2. Data collected by OxCERT

The following data are collected by OxCERT's own systems. Access to these data is limited to members of OxCERT.

Network flow data
Network flow data are collected from each backbone router and stored in standard formats. These record communications data (source and destination addresses and ports) and statistics for every communication across the University backbone network. Only packet headers are considered and not payload; the information gathered is that needed in any case for the router to send the packet to its destination
Signature-based packet captures
OxCERT's monitoring at the edge of the University network can in theory capture any network traffic flowing in or out of the University. Routinely capturing all traffic in detail would constitute a gross invasion of users' privacy. However, in order for reliable detection of specific threats to the University network it is necessary to read beyond the TCP/IP headers of packets. Packet headers and/or payload matching certain specific patterns strongly indicative of malicious activity may be automatically captured and logged in order for members of OxCERT to analyse. Matching packets will be seen by members of OxCERT in order to confirm the presence of malicious activity; non-matching packets will not be seen by the team.
Other packet captures
In addition to the above signature-based matching, under certain circumstances, where there is strong evidence for malicious activity, it may be necessary to monitor specific communications channels in greater detail. An audit trail exists of all channels monitored in this manner.
Network monitors
A series of network monitors at various points around the University network exist for the purpose of identification of malicious or suspect traffic. Legitimate network traffic should not reach these monitors, but malicious traffic from inside or outside the University network that reaches these monitors may be recorded for analysis.

Up: Contents Previous: 1. Introduction Next: 3. Additional data sources