GÉANT Operations Centre (GOC)Supporting network and service delivery round the clock. Day-to-day management of the GÉANT network is handled by the Operations Centre (GOC). The GOC acts as a first point of contact for its subscribers and other NOCs (network operations centres). It:
- receives reports of service problems;
- diagnoses network problems;
- oversees repairs and corrective maintenance;
- resolves issues pertaining to the network and supported services and assists as required;
- monitors network health;
- creates tickets for network incidents and planned maintenance.
Operational network managementThe GÉANT Operations Centre is one of the specialist teams within the operations department, which handles the coordination and execution of GÉANT's operational service provision. Provision of the GÉANT network is a large and complex international service supporting a wide range of users and projects across Europe and the rest of the world. Many of the technologies used by these projects are at the leading edge of high performance networking. GÉANT engineers work closely with the technology providers to develop support and management systems to operate this network and the services on it.
Securing the GÉANT network, data and services
All networks are seeing a rise in malicious attacks with hackers from around the world seeking to penetrate or disrupt network services. These attacks not only cause delays and affect users of the networks but can often be used by hackers to cloak more aggressive threats. Of these Distributed Denial of Service (DDoS) attacks can be some of the most visible and hardest to counter but there are many different security threats that NRENs need to be able to identify and defend against.
GÉANT has implemented a range of functions and facilities to help support NRENs in identifying, tracking and mitigating against anomalous traffic patterns.
The NSHaRP process encompasses all the necessary tools for incident detection and response offering a range of capabilities from detection and automatic alerting to mitigation and investigation, to quickly and effectively inform affected users and to manage the mitigation process.
NSHaRP extends the NRENs' detection and mitigation capability across into the GÉANT network and to its borders with other networks, therefore enabling the attack to be mitigated before it transits the GÉANT network. This is a highly innovative and unique security service in that it caters for different requirements from each NREN, by enabling the customization of their NREN specific alerts in their hands.
Detection and Alerting
Automated anomaly alerts - Interested NREN can subscribe to automated anomaly alerts to receive e-mail alerts when its infrastructure is affected by an event they classified as malicious. A ticket is automatically created with the GOC in pending auto-close state which automatically closes after 5 days if no response is received. NREN can request blocking, further investigation or monitoring of the event.
Firewall on Demand - NRENs with eduGAIN access can subscribe to FoD (Firewall on Demand) to allow themselves to propagate flowspec rules to GÉANT Project backbone network against their administrative IP space when a D(D)oS attack takes place. Alternatively, they can open a ticket with GOC to apply flowspec rules on their behalf.
Remote Trigger to Blackhole - All European NRENs can use BGP community 20965:0008 to advertise single IPv4 or IPv6 destination addresses from within their administrative IP space to GÉANT to discard any traffic on GÉANT borders in the case of a severe D(D)oS attack. Once again, alternatively, NREN can open a ticket with GOC to apply RTBH rules on behalf of the NREN.
GÉANT Computer Emergency Response Team (CERT)
The GÉANT CERT team secures the logical and physical infrastructure of the GÉANT network and all data crossing the network, responding to network security incidents and mitigating breaches, weaknesses and risks. Specifically, this relates to the prevention, detection, reporting, and mitigation of incidents targeting the GÉANT network infrastructure.
Of the potential hundreds of events detected each month, a percentage requires the GÉANT CERT team to work with CERTs (also known as CSIRTs) from among the national research and education networking (NREN) organisations, and in certain cases, international teams. This work covers investigating the incident, recommending and supporting the network integrity.
GÉANT CERT’s role includes monitoring systems for malicious events and taking proactive measures to ensure systems are not compromised. The GÉANT CERT team also assists NRENs and their associated CSIRTs to mitigate or to recover from incidents affecting the GÉANT network and/or targeting or originating from NRENs. GÉANT CERT is actively engaged in the European and international CSIRT community, which shares data and experiences, and is a member of TF-CSIRT, Trusted Introducer, and FIRST. GÉANT CERT consists of the following GÉANT teams:
- Security Team
- GÉANT Operations Centre
Furthermore, GÉANT CERT team protects the corporate assets of GÉANT and is the team responsible for incident response.
GÉANT CERT Team - RFC 2350
GÉANT CERT is the Computer Emergency Response Team (CERT) of GÉANT serving users of services delivered by GÉANT. The main constituents are National Research and Education Networks (NRENs) in the GÉANT Project. It deals with computer and network security incidents related to DDOS, Bots, Spamming and infrastructure vulnerabilities that involve services operated by GÉANT - for example the GÉANT Project network.
The primary constituency are NRENs and associated CERTs. Towards its constituency, the role of the GÉANT security team is to assist the NRENs and especially the associated CERTs to mitigate or to recover from the incidents affecting the GÉANT network and or targeting or originating from GÉANT NRENs
The following document details the compliance of GÉANT CERT to RFC2350