Today's alert level: Green
Last update at: 28-09-2010 07:06:46 GMT
The Internet Barometer rides on top of Interoute's Next Generation Network. It, spans 57,000 kilometres of lit fibre covering the majority of the European Union and connects North America, the Middle East, and Africa with Europe.
Interoute uses this unique network infrastructure to provide services from the ground to the cloud. It serves international enterprises, governments and every major carrier in Europe and North America as well as many others around the world.
The Barometer benefits from Interoute's key role in the Internet. The core network has a capacity of 780Gbs which supports the Internet in Europe and the customers we serve as a leading European ISPs*.
The Barometer sensors operate on a hardware accelerated platform that maximizes the speed at which they perform.
Vulnerability attack information is obtained with a modified version of Snort, which runs many times faster than the standard. To provide the most accurate signatures, the Barometer deploys the latest version of Sourcefire's VRT rule set.
DDOS attack information is obtained from Interoute's own custom DDOS detector, Interoute's bespoke software, as well as Peakflow.
Internet barometers are not new, of course. The best known is the Internet Storm Centre, http://isc.sans.org/top10.html. This link gives the viewer a feel for the volume of unauthorized internet activity at any given moment. Our intention is not to compete with such valuable tools as these.
Where the Interoute Internet Barometer differs from the ISC is in the depth and insight of the data it provides.
Not all of the clever stuff we use is our own. Some is the commercial offerings of leading vendors as we want to use the best commercial products available to ensure the Barometer is as effective as possible.
Another unique challenge was making these products work on our MPLS network. Most security products assume that you are using them on a corporate LAN, at 100Mbs or maybe 1Gbs at most. Only a handful of products work at 10Gbs - and none worked to our satisfaction on our MPLS core. So we wrote our own protocol decoders.
Also, the original system we developed incorporated lots of specialist data feeds to detect DDoS and SPAM with a high degree of accuracy. Over the coming months we will be incorporating these into the free version.
We have tried to incorporate things we thought you might need to know. You may need some stats on various vulnerabilities for a report, in which case the simple screens will provide a wealth of information. Or if you are a network engineer or security officer with an on-going problem, the barometer can help get you through the latest attack. You might find other organizations suffering similar attacks and from any attack screen, you can find links to full attack descriptions so you can understand and resolve the situation. The barometer can even help by providing details of the Internet addresses that most frequently launch these attacks.
Our hope is that the Interoute Internet Barometer will help show that the security industry isn't all about Fear, Uncertainty, Doubt. Although the threats are real, there are lots of people working to reduce them. We hope our contirbution helps make the Internet a more safe and secure environment.
*CAIDA.org: AS Rank Report