Incident Response Team

The Incident Response Team of the Anella Científica (CSUC-CSIRT) helps the institutions improve the security of their networks, both by detecting possible incidents and by helping once these occur.

CSUC-CSIRT coordinates and manages the resolution of security incidents on the Anella Científica and provides a point of contact for reporting, identifying, and analyzing the impact and the threats which occur, in addition to proposing solutions and strategies for mitigation.

CSUC-CSIRT also disseminates the critical warning notifications of imminent threats via the distribution lists and provides technical support on IT security technologies (analysis of traffic, security of the perimeter, etc.).

Specialized tools for security management

We have severel tools for security management: 

• Managing Security Incidents

This makes it possible to monitor security incidents at all of the entities involved (institutions, internet service providers, etc.) and to document their evolution from the detection to the resolution.

• Network Monitoring (SMARTxAC)

This helps monitor the traffic exchanged between the Anella Científica and RedIRIS in order to obtain statistics on the Ring's various institutions and points of access (for example, by type of application), and to detect certain types of anomalies and irregular usage on the network. This tool was developed in conjunction with the Advanced Broadband Communications Center (CCABA) at the UPC.

• Detecting intrusions

This makes it possible to inscpect the traffic to the critical resources of the Anella Científica, such as the infrastructure itself and the services, via specialized machines for detecting intrusions installed at the central node of the Anella Científica.

• External Detection Services

We have established agreements with organizations specialized in network security, offering us the possibility of interacting with their systems for the detection of anomalies and increasing our effectiveness against global threats. 

Incident management lifecycle

An information security incident is defined as an unauthorized access, attempt to access, use, disclose, modify or destroy information, an impediment to the normal operation of computer networks, systems or resources, or a breach of security policy.

The lifecycle of an incident is divided into different phases:

• Initial phase (preparation and prevention, and detection and pre-analysis).
• Containment, eradication and recovery (notification, analysis, containment and eradication).
• Incident recovery (recovery).
• Activity after the incident (reflection and documentation).

The information generated by the different incidents allows to respond in a systematic way, to minimize its occurrence and to facilitate a fast and efficient recovery of the activities.

It also helps to minimize the loss of information and interruption of service, to continuously improve security and the incident handling process, and to properly manage any legal issues that may arise during this process.