Last updated: 
2 weeks 4 days ago
Blog Manager

We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Blog Article

We have observed a regional threat, targeting and attacking the UK academic sector. We have identified them through their attacking behaviours, sources of login activity, and phishing techniques. Here we present the knowledge of their tactics, techniques and procedures (TTPs) observed and how to identify them, to help institutions defend against future attacks.

Blog Article

Incident Response Triage - Eradication, Recovery and Lessons Learned

This is part two of a two-part blog set covering an overview of the Incident Response life-cycle. In response to an incident, the next life-cycle steps that follow the containment stage are the remediation steps; eradication of the threat, recovery of systems and lessons learned. This second article focuses on each of these stages, highlighting the important areas to consider within the remaining life-cycle steps.

Blog Article

Running traditional flat networks is now an ageing model and it is an outdated assumption that everything on the inside of an organization’s network should be trusted.[1] By segmenting a network and applying appropriate controls, we can break a network into a multi-layer structure that hinders threat agents or actions from reaching hardened systems and restricts their movement across the network.

Blog Article

What I find in my daily incident response work with different sites is the need to promote the importance of logging: namely centralised log collection. It cannot be understated how logs prove invaluable in a security incident. Tracing through logs on a central location makes investigation so much easier, and allows incident responders to locate a security event. There shouldn’t be any surprise for Windows Infrastructure owners that a free method to centralise logs from servers exists. That is Windows Event Forwarding.

Blog Article

Janet network CSIRT recently provided guidance to a Janet-connected organisation that experienced a malware infection. The site performed a full analysis of the incident and wrote a post mortem of the event and the lessons learned from it. The report was created initially for internal use, but they have kindly allowed us to publish a redacted version, in case it is useful for other institutions:

1 Summary

Prev | Next