This site uses cookies to improve services and experience of readers. If you decide to continue browsing we consider that you accept their use.

We have updated the Privacy Policy and the Cookies Policy to make them clearer and more transparent and to introduce the new rights that the Regulation guarantees you.

Research

GARR, Network, Research

IT security

IT Security

Security is a major concern for the education and research community, both in terms of protecting user data, and in preventing and managing attacks aimed at undermining the usability of networked services offered by the community, or causing harm to third parties. Over the years, there has been an evolution of attack systems, threats, and even motivations behind the security threats; thus the importance of constant research efforts in the area of new information threats, first implemented by HoneyPot system installations, and subsequently by means of anomaly monitoring systems and the search for specific attack patterns.

In the area of possible attack modalities, the work focused at first on the creation of valid and reliable lists of BotNet servers and "bad hosts", later moving to heuristic systems for the detection of malware, viruses and compromised servers, in collaboration with other national and international organisations, following the exponential increase in types of attack. Because there are no borders in the proliferation of digital threats, it has been crucial to also expand the research to the study of procedures, protocols, and agreements for the notification and timely incident management in multi-domain environments. At the same time, GARR security team (CERT) designed automated systems to maximize efficiency and reaction speed in this area.

In the context of system vulnerabilities, research has focused on the study of mechanisms of penetration testing and machine stressing, while to cope with new types of application-layer attack the CERT team are studying protection systems which employ level 7 firewalls. Other research topics that have recently gained huge relevance with the emergence of new types of computing devices and new usage scenarios (Internet of Things, Bring Your Own Device) relate to the new types of vulnerabilities and new types of service disruption, such as DoS (Denial of Service) and DDoS (Distributed DoS) and the response strategies to these threats.

Learn more