This is a team of network security experts, whose role is to provide security support to users and administrators of IT infrastructure. The team's primary task is to identify threats in ICT systems (network monitoring) and prevent them by vulnerability detection and security incidents management.
IST also offers complete IT security services for commercial customers focused on protection against cyber-attacks and enable higher level of security, including incident prevention, response and incident management (auditing, penetration testing, cyber-security analysis, IT forensics and more).
The services offered include analysis of the level of security, diagnostics of network security and breaches in users' IT systems, and the provision of information on the state of the protected infrastructure. This allows procedures to reduce the likelihood of adverse events and to develop ways of protecting against their effects more broadly, thus better protecting the data and information contained in protected systems.
The WCSS ZBI has many years of experience in the field of ICT security. Its members are involved in national and international projects, as analysts, designers and coordinators of cyber security work. Our team members are in ISACA, OWASP, ISSA, ISC, PTI and other organisations. The team's achievements include finding many vulnerabilities in common and specialised applications used both by big companies and scientific community.
Information Security Team (IST)
The Information Security Team of the Wrocław Centre for Network and Supercomputing carries out ICT security monitoring aimed at detecting threats in the Wrocław University of Technology network and the municipal academic network (WASK). These are activities under Computer Security Incident Response Team - CSIRT.
PROJECTS REALISED:
- EDIH Wro4digITal (2023 - ) - specialised training courses, IT infrastructure and software security audits
- EDIH CyberSec (2023 - ) - training in protection against socio-technical attacks, IT asset inventory, penetration testing of network infrastructure, mobile application security audits
- AZON 2.0 (2020 - 2023) - security audits and penetration tests
- POWER (2019 - 2023) - security consultations
- PraceLab (2019 - 2023) - security audits and penetration tests
- RegSOC (2018–2021) - meritorical coordination
- AZON (2016–2019) - security audits and penetration tests
- SPIN-LAB (2014-2015) - security coordinators, security audits and penetration tests
- PLGrid NG (2014-2015) - security coordinators, security audits and penetration tests
- PLGrid Plus (2011-2014) - security coordinators, security audits and penetration tests
- Krajowy Magazyn Danych 2 (2011-2013) - project of hybrid encryption and integrity control system
- PL-Grid (2009-2012) - security coordinators, security audits and penetration tests
- PIONIER PKI (2009-2010) - project coordinators, design and implementation of Public Key Infrastructure for universities
- Krajowy Magazyn Danych (2008-2010) - security coordinators, security audits and penetration tests
- POSITIF (2004-2007) - proactive security monitor
- ClusteriX (2003-2005) - authorization system, system hardening project
CVE's:
- CVE-2013-1086 (Novell GroupWise Web Client XSS filter bypass session hijacking)
- CVE-2013-1087 (Novell GroupWise Windows Client XSS filter bypass)
- CVE-2013-3475 (IBM DB2 buffer overflow / privilege escalation)
- CVE-2014-2308 (Java OpenID Server XSS session hijacking)
- CVE-2014-2307 (Java OpenID Server URL session fixation)
- CVE-2014-4813 (IBM Tivoli Storage Manager Client local root privilege escalation)
- CVE-2014-4818 (IBM Tivoli Storage Manager Client encryption key disclosure)
- Oracle Java Runtime Environment Security-In-Depth Contribution CPU July 2014
- CVE-2015-2801 (WSO2 Identity Server authentication bypass)
- CVE-2015-2802 (WSO2 Identity Server XSS session hijacking)
- CVE-2015-7325 (Jasig CAS Server Cross Site Scripting)