Helping NRENs measure and verify the number of exposed vulnerable resources both externally and internally. A vulnerability assessment and management of vulnerabilities requires both the understanding of the environment, but also the collective experiences on what specific vulnerabilities are high risk in an academic environment.
Security services protect both the networks and services from attacks but also help secure individual users when using the networks. From mitigating DDoS attacks to providing secure VPN services to users, security is vital for research and education.
GÉANT's range of security services enable NRENs and institutions to support their networks and users and protect them from online threats.
Increasing online security by facilitating the deployment of digital certificates. On 1st May 2020 GÉANT launched the 4th generation of its Trusted Certificate Service (TCS). This service is offered in partnership with Sectigo, one of the largest global Certificate Authorities. TCS takes advantage of a bulk purchasing arrangement whereby participating national research and education networking organisations (NRENs) may issue close to unlimited numbers of certificates
Providing NRENs with a baseline toolset for SOC services.
As the need for SOC operations arose within the NREN community, the GÉANT project created an interoperable set of tooling which can serve as a starting point for a NREN’s SOC. This tooling aims to assist with automation of the NREN’s security processes and data gathering.
Helping NRENs with DDoS and network anomaly detection.
The NeMo-DDoS software is a powerful tool for Netflow-based DDoS and traffic anomaly detection and analysis. It was originally developed to address NREN-specific network analysis needs and has been enhanced ever since. The software can be obtained and installed locally by GÉANT-associated NRENs to enhance backbone traffic visibility and enable DDoS workflows.
Helping NRENs defend against DDoS and other malicious attacks.
Firewall on Demand (FoD) is a powerful system which allows authorised users, via a web portal, to quickly create and disseminate firewall filters based on traffic flows to or from their designated address space. This system allows NRENs to filter and block malicious traffic flows from within the GÉANT backbone giving NRENs unprecedented power and control
Increased privacy and control – helping to build effective virtual teams across borders. Many research projects require the additional security and reassurance of a virtual private network (VPN) to ensure data services are isolated from general IP (internet protocol) traffic. eduVPN extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
GÉANT DDoS Cleansing and Alerting – supporting GÉANT peering users with dynamic, fast responses to DDoS.
Distributed Denial of Service (DDoS) is a large and growing problem within the networking community with a large number of NRENs reporting attacks every month. These attacks not only damage live services for users, but affect the reputation of the NREN among their users and consume large amounts of manpower and resources to respond to and counter them.