Networking & Systems Navigation Menu v4.0

Main Menu

HSIN, MS-ISAC, NIST Framework & CIS Security Controls Navigation Menu







  • HSIN MS-ISAC Home
  • MS-ISAC website via CISecurity (Center for Internet Security)
  • MS-ISAC Services
  • MS-ISAC Report an Incident
  • Notes from MS-ISAC on setup:
    Please find details below on our Passive Monitoring Services:
    Web Profiler: Domains will be passively scanned for known vulnerabilities by software version. This is done be analyzing the headers in an HTTP request for out of date software. This is done on a weekly basis and information is stored internally for reference.
    Port Profiler: This is a service where IPs that we have in our records are scanned for open ports. Ports that should not be public facing or that are associated with vulnerable software are reported on. This is done quarterly at the end of Jan, April, July, Oct.
    Spamhaus: We receive a list of IPs communicating with sinkholed malicious domains operated by a company called Spamhaus. We parse that according to the IPs in our database and notify of suspected infected machines.
    Darknet: We monitor federal IP space not associated with any domains or services for communications. We alert on IPs in our database communicating with these "dark" IPs which indicates worm or spam activity as there are no legitimate reasons to communicate with the dark IPs.
    Website Defacements: If we observe any defaced websites of a domain we have in our database, we will notify that entity.
    Pastebin: We monitor Pastebin for account credential dumps. Domains associated with any accounts we find which are in our database we report on.
    Other: We notify on any reported or observed activity which we can attribute to an owner of a domain or IP in our records. Examples being account credential dumps not found on pastebin, hacktivists that claim they will attack a given IP or domain, and any other activity we find involving IPs or domains belonging to our members.
    In addition, your homenet IP addresses are your internal subnets used for the logical Albert sensor. Please do not hesitate to reach out with any further questions.