<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname;   }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <h2>Network-based Intrusion Detection</h2> <p>In parallel with the <a href="dnim.shtml">statistical analysis of network traffic</a>, the Security Team also runs the "<a href="https://www.zeek.org/">Zeek</a>" Intrusion Detection System (IDS). Zeek performs in-depth packet inspection comparing the packet contents with hundreds of thousands of different patterns (so-called "rules") managed through CERN's internal <a href="https://www.misp-project.org/">MISP</a> instance.</p> <p>These patterns stem from hundreds of affiliated computer security teams, CERTs and CSIRTs worldwide, added with CERN's own proprietary patterns, and are targeted to find malicious behaviour and infected or compromized devices as well as certain policy violations (as definied as subsidiary rules to <a href="https://cern.ch/computingrules">CERN's Computing Rules</a>.</p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <ul class="sidemenu"> <li><a href="/home/en/privacy_statement.shtml">Privacy Statement</a></li> </ul> <h3>Computer Security Incident Response</h3> <ul class="sidemenu"> <li><a href="/services/en/emergency.shtml">Emergencies</a> <li><a href="/services/en/sems.shtml">Self-mitigation portal</a></li> </ul> <h3>Consulting, Pentesting & Reviews</h3> <ul class="sidemenu"> <li><a href="/services/en/reviews.shtml">...on request</a> <li><a href="/services/en/whitehats.shtml">CERN WhiteHat Challenge</a> </ul> <h3>Host-Based Intrusion Detection</h3> <ul class="sidemenu"> <li><a href="/services/en/csl.shtml">Central security logging</a></li> <li><a href="/services/en/password_dumps.shtml">Password Dump Notifications</a></li> <li><a href="/services/en/receipts.shtml">Remote Login Notifications</a></li> </ul> <h3>Traffic Control & Monitoring</h3> <ul class="sidemenu"> <li><a href="/services/en/dns.shtml">DNS analysis</a></li> <li><a href="/services/en/ids.shtml">Network-based intrusion detection</a></li> <li><a href="/services/en/firewall.shtml">The CERN outer perimeter firewall</a></li> <li><a href="/services/en/dnim.shtml">Statistical traffic analysis</a></li> <li><a href="/services/en/spam.shtml">SPAM filtering</a></li> </ul> <h3>Vulnerability Scans</h3> <ul class="sidemenu"> <li><a href="/services/en/device_scans.shtml">Device scans</a></li> <li><a href="/services/en/network_scans.shtml">Network scans</a></li> <li><a href="/services/en/passwords.shtml">Password cracking</a></li> <li><a href="/services/en/web_scans.shtml">Web application scans</a></li> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>