ČDT-MONITOR service allows the customer to keep track of security incidents on their internet connectivity. By means of special probes the customer's Internet traffic is monitored, and the collected data are evaluated by methods detecting security risks.
With this product, the customer gets a quick summary of the security risks in their network (attacks against computers in the network, scanning computers, generating spam, etc.), enabling them to react quickly and minimize their impact on users.
- Telnet – increased use of Telnet service. It detects all connections, including connection attempts on TCP port 23, and counts the number of these connections for individual IP addresses;
- SSHDICT – attempts to guess a username/password or login by means of a spurious certificate to the SSH service. The method is able to recognize a successful/unsuccessful attack;
- OUTSPAM – sending or attempting to send an increased number of e-mails from specific IP addresses;
- SCANS – various types and methods of scanning network. The details include the number of unique scans, a report on potential response of the scanned IP address, and a list of the ports involved. It indicates infected IP addresses in the network;
- DNSQUERY – an Increased number of DNS queries from specific IP addresses;
- DNSANOMALY – suspicious communication in DNS traffic;
- BLACKLIST – traffic control (by assigned filters) and recognition of communication with the IP addresses included in the blacklist;
- RDP Dictionary Attacks – detects attempts to guess user names and passwords in RDP service. Dictionary attacks are a widespread and popular method to gain unauthorized access to a computer system.
- REFLECTDOS Amplificated DoS attack – detects DoS attacks that exploit certain service vulnerabilities to amplify themselves. They are able to generate a much larger response to a specific request that is then sent to the request's spoofed source IP address (e.g. via unsecured NTP servers).
- early detection of risk traffic in the Internet connectivity
- reduced burden on the active elements of the network operator
- further development of wholesale partners' business activities towards the end customers
Who is the service intended for?
- local Internet providers
- large and medium-sized companies
- government and local government
The service is provided as a supplementary service to the Internet access provided by ČD - Telematika.