- ESTADÍSTICAS SAT SARA 2017 -
IDS - Eventos detectados
Eventos detectados a lo largo del año
Eventos clasificados por severidad
Categorización de eventos
FIREWALL - Eventos detectados
Eventos detectados a lo largo del año
Select your language
The Early Warning System (SAT) of the SARA network (SAT-SARA)* is a service developed by the CCN-CERT in partnership with the Ministry of Finance and Public Administrations (responsible for the SARA network).
Its goal is to detect attacks and threats in real time by analyzing the traffic that circulates between the networks of the Public Administration bodies connected to the SARA network. The system is supplemented with the analysis of different detection sources (firewall, antivirus, proxy and DNS). Logs are collected by a Central System to be analyzed and correlated. Under no circumstances does the system analyze the content of the traffic that is irrelevant to detect a threat.
Information on the security status of the network is made available to the participating bodies by the CCN-CERT. Additionally, we are developing a website that will offer statistics and information, upon request, on the general security status. Thanks to these tools, management is supplied with valuable information to ensure network security.
Fig. Internet Early Warning System Architecture
Contact
* The SARA network (System of Applications and Networks for Administrations) is a set of communications infrastructure and basic services that connects the networks of the Spanish Public Administrations and European institutions to encourage information exchange and access to services. Its implementation is mandatory pursuant to article 43 of Law 11/2007 on Citizen Electronic Access to Public Services, and to article 13 of the Royal Decree 4/2010 regulating the National Interoperability Scheme within the Electronic Administration Framework. The Resolution of 19 July 2011 on the Technical Interoperability Standard for Requirements for Connection to the Communication Network of the Spanish Public Administration sets out the requirements that any Administration body or entity governed by public law related to or under the Spanish Administration must meet to gain access to the SARA network.
The Internet Early Warning System (SAT INET) has been developed and implemented by the Information Security Incident Response Team of the National Cryptologic Centre (CCN-CERT) to detect real time threats and incidents in the traffic that flows through the internal network of the participating Body and the Internet. Its mission is to detect attack and threat patterns by analyzing traffic and traffic flow. Under no circumstances does the system analyze the content of the traffic that is irrelevant to detect a given threat.
In order to implement the system, an individual probe needs to be installed in the public network of the Body. This probe collects any relevant security information, and, after a first filtering, sends the security events to the central system where they are correlated with the different elements and domains (bodies). The participating Body is then reported on the corresponding warnings and alerts about the detected incidents.
The probe is a high performance dedicated server that includes a number of open source and commercial detection and monitoring tools (NIDS, arpwatch, ntop, etc..) and has two different network interfaces:
- Analysis interface: it receives traffic of any nature to be analyzed. This interface does not modify traffic. It only reads the traffic that is necessary to operate (no sensitive data —payload—).
- Management interface: it connects to the Internet in a secure manner with the monitoring/correlation central system, and uses the infrastructure of the Body or an independent connection.
Fig. Internet Early Warning System Architecture
Contact
Several aspects of the tools may be customized:
- EVL - Security profiles
- Criteria for security evaluation / certification / accreditation that are specific for a sector or a standard. E.g. personal data protection laws and regulations.
- TSV -Threat profiles
- Establishing standard vulnerability values for threats against assets. That is, adapting to an scenario of system deployment.
- KB - Additional protections
- It details specific instructions for the administrators, on specific asset types.
RMAT provides the means to generate and maintain customised profiles that can be dynamically added to the analysis tools as easily as copying them in the library directory.
Customisation tools are not intended for final users, but rather for consultants and big organisations.
RMAT: Download
- Download RMAT 5.5.0 (10/01/2017)
- Password: RMAT
- Estrategia de Ciberseguridad Nacional-2013
- Ley 11/2002, de 6 de mayo, reguladora del Centro Nacional de Inteligencia
- Real Decreto 421/2004, de 12 de marzo, por el que se regula el Centro Criptológico Nacional
- Real Decreto 3/2010, de 8 de enero, por el que se regula el Esquema Nacional de Seguridad en el ámbito de la Administración Electrónica
If your company or organization is labeled as Critical Infraestructure, please see also:
- Ley 8/2011 por la que se establecen medidas para la protección de las infraestructuras críticas
- Real Decreto 704/2011 por el que se aprueba el Reglamento de protección de las infraestructuras críticas
- Directiva 2008/114/CE del Consejo de 8 de diciembre de 2008 (UE)
- Información pública de guías de contenidos mínimos del PSO y del PPE
- BOE Núm. 28. Resolución de 15 de noviembre de 2011 donde se establecen los contenidos mínimos de los planes de seguridad del operador y planes de protección específicos conforme a lo dispuesto en el Real Decreto 704/2011
- Real Decreto 770/2017 de 28 de julio (BOE Nª 180) por el que se desarrolla la estructura orgánica del Ministerio del Interior, modificando nombre y logotipo del CNPIC, que pasa a denominarse Centro Nacional de Protección de Infraestructuras y Ciberseguridad (CNPIC)
More Articles …
Page 3 of 7