Cybersecurity and DDoS Mitigation Service

Network security

We work to detect and prevent that networks of the institutions connected to the Anella Científica suffer from denial-of-service attacks and other security incidents that, in an increasingly complex technological environment, are becoming more sophisticated.

The services we offer are subject to the CSUC's security policy, which defines a framework for action to ensure the protection of equipment and network infrastructure. It also ensures the confidentiality, integrity and availability of both its own information and the information of the services offered. This policy has been created in collaboration with the consortium universities and is available to all the institutions of the Anella Científica who wish to consult it on request.

The use policy of the Anella Científica is also taken into account, which ensures legality, honesty, confidentiality and intellectual and industrial property. The affiliated institutions must make their users aware of the use conditions of the Anella Científica and take responsibility for their compliance with their institution.

DDoS Platform

We offer a distributed denial of service (DDoS) attack mitigation service to uninterruptedly detect and mitigate DDoS attacks on  Anella Científica institutions.

The platform can be configured according to the needs of the requesting institution in order to encourage the establishment of unique and effective detection parameters. The platform generates traffic, alert and mitigation reports, which are sent each month to user entities.

The DDoS platform allows the detection of offline DDoS attacks via Netflow and its mitigation by diverting the attacked traffic using the BGP dynamic routing protocol, without diverting or interfering with the rest of the regular traffic or projects of the rest of institutions.

As a complement to the platform, the Anella Científica has Flowspec, which follows the recommendations of RFC 5575 of the Internet Engineering Task Force (IETF), in order to distribute filter specifications for specific traffic flows. The information is transported to the BGP protocol, reusing the algorithms and processes of the protocol.

The traffic that analyzes is the one from RedIRIS, the generated by CATNIX members and the connection of the Anella Científica with its commercial providers.

What DDoS attacks can I find?

• Volumetric attacks, which block communications, making it impossible to solve the problem within the institution itself.
• Saturation attacks on the state tables of the network equipment, which also cannot be stopped once the border equipment falls due to the attack, making the network inaccessible.
• Application-level attacks, which can leave important services offline at critical times.