Unicamp maintains a shielding system against hackers

authorship
image editing

In Information Technology (IT), the price of security is eternal vigilance. Simply put, this is the principle that guides the work of the Information Security Incident Response and Treatment Team (CSIRT), which operates within the scope of Unicamp's Computing Center (CCUEC). Composed of four analysts, CSIRT Unicamp is responsible for receiving, analyzing, processing and responding to episodes that may pose risks to the University's computing park. Although lean, the team has achieved significant results in combating constant threats to the network.

The CSIRT Unicamp challenge is nothing trivial. The team is responsible for a network with approximately 70 thousand users. These are connected to thousands of devices such as PCs, notebooks, tablets and smartphones, which are potential entry points - and exit points - for malicious actions that can cause damage to both the University network and external networks. “Our job is to monitor activities on the network, with the aim of preventing or providing the quickest and most effective response to detected incidents”, explains Vanderlei Busnardo Filho, one of the four “musketeers” of information security.

In addition to exercising constant surveillance over the Unicamp network, the team also performs another mission essential to preserving the integrity of the computing park, which is to raise awareness among end users. “Among the initiatives in this regard are the presentation of lectures that guide people on how to use the network safely. The fight against malicious activities can only be successful if we combine the use of knowledge and technology with the care of the end user, who is the weakest link in the chain, not because of negligence, but because he is the one who is connected to the network all the time, carrying out a series of tasks”, explains Gesiel Galvão Bernardes.

This intense workflow, adds Alexandre Berto Nogueira, is usually taken advantage of by malicious people, who try to invade the Unicamp network to carry out harmful or illegal acts, such as stealing social media passwords or installing fake bank pages. . According to a survey by CSIRT Unicamp, in 2017, 25.553 tickets were opened regarding a possible problem in the University's network. “Several were nothing more than warnings and many others were simple solutions. However, we also had more serious situations, which required a more effective response from our group”, reports Adilson Paz da Silva.

Among the incidents originating on the Unicamp network, one of the most frequent (28,9%) refers to the issue of improper sharing of files protected by Copyright Law. “Many people use the network, for example, to download films. This is a delicate procedure, as it may result in legal charges from the copyright holders of the work. When we identified this problem, we contacted IT professionals from the University's units and bodies to alert them to the issue”, informs Vanderlei.

According to Gesiel, this partnership between CSIRT Unicamp and the analysts who work in the units and agencies is fundamental to the success of security actions. “As these professionals are working on the cutting edge, they have a strategic function, such as directly accessing a machine to check if it has been the target of any malicious activity”, points out Alexandre. Still according to the team's survey, last year 24.781 incidents with origins outside the University's network were also recorded, the majority caused by people trying to locate a loophole that would allow invasions.

Adilson notes that CSIRT Unicamp's concern is not only in shielding the institution's daily activities, confidential information and reputation. “We are also committed to protecting citizens who do not belong to the university community. If an attacker manages to install a fake bank page on our network, everyone who visits that page will be at risk of having their password and money stolen. Hence the importance of always being alert,” he says. The warning the analyst refers to is real.

According to Vanderlei, although some procedures are carried out automatically with the help of computational tools, all results are analyzed and validated by analysts before being passed on to those responsible. “This type of attention is essential because the structure of our network is broad and complex. Throughout 2017 and in these first months of 2018 we tested 714 websites registered in our database. Of these, 83 presented at least one serious failure, which led to corrective actions”, points out Vanderlei.

In the same period, CSIRT Unicamp carried out tests on the networks of all Unicamp units, which culminated in the opening of 50 tickets with at least one serious failure. Of these, 31 have already been attended to. “We are always thinking about new actions that help prevent incidents. We try to stay ahead of hackers, often acting like them to test our security. It’s a cat and mouse fight that has no end”, compares Gesiel.

In addition to lectures for the internal community, CSIRT Unicamp has also participated in related activities aimed at other audiences, such as students from public schools and members of the UniversIDADE Program, aimed at the physical, emotional and intellectual stimulation of people over 50 years old, linked or not to Unicamp. “We also participate in conferences in the area and maintain partnerships with other CSIRTs, always with the aim of improving our knowledge regarding security actions”, points out Adilson. Additional information about the work of CSIRT Unicamp can be obtained at team page.

The professionals responsible for CSIRT Unicamp
According to analysts, security is the sum of vigilance, technology input and conscious use of the network
CSIRT Unicamp analysts monitor network performance in real time
cover image
Analyst monitors network movement in real time

twitter_icofacebook_ico

Internal Community

Delegation learned about research carried out at Unicamp and expressed interest in international cooperation

The show class with chef and gastrologist Tibério Gil on the role of nutrition and gastronomy in contemporary women's health, this Thursday (7), opened the program that runs until Friday (8)

news

According to Maria Luiza Moretti, despite the progress seen in recent years, the occupation of command positions is still unequal between men and women

There will be four years of partnership, with six places offered each year in the first two periods; the offer increases to nine beneficiaries in the following two years

The publications are divided in a didactic manner into the themes General Women's Health, Reproductive Health, Obstetric Health and Adolescent Women's Health

Culture & Society

For rector Antonio Meirelles, a political commitment in favor of the solution is necessary and the Brazil can play an extremely important role in global environmental solutions 

 

Writer and columnist, the sociologist was president of the National Association of Postgraduate Studies and Research in Social Sciences in the 2003-2004 biennium