The Security Operations Center is a service provided for Network Liaisons (NLs) and designated network security liaisons (NSLs) with departments at Virginia Tech. The Security Operations Center is a centralized portal that allows liaisons to access services provided by the IT Security Office for system administrators on campus. The Security Operations Center website allows NLs to have direct access to the following security systems in the IT Security Office:
The campus Intrustion Detection System is a campus-wide network security system that identifies malicious actions on the campus network. The IDS can detect both inter- and intra-network attacks and identifies hundreds of common attacks and threats, including, but not limited to:
The DShield is an integrated firewall analysis tool that accepts data from firewalls all around campus. The DShield system allows network liaisons and the security office to have a well-rounded view of network attacks that are taking place on campus.
The Netscan system is a network scanner operated by the Security Office. The Netscan system scans the entire campus network on a daily basis and determines changes in network address and port configurations. The netscan system identifies changes on a daily basis and allows network liaisons to identify rogue systems and services operating on their subnets.
The firewall audit tool provides a clear view of the firewall configuration of networked machines by scanning IP addresses from both within and outside of the campus network. The firewall audit tool is designed to make liaisons more aware of systems and services that may be needlessly publicly available.
The Security Operations Center Wiki is a centralized, secure wiki for authorized users to find and share material that may be useful for other liaisons on campus. The wiki is designed to provide customized information for Virginia Tech IP addresses. Specifically, it is designed to provide information to liaisons that may not be suitable for public dissemination outside Virginia Tech.
To access the SOC, please fill out a SOC Access Request form and submit it to the IT Security Office. Upon receiving the form we will verify the identities of the individuals on the form and once confirming such, provide access to the SOC.