Janet Updates Security Requirements

By Grayde Bowen | 14/09/2022 | Share:

Janet Updates Security Requirements

JANET (Joint Academic Network) is the computer network backbone used by UK Universities, Colleges and research centres.

Updates have been made to the policy of use for JANET some of which have come into force from 1st April 2022.  There are 3 core themes to these changes.

Some ports and protocols will be blocked by default although institutions will have the option to allow their use.  At present the only specific block is to port 3389.  This is the recommended port for RDP so will be the assumed port for attacks using that protocol.  A system could continue to use RDP on one of the non-reserved ports (49152-65535) but any remote users would need to know the new assigned port which in turn would reduce the protection from that port being ‘unknown’.

Users will be required to take an annual security posture review.  Unfortunately there is no set outline for this review nor any need for an organisation to share the results of such a review.  JISC (Joint Information Systems Committee) who administer JANET has published a 1-page outline of 16 questions to assess cyber security posture.  All but 2 of these questions could be answered as yes or no but a serious review would require considerable time and effort.  UK Further Education institutions have been required to endeavour to meet Cyber Essentials since March 2021.  Cyber Essentials and the more detailed Cyber Essentials Plus would hence be one means of achieving the security posture review.

The third change is that more proactive scans will be made on systems attached to JANET.  The scans will be looking for ports open to known vulnerabilities.  JANET vulnerability scans have been performed before but only in exceptional cases.  The new policy is seen to be preventative rather than reactive.

These changes reflect a light touch.  There will be little impact on JANET users but the scanning and blocking options allow procedures to be ramped up without any further changes to the usage policy.  The security posture review should be a tool to identify system improvements.  There is not yet a requirement that any review be passed only that note be taken of the results.   Kindus are able to offer support and advice in drawing up security reviews and setting an action plan to address any issues identified.

More from Security

22/04/2025

UK Cyber Security and Resilience Bill Policy Statement

The UK government chose 1st April 2025 to release details of its upcoming Cyber Security and Resilience Bill. The Bill is due to introduced …

Read post

25/03/2025

UK Government Ransomware Payment Proposals

A UK government open consultation is running from 14th January to 8th April 2025. Its aim is to gather possible reactions to legislation preventing …

Read post

18/03/2025

Windows 10 Support To End

Microsoft has announced that support for Windows 10 will end on 14th October 2025. Microsoft want their users to move to their latest Operating …

Read post

03/02/2025

Smart Ring Security

Smart Rings are following up on Smart Watches as an attractive consumer wearable. Costs and services offered vary widely but typically include health and …

Read post

Categories

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Popular Blogs

    Bitcoin – The Hidden Costs

    Google Search Vulnerabilities

    Amazon S3 Security (Simple Storage Service)

    Lessons in handling data disasters

    Energy Costs Of Data Processing
    Categories

    We use cookies on this website, by continuing to browse the site you are agreeing to our use of cookies. Find out more.