Library items tagged: incident response

Background There is a great deal of literature about the operation of authoritative nameservers, but not so much about the resolver function.This note is for system and network managers or administrators in Janet organisations (particularly smaller organisations with relatively simple networks) and is intended to give them confidence that they have correctly configured this straighforward but critical part of the DNS in their own networks.

Some ports have historically been associated with security vulnerabilities, but see little legitimate use on a WAN or the general Internet. They present a risk to your network and little to no legitimate use is prevented by blocking them. If your network is partitioned with one or more firewalls so that different parts support different functions or groups of users, you should consider applying the same restrictions at the firewalls between them.

As the listed abuse contact for much of the IP address space in use on Janet, Janet CSIRT receives many copyright infringement reports on behalf of the Janet community. Janet CSIRT is not able to identify individual users or machines on its customer organisations’ networks, so the most effective way to deal with these complaints of unacceptable use of the network is to forward them to the responsible customer organisation. Those organisations are required by the Janet AUP to deal effectively with complaints.

Why? To trace use of Janet, both legitimate and otherwise, helping to investigate and learn from security incidents. Whilst some network events are of a continuing nature, others may only occur sporadically and unexpectedly, and logging of activity can help us understand what took place in the past. Many networks now use Network Address Translation (NAT) or proxy devices that obscure the source of of a connection to the external world, which can prevent the timely investigation of serious incidents.