About OIT About the OIT
Directories Directories
Connect to Network Connect to Network
Network Services Network Services
Security IT Security
Voice Services Voice Services
Cable TV Cable Television
Computing Computing
Information Resources Information Resources
Committees IT Committees
Jobs IT Jobs at UCSB
 
spacer spacer
spacer Office of Information Technology  
spacer
spacer
           
spacer
spacer
spacer view site index contact OIT staff
spacer
spacer
  OIT Home > Security > Intrusion Detection and Prevention
spacer spacer
 

Intrusion Detection and Prevention

 

Overview

The purpose of Intrusion Detection and Prevention (IDP) is to help protect resources on the UCSB network without interrupting network service for students, staff, and faculty. Our IDP solutions provide the UCSB network with a means to secure intellectual property, minimize the number of cyber attacks originating from our network, and significantly reduce the amount of cyber attacks against our network. This system allows the University to know when an attack is taking place, and ensure that appropriate and effective actions are taken proactively.

Details

We use a combination of various hardware and software solutions in our IDP infrastructure. The end result is that we reduce malicious traffic two different ways.

Null Routing

Null routing involves telling our core routers to effectively drop all traffic involving a given IP. This causes non-UCSB null-routed hosts to have their traffic dropped at our border gateway, and UCSB null-routed hosts to have their traffic isolated to their subnet. We alert an official UCSB NOC networking contact whenever we null-route a UCSB host. This type of filtering is in response to a specific problem, such as a known compromise, and is intended to halt ongoing malicious activity. The NOC maintains a current list of null routed hosts.

Real-time Analysis of Traffic

We conduct real-time analysis of traffic in order to block specific traffic prior to delivery. The NOC generates a report summary for these blocks at regular intervals. These reports are not available to off-campus users.

If you suspect legitimate traffic may have been blocked, please contact noc@ucsb.edu and supply the date and time, relevant source and destination IP addresses, and ports and/or application names.

ETA

  spacer
spacer University of California Santa Barbara Home Page
  Copyright 2003-2017 The Regents of the University of California, All Rights Reserved
Web contactTerms of UseAccessibility
Last modified: 6/9/2010
  spacer