Back to Home
  • FAQs
  • CONTACT US
  • SITEMAP
  • COOKIE POLICY
  • GEANT GATEWAY
  • About GEANT
    • Partners
      • NREN Development and Support
    • Governance and Management
      • Partners' Assembly
      • Executive Board
    • Activities
    • European e-Infrastructure
      • Europe 2020 and GEANT
      • GEANT Expert Group
      • Women in ICT
    • Value of GEANT
      • History of GEANT
  • Network
    • The Network
    • Network Operations
      • Operations Teams
      • Operations Centre
      • Network Security
    • Global Connectivity
      • Global Connectivity: The Benefits
      • Global Connectivity: World Regions
      • Global Users and Applications
      • How to Connect to the network
      • Global Service Collaboration
    • Research and Education Networks
    • Campus Best Practice
    • Environmental Impact
      • Carbon accounting
      • Adopting a Greener Corporate Outlook
      • Events & Case Studies
      • Sustainability Policy
  • Innovation
    • Research Programmes
      • Network Architectures for Horizon 2020
      • Technology Testing for Specific Service Applications
      • Identity and Trust Technologies for GEANT Services
    • Testbeds
    • Foresight
    • Open Call
    • Standards
  • Services
    • Connectivity Services
      • GEANT IP
      • GEANT L3VPN
      • GEANT Plus
      • GEANT Lambda
      • GEANT Open
      • GEANT Bandwidth on Demand
      • GEANT Testbeds Service
    • Network Performance Services
      • perfSONAR
      • eduPERT
      • GEANT Security
      • GEANT Framework
    • User Access and Applications
      • eduroam
      • eduGAIN
      • eduPKI
      • eduCONF
    • Cloud Services
    • Services Registration Authority
      • SSL Certificates
      • Request a Certificate
    • Namespace Registry
      • urn:geant Registry
      • URN: FAQs
      • URN: Request Form
      • geant.net/uri Registry
    • Training
      • Geant Showcase
  • Users
    • Health and Medicine
      • DECIDE
      • neuGRID
      • OutGRID
      • Sim-e-Child
      • TEMDEC
      • ITHANET
      • EMBL-EBI
    • Energy
      • CAREN
      • ITER
    • Earth Observation
      • PAGASA
      • EMSA
      • CAREN glaciers
      • TIGGE and GEANT
      • THEOS and GEANT
    • Particle Physics
      • LHCOPN
      • LHCONE
      • BELLE II and GEANT
    • Space
      • GEANT and ORIENTplus
      • EXPReS Project
      • NEXPReS
    • Society
      • Sichuan earthquake
    • Arts and Education
      • ShanghAI Lectures
      • LOLA
      • ASTRA Project
      • perfSONAR MDM
      • Opera Oberta
      • e-Education
    • Horizon 2020
    • User Advisory Committee
    • User Support
    • User Posters
  • News & Events
    • News
      • News Archive - 2013
      • Press coverage
    • Events
      • TNC 2015
    • CONNECT magazine
      • Archived Issues
    • Representing GEANT
    • Press Kit
    • Follow Us
  • Resources
    • Deliverables
    • Open Call deliverables
    • White Papers
    • Knowledge Sharing
    • Media Library
      • GEANT Case Studies
      • GEANT Media Library: Project videos
      • GEANT Media Library: Interviews
      • GEANT Showcase Presentations
      • GEANT Media Library: Audio
      • GEANT Media Library: Maps
      • GEANT Media Library: Brochures
      • GEANT Media Library: Presentations
      • User Posters
    • Partner Resources
      • Exhibition Stands
      • Image Library
    • Intellectual Property
  • Open Call
    • About
    • Applications and Tools
    • Authentication
    • Network Architecture and Optical Projects
    • Software Defined Networking
    • Videos

Campus Best Practice
Environmental Impact
Global Connectivity
Network Operations
Research and Education Networks
The Network

​NSHaRP

The Network Security Handling and Response Process for customised security notifications to CERT Teams

The NSHaRP process provides a mechanism to quickly and effectively inform affected users by allowing CERTs to tailor how and for what type of incidents they want their notifications to be triggered for. The system adds value to the GÉANT community as it serves as an extension to the NRENs CERTs, if they do not have either the available human  or the technical resources to monitor for security incidents affecting their constituents. 

NSHaRP allows for the extension of the NRENs' detection and mitigation capability to GÉANT borders, therefore enabling the attack to be mitigated before it transits the GÉANT network. This is a highly innovative and unique security service in that it caters for different requirements from each NREN, by enabling the  customisation of their NREN specific alerts in their hands.

What is NSHaRP?

NSHaRP is at its core a security notification system. It is also a ticketing system in that it is supported by the GÉANT NOC (Network Operations Centre), therefore it is a notification system that will create a trouble ticket for your incident, but will also provide support in dealing with your security incidents. The options available to affected teams could range from specialists performing further investigation of the said incidents to performing mitigation actions on the CERTs behalf.

Why is it so important?

In the  age of ever increasing capacities on backbone networks, it is becoming imperative to ensure that these networks are not used for malicious activities. These large networks are the common point for many Research and Education Networks. GÉANT in its role as the pan-European network provides not only connectivity between NRENs but also beyond Europe to its sister networks such as Internet2 in the US, CLARA in Latin America & TEIN in Asia-Pacific.

It is therefore extremely important that information relating to security events affecting these networks can be exchanged efficiently and quickly. GÉANT has implemented the NSHaRP - a complete alerting, notification and resolution system. At its core NSHaRP leverages the power of Netreflex that uses netflow from the GÉANT network to detect and report on incidents. This has been coupled with a largely automated ticketing component enabling a large number of incident tickets to be dealt with without engineer intervention and ensuring valuable engineer time can be spent on investigating incidents if and when they occur.

The NSHaRP process is comprised of multiple incident information sources originating from multiple partners, internal systems, CERT partners & external project security sources. This multi-faceted method of pooling security related information ensures that all aspects of incident data can be pooled into providing a a single and dedicated stream of data to participating CERT teams. All information is stored in a structured format enabling aggregation and fusion of multiple incidents for single bad actors and providing reporting of total security related incidents for senior management.

Closing the security loop

By using an automated security alerting system, this enables a larger volume of incidents to be processed and investigated with limited engineer resources. As a trouble ticketing system is used in notifications, it provides the ability to track the lifecycle of incidents from notification through to closure, thereby, completing the process and ensuring that there is a handoff from those that notify of incidents to the appropriate parties who will deal with the affected systems.

NSHaRP is providing a valuable service to the GÉANT NRENs as well as partner networks by ensuring the prompt notification and mitigation of security incidents that may affect research traffic is dealt with in a resource efficient and timely manner.

 

  • GEANT
  • EU flag
  • European Commission Communications Networks, Content and Technology
  • Copyright
  • Credits
  • Legal