosec
security
The statistics provided by Jisc's Janet network CSIRT require a degree of interpretation. Often the numbers are influenced more by the team's activities than they are by external influences. For example: an increase in the number of malware incidents may indicate increasing infections, but it is just as likely to be due to increased detection rates by CSIRT.
Read more

Janet eduroam security measures

Anonymous
Thursday, February 9, 2012 - 10:11
advisory
wireless
eduroam
security
factsheet
PB/INFO/067 (05/07) Security was a major requirement in the design of eduroam, to ensure that organisations that provide visitor facilities, and the guests who make use of them, are not exposed to additional risks outside their control. eduroam should present fewer risks than the existing ad hoc arrangements for guest users. This factsheet explains the security measures within eduroam and how organisations can use them to protect their own security.
Read more

"Fake" colleges

James Davis
Thursday, October 4, 2012 - 09:09
IPR
copyright
fake
infosec
security
There has been a resurgence of "fake" websites that infringe upon the intellectual property of our customers. Their name and brand may be misused, the design of their site may have been copied, or the website may be trying to masquerade as them. In some cases the legitimacy of the organisation running the site may be in question.
Read more

Introduction to Firewalls

Andrew Cormack
Wednesday, July 25, 2012 - 10:06
firewalls
security
In the real world a firewall is a solid barrier between a precious asset on one side and a hazard on the other. For example, we hope that there is a firewall between the passengers in a car and the petrol tank. A network firewall performs exactly the same role, protecting an asset inside the firewall from a hazard on the outside. Firewalls are often used to protect an organisation from hazards on the Internet but they can, and probably should, also be used within an organisation to separate different departments, working areas or networks.
Read more

Backups

Andrew Cormack
Thursday, July 5, 2012 - 14:21
Archiving
Backups
disaster recovery
security
PB/INFO/016 Most computer users will have been very grateful for the existence of backups. Although they are often seen as a way to recover files lost due to typing errors or misplaced mouse clicks there are other reasons to make and keep secure copies of files. However each of these purposes creates different requirements for the backup and recovery system, so it is important to be clear which purpose is involved and choose an appropriate backup strategy and technology to deliver it.
Read more

Security

Iain Emsley
Thursday, July 5, 2012 - 10:21
security
support
manual
Isolated individual computers are relatively secure as long as their physical well-being is ensured and regular backups are carried out to protect the integrity of the data held. However, once computers are connected to a LAN or WAN, they become exposed to threats which may jeopardize their proper operation and the safety and privacy of the data held.
Read more

Open Mail Relays in Janet

Iain Emsley
Thursday, July 5, 2012 - 09:34
email
manual
security
support
Open relays allow any combination of origin and destination address, and are frequently abused by advertisers and others to distribute UBE. This will usually overload an organisation's mail server, affecting its ability to handle legitimate mail, and often leaves the organisation with a flood of complaints and error messages to deal with. Sites that are frequently abused as relays may be added to blacklists used by many network operators and ISPs to reject all e-mail and other traffic. Advice on preventing relaying is available from the MAPS website:
Read more

Penetration Testing

James Davis
Thursday, June 28, 2012 - 14:48
PCI
compliance
infosec
penetration test
pentest
security
Many organisations are looking to have some form of penetration testing performed on their systems. This may simply be to evaluate existing security measures and to find gaps where security needs improvement, but increasingly it is performed to comply with security standards when connecting to public sector networks or processing payment details.
Read more

References

Anonymous
Sunday, February 19, 2012 - 17:58
security
CSIRT
DDOS
denial of service
technical guide
[1] Wikipedia - IP address spoofing: https://en.wikipedia.org/wiki/IP_address_spoofing [2] ZoneAlarm: http://www.zonelabs.com/ [3] Snort - the Lightweight Network Intrusion Detection System: http://www.snort.org/
Read more

Aftermath

Anonymous
Sunday, February 19, 2012 - 17:58
security
CSIRT
DDOS
denial of service
investigating
technical guide
In this particular incident, the initial tip-off led directly to the departmental network containing the compromised hosts. This information is not always so readily available, since IP spoofing can also be used to simulate traffic from machines on many different networks. Such a situation could be handled by repositioning the network monitor on the backbone (at M’ in the diagram, for example), and again examining the source MAC addresses of attack packets (but note that performance is likely to be a concern, with monitors dropping traffic at gigabit speeds).
Read more