GÉANT use a wide range of security monitoring tools to help identify, mitigate and resolve security issues.
FlowMon – A netflow collector and the first tool within the NSHaRP process. Having the capability to process and analyse flows gathered from all GÉANT project routers, it is able to extract information about various attacks such as DoS, SSH/HTTP/RDP/telnet, ports scans and others.
Splunk – A powerful log correlation engine which on the hands of the GÉANT CERT team is used as a detection tool. Logs are gathered from all groups of devices (routers, workstations, servers etc.) and then those are grouped and depicted in a meaningful fashion to the security team.
Nessus – GÉANT CERT heavily utilises Nessus scanner to look for compliance with the policies machines in terms of patching and hardening levels. Scans are performed by-weekly in a grouped and clever manner to help in the interpretation and prioritisation of possible vulnerable machines. Alerting via email is integrated as well in case vulnerability levels are beyond acceptable levels.
Shadowserver – A team comprised of volunteer security professionals from around the world with the mission to understand, help out and stop cyber-crime. GÉANT CERT is subscribed to their free automated alerting service in order to gather intelligence about various events affecting the GÉANT corporate and project network.
Camera PoPs – Cameras are used to monitor physical activity at critical PoPs to tackle theft, misuse or other malicious behaviours. All activity is happening with coordination with the PoP landlords and according to existing EU regulations as with the DP act.