Toto je starší verze dokumentu!
At present, the protection of computer networks, provided services and users against cyber attacks is mostly assured by independent entities. These entities detect security incidents affecting the infrastructure operated and adopt countermeasures based on the results. Network operators, service providers and security teams share only a limited amount of information about the detected security events, incidents and attacks. Thus, such data are not fully exploited to protect the infrastructure as a whole.
The key objective of the project is to develop and launch a pilot system for efficient sharing of information about security events and their analysis between the security teams in the Czech Republic. It should enable predicting the development of the attacks in the future, thus mitigating the impact of any such attack on the national cyberspace. The system should enable timely exchange of information about the detected security events between the entities involved, including the Czech National and Government security teams. The system will analyse and provide valuable information about the current threats. Through the system, the collated information will be shared with the entities involved to enable them to build their defence against the imminent threat. The outcomes will also be used to monitor the trends which the threats are following in the national cyberspace, which may subsequently contribute to enhancing the Czech cyber-security system. Since sensitive data are transmitted between various entities, legal aspects of information sharing and use with respect of privacy protection also need to be addressed.
The project will also address possible correlations between certain types of security events originating in the national cyberspace. Further, correlations on the primary data obtained from the CESNET2 network (packets, flows, logs) will be analysed in order to verify the events, to enrich data mined and to calibrate the system. A possible method for the exploitation of the information gathered in averting the imminent attacks will be developed and tested.
When solving the SABU project, we build and use Warden and Mentat systems developed as a part of the CESNET Large Infrastructure and currently operated by the CESNET-CERTS security team to ensure security and data exchange in the CESNET’s e-Infrastructure.
Q2 2019 | Produkční nasazení SABU v ČR i zahraničí | ||
Q1 2019 | Testování a optimalizace parametrů, vydání balíků |
Q1-4 2018 | Implementace mitigačních konektorů pro systémy partnerů | ||
Q1-4 2018 | Implementace dohledávání pokročilých detailů | ||
Q1-4 2018 | Implementace pokročilé inteligentní analýzy včetně reputace |
Q4 2017 | Nasazení SABU u partnerů | ||
Q1-4 2017 | Implementace konektorů na další běžně nasazené systémy | ||
Q1-4 2017 | Implementace dohledávání detailů | ||
Q1-4 2017 | Implementace inteligentní analýzy |
Q4 2016 | Příprava konektorů pro partnery projektu | ||
Q3 2016 | Zhodnocení testovacího provozu | ||
Q2 2016 | Zapojení partnerů projektu formou mailového reportingu | ||
Q1 2016 | První schůzka s partnery SABU |
Q2 2015 | Projekt SABU byl přijat!!! (8. června) | ||
Q1 2015 | Spuštění systému Warden 3, vydání balíčků Warden 3.0 | ||
Q1 2015 | Podání projektu SABU do Programu bezpečnostního výzkumu MV ČR |
Q4 2014 | Příprava projektu SABU do výzvy Programu bezpečnostního výzkumu MV ČR | ||
Q4 2014 | Vydání balíčků Warden 2.2 | ||
Q3 2014 | Vytvoření flexibilního datového formátu IDEA |
Q4 2013 | Vydání balíčků Warden 2.1 | ||
Q3 2013 | Vydání balíčků Warden 2.0 |
Q1 2012 | Vydání balíčků Warden 1.2.0 | ||
Q1 2012 | Vydání balíčků Warden 1.1.0 | ||
Q1 2012 | Vydání testovacího balíčku Warden 0.1.0 beta |
Q3 2011 | Začátek projektu Warden |
CESNET, z. s. p. o.
Generála Píky 26
16000 Prague 6
Tel: +420 234 680 222
Fax: +420 224 320 269
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
Fax: +420 224 313 211
support@cesnet.cz