- 03-08-21Wegwerkzaamheden BIT-2 van 16 aug tot en met 25 sep
- 23-07-21DDoS aanvallen naar BIT infra
- 25-06-21Mond- en neusmasker niet meer verplicht bij BIT
- 14-04-21Untangle haalt de complexiteit uit netwerkbeveiliging
- 03-03-21Vacature Netwerk Engineer
- 02-03-21Update RFO netwerk incident 17 februari 2021
- 18-02-21RFO netwerk incident
- 17-02-21Netwerk incident - www.bit.nl niet bereikbaar
- 22-01-21Avondklok: Datacenters 24/7 bereikbaar en remote hands en brains mogelijk
- 30-11-20Mond- en neusmasker vanaf 1 december bij BIT verplicht
Security monitoring at BIT
This month, during which internet security is receiving extra attention through the campaign Alert Online, it is a good time to take a closer look at security monitoring at BIT. Customers who purchase an internet connection (in the data center, on their virtual server or at the office) are informed about security problems on their (virtual) servers and other equipment.
We notify customers of vulnerabilities, misconfigurations and internet abuse. Information about these issues comes from many sources. One such resource is ShadowServer. This organization continuously scans the internet for usage of outdated and insecure protocols and internet services that are open unknowingly. ShadowServer identifies, among other things, whether insecure encryption protocols are used and whether IPMI services are open to the internet. Another example of a resource used for this service is Google Safe Browsing. This service, used in a variety of browsers, warns users when they are about to visit a
malicious website. Upon request, Google will also notify the owner of the IP address, where the website is hosted, that they have detected something abnormal on the website.
Handling abuse reports with AbuseIO
BIT receives these notifications, aggregates them, categorizes them and informs the system administrator of the equipment of the problem. In case the problem occurs on equipment managed by us, it is of course up to our engineers to act on it as quickly as possible. If the equipment is not managed by us, the report is sent to someone else. Because the problem and the possible solutions are not always evident, we present a full account describing what the problem is and how it can be solved. We naturally want to deal, as quickly as possible, with the more serious problems such as a phishing site that is hosted in our network or large amounts of spam that are being sent. The only way in which we can organize this properly is by fully automating the handling of the reports. A few years ago, a BIT employee developed the AbuseIO software for this. In this blog we have already divulged how that software came about.
This open source software developed at BIT is now used by more than 600 networks worldwide, but is proving itself useful in other places as well. The NBIP organization recently announced that they will inform
Dutch networks about problems in their network. NBIP will use a modified version of AbuseIO for this. At BIT, we are convinced that a better information position for administrators ensures a safer internet. We
have proven this for years by consistently informing our customers and NBIP will soon prove this by informing network administrators. In the case of security monitoring this works both ways: it makes the internet
safer and the equipment and users are better protected.
Want to know more about security monitoring?
Security monitoring is not the only measure we take to keep the internet and therefore our network as safe as possible. We have signed (and co-written) the code of conduct against abuse we have our shared
platforms pen-tested, we have signed the MANRS manifesto, etcetera. Feel free to contact us if you want to know more about security monitoring, other security measures, or if you want to discuss which
measures are best suited for you.