2. Data collected by OxCERT
The following data are collected by OxCERT's own systems. Access to these
data is limited to members of OxCERT.
- Network flow data
- Network flow data are collected from each backbone router
and stored in standard formats. These record communications data (source and
destination addresses and ports) and statistics for every communication
across the University backbone network. Only packet headers are
considered and not payload; the information gathered is that needed in any case
for the router to send the packet to its destination
- Signature-based packet captures
- OxCERT's monitoring at the edge of the University network can in theory
capture any network traffic flowing in or out of the University. Routinely
capturing all traffic in detail would constitute a gross invasion of users'
privacy. However, in order for reliable detection of specific threats to the
University network it is necessary to read beyond the TCP/IP headers of
packets. Packet headers and/or payload matching certain specific patterns
strongly indicative of malicious activity may be automatically captured and
logged in order for members of OxCERT to analyse. Matching packets will be
seen by members of OxCERT in order to confirm the presence of malicious
activity; non-matching packets will not be seen by the team.
- Other packet captures
In addition to the above signature-based matching, under certain circumstances,
where there is strong evidence for malicious activity, it may be necessary to
monitor specific communications channels in greater detail.
An audit trail exists of all channels monitored in this manner.
- Network monitors
- A series of network monitors at various points around the University
network exist for the purpose of identification of malicious or suspect
traffic. Legitimate network traffic should not reach these monitors, but
malicious traffic from inside or outside the University network that reaches
these monitors may be recorded for analysis.
Up: Contents Previous: 1. Introduction Next: 3. Additional data sources