scanner_rwth_aachen_univ

Explanation

The scanner_rwth_aachen_univ NDM is designed to detect unauthorized access attempts to the research scanning systems at RWTH Aachen University. The NDM creates an alert when an attempt is made to access the university's scanning infrastructure using an unapproved device or from an unauthorized location.

What to Look For

Users should monitor their network activity for any attempts to access RWTH Aachen University's scanning systems from unauthorized devices or locations. Endpoints should be checked for suspicious activity or attempts to install new software or access protected files. Any unusual or unapproved activity should be immediately investigated to prevent potential security breaches.

RWTH Aachen University is a renowned research institution located in Aachen, Germany. Established in 1870, it is one of the largest and oldest technical universities in the country, offering a wide range of academic and research programs in engineering, natural sciences, medicine, humanities, and social sciences. The university is particularly known for its strong emphasis on applied research, interdisciplinary collaboration, and close connections to the industry.

One reason that RWTH Aachen University scans the internet is for cybersecurity research. The university has a strong focus on various aspects of computer science and cybersecurity, and scanning the internet is a crucial component of understanding the current state of online security, identifying vulnerabilities, and developing solutions to protect users, systems, and networks.

Scanning the internet involves systematically probing internet-connected devices, servers, and services to gather information about their configurations, security measures, and potential vulnerabilities. This data can then be used to analyze trends, detect security weaknesses, and develop more robust security mechanisms.

Researchers at RWTH Aachen University, along with researchers from other academic institutions and security organizations, use the data obtained from internet scanning to:

  1. Study the prevalence of known vulnerabilities in real-world systems and track their patching progress.

  2. Discover previously unknown security flaws in widely used software and hardware.

  3. Analyze the security posture of different types of devices, such as IoT (Internet of Things) devices or industrial control systems.

  4. Develop and validate new security solutions, tools, and techniques.

  5. Understand the behavior and evolution of threats like malware, botnets, or distributed denial-of-service (DDoS) attacks.

By scanning the internet and conducting cybersecurity research, RWTH Aachen University contributes to enhancing the overall security and resilience of internet infrastructure and connected systems. This research also helps inform best practices for system administrators, developers, and policymakers in the cybersecurity domain.

Related MITRE ATT&CK Categories

Remote System Discovery, Technique T1018 - Enterprise

System Owner/User Discovery, Technique T1033 - Enterprise

Network Service Discovery, Technique T1046 - Enterprise

System Information Discovery, Technique T1082 - Enterprise

Automated Collection, Technique T1119 - Enterprise

Active Scanning, Technique T1595 - Enterprise