Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Securing networks from an ISP perspective

I managed to catch the Securing networks from an ISP perspective by Bradley Freeman (JANET). I met up with some of the other members of the JANET CSIRT at the FIRST conference and was interested to see some more information about their day to day operations and network. You can download the slides form the HAR2009 Wiki.

Information on the JANET(UK) ISP network

JANET(UK) is a unique not for profit company.

100 routers in the core of JANET
300 regional area routers
400 end organization routers

More than 18 million users, and currently 40Gbps

Currently testing 100Gbps over 103km of fibre (pre-standard) – Required sometime in 2011

Information on the JANET CSIRT

Many types of incidents handled.

A larger portion of incidents are now copyright related issues.

Process around 125,000 Netflow records per second. The current solution will analyze roughly 1 in 10 packets

Use a range of Darknets/Honeypots to help with data analysis.

UKSec mailing list – Only highly important issues that are not already in the public domain are sent out on this mailing-list. This is to stop duplication of information already available through other websites/services.

Often see cases were an attacker would connect from their personal IP address, and then immediately reconnect through an anonymous service. This can be used to track the attacker back to their real location.

Very rare that security helpdesk respond to requests.

Security incidents are a normal part of operations.

Future plans

  • Performing greater analysis of Netflow data
  • Provide security tools to our community
  • Enhanced cooperation with the community, particularly malware analysis, botnet information
  • Get involved in more malware tracking

Comments are closed.

%d bloggers like this: