Department of Network Security and Internet Technologies

 
 
 

The department of Network Security and Internet Technologies has a long history of development in the field of computer networking since the seventies. The first packet-switched public network was developed and introduced as a public service by the end of eighties by our Institution. Since 1990, the de-partment’s focus has been Internet technology and applications in Hungary and abroad. One of the most important results was the development of a high-speed nation-wide research network for the Hungarian research and education community. Our development activity also includes the area of authentication and authorization infrastructures, including cloud systems and the use of semantic annotations as a technology for developing novel applications.

The Network Security Department's main field of operation is protecting networked computer systems. This includes early recognition of security holes, adaptation of existing defense technologies, methods to defend against recognised vulnerabilities and the development of new technologies.

Our activities include the "post-mortem" examination of compromised systems (securing the signs of the intrusion, discovering the security hole and advising the possible methods of recovery). Data for the above work is being gathered from two sources: continuous monitoring and analysis of traffic on our Institute's network infrastructure, and handling reports from members of Council of Internet Providers (ISZT). Our professional competence includes the areas of networks and network services. We participate in administering, monitoring the network, if needed we change configuration of SZTAKI’s active devices, network endpoints and we expand the network, should new needs arise.

Main research areas

  • authentication and authorization infrastructures
  • semantic annotations
  • cloud infrastructure development
  • Developing and setting up network security supervisory systems
  • Automatic network monitoring
  • Developing special purpose network devices - Data diode
  • Methods of security evaluation

Major results

  • The use of LDAP technology in provisioning access to federated resources like EduId, EduGain, Eduroam, and Google Application Services for enterprises
  • The two most widespread integrated library systems in Hungary use our federative identity solution
  • The OpenNebula project has incorporated our integrated authentication method
  • Our development of DBpedia Spotlight Live makes it possible to analyze new articles from Wikipedia on-the-fly, and underlies an UIMA adapter and an OpenLibrary tool that are helping the Apache Stanbol project
  • Hun-CERT - ISZT is a professional grouping of Hungarian Internet Service Providers. Per ISZT's procuration we run Hun-CERT (www.cert.hu), one of the first domestic network incident handling centers for almost a decade.Our job is to develop incident handling methodologies for the member organisations of ISZT, to participate in discovering incidents and maintain international connections. Our priority is to increase the security-awareness of Hungarian Internet users.
  • Net-Sensor - PTA CERT-Hungary, NETI Ltd. and the Network Security Department, in the framework of a research project, have developed an early warning system named: "Network Security System for Protecting Critical Infrastructures". This system is capable of analysing data traffic of sub-networks under its supervivion in real time, without disturbing normal data-flow. Based on the obtained data it can provide early warnings about the security status of the system. This hierarchical system is also capable to use data originated from other systems, or make use of the content of existing vulnerability databases.
  • Data Diode - In the case of critical information infrastructures it is extremely important to prevent unauthorised data traffic. One of the possible methods is making two-way protocols "unidirectional", disabling data traffic in one direction. For this purpos we developed a so-called "data diode". The device makes it possible to use common IT services (e-mail, ftp, http, etc.), while on the physical level data flow is proven to be unidirectional.

Main activities

  • GÉANT3 planning, public procurement, and implementation
  • GN3plus Open Call Higher Education External Attribute Authorities (HEXAA) project
  • Project Sztakipédia
  • Federated identity management of integrated library systems
  • SZTAKI Cloud
  • Incident handling within the confines of Hun-CERT (Computer Emergency Response Team).
  • Consulting services in network security, security audit, evaluation, certification.
  • Design and implementation of security systems, independent expert audit (also for juridical purposes).
  • Writing white papers, essays, preparation and evaluation of proposals and tenders.
  • Administrating Computer Networks
  • Development of special Web-based software systems
  • Evaluation and development of RFID systems, researching their security aspects

Manager

M.Sc.
IT engineer
 

Secretary

IT administrator