Log in
logo

COUNTERING CYBER THREATS

Alert level
VERY HIGH
barra de nivel de alerta
barra-separadora

The Internet Early Warning System (SAT INET) has been developed and implemented by the Information Security Incident Response Team of the National Cryptologic Centre (CCN-CERT) to detect real time threats and incidents in the traffic that flows through the internal network of the participating Body and the Internet. Its mission is to detect attack and threat patterns by analyzing traffic and traffic flow. Under no circumstances does the system analyze the content of the traffic that is irrelevant to detect a given threat.

In order to implement the system, an individual probe needs to be installed in the public network of the Body. This probe collects any relevant security information, and, after a first filtering, sends the security events to the central system where they are correlated with the different elements and domains (bodies). The participating Body is then reported on the corresponding warnings and alerts about the detected incidents.

The probe is a high performance dedicated server that includes a number of open source and commercial detection and monitoring tools (NIDS, arpwatch, ntop, etc..) and has two different network interfaces:

  • Analysis interface: it receives traffic of any nature to be analyzed. This interface does not modify traffic. It only reads the traffic that is necessary to operate (no sensitive data —payload—).

  • Management interface: it connects to the Internet in a secure manner with the monitoring/correlation central system, and uses the infrastructure of the Body or an independent connection.

Fig. Internet Early Warning System Architecture

 

Further information on pdf

Contact

PGP Key Download

FINGERPRINT BC86 2955 94E2 647D D5E2 CA77 C9A8 E098 A940 BCA9

Go back

Esta web utiliza cookies, puedes ver nuestra política de cookies Si continuas navegando estás aceptándola Modificar configuración