#security

22 January 2020 at 4:44pm

Trickbot analysis and mitigation

Julian Fort
#CSIRT
#security
#infosec
Overview
Read more
5 February 2019 at 10:43am

Business Email Compromise (BEC) group targeting the academic sector

Julian Fort
#CSIRT
#security
#phishing
We have observed a regional threat, targeting and attacking the UK academic sector. We have identified them through their attacking behaviours, sources of login activity, and phishing techniques. Here we present the knowledge of their tactics, techniques and procedures (TTPs) observed and how to identify them, to help institutions defend against future attacks.
Read more
20 December 2018 at 1:46pm

Incident Response Triage – Final steps

Julian Fort
incident response
#security
CSIRT
Incident Response Triage - Eradication, Recovery and Lessons Learned This is part two of a two-part blog set covering an overview of the Incident Response life-cycle. In response to an incident, the next life-cycle steps that follow the containment stage are the remediation steps; eradication of the threat, recovery of systems and lessons learned. This second article focuses on each of these stages, highlighting the important areas to consider within the remaining life-cycle steps.
Read more
12 November 2018 at 10:41am

Incident Response Triage

Julian Fort
incident response
CSIRT
#security
Incident Response Triage  – identifying, scoping and containing an incident
Read more
9 July 2018 at 9:24am

The advantages of network segmentation

Julian Fort
CSIRT
networking
#security
Running traditional flat networks is now an ageing model and it is an outdated assumption that everything on the inside of an organization’s network should be trusted.[1] By segmenting a network and applying appropriate controls, we can break a network into a multi-layer structure that hinders threat agents or actions from reaching hardened systems and restricts their movement across the network.
Read more
14 December 2017 at 9:40am

Centralisation of logging using WEF

Julian Fort
#security
incident response
Monitoring
What I find in my daily incident response work with different sites is the need to promote the importance of logging: namely centralised log collection. It cannot be understated how logs prove invaluable in a security incident. Tracing through logs on a central location makes investigation so much easier, and allows incident responders to locate a security event. There shouldn’t be any surprise for Windows Infrastructure owners that a free method to centralise logs from servers exists. That is Windows Event Forwarding.
Read more
4 December 2017 at 2:32pm

An Emotet malware incident write up

Julian Fort
malware
incident response
#security
Janet network CSIRT recently provided guidance to a Janet-connected organisation that experienced a malware infection. The site performed a full analysis of the incident and wrote a post mortem of the event and the lessons learned from it. The report was created initially for internal use, but they have kindly allowed us to publish a redacted version, in case it is useful for other institutions: 1 Summary
Read more

Jisc response to our network security and resilience briefings

Frances Burton
10 June 2016 at 5:06pm
#security
Since the DDoS attack on the Janet network just before Christmas last year, we’ve had the opportunity to reach around 700 representatives of our member organisations to inform and collect feedback through a number of workshops and webinars.  This opportunity for engagement has highlighted a number of activity areas related to the network and associated technologies for us to address. This document will focus on what we will be delivering during this current year. 
Read more
Subscribe to #security