NetReg

NetReg Best Practices

Registration & Incident Notification - Overview

Below is a high-level description of the routing of information across NetReg and Sock (and its sensors and scanners), that result in security incident notification. Complete and accurate information input into the system is imperative for information security and to safeguard Protected Data.

NetReg - Asset registration

(1) A Security Contacts registers Assets in NetReg for which it is responsible for. And it defines...

Offsite Hosting in NetReg

Offsite hostname registration is available through NetReg.

In NetReg you can:

Request hostname(s) Identify Resource Proprietor, Data Protection Levels, etc. Provide DNS details for DNS Administrator, pending approval

Once the hostname is approved, NetReg will make a request to DNS Administrator on your behalf. Additionally, Offsite hostname de-registration requests to the DNS Administrator will send a request on your behalf to the DNS Administrator to remove the hostname’s DNS record....

NetReg is Getting New Functionality

June 24, 2019

Beginning August 13, Offsite Hostname requests will move to NetReg.

Historically, requesting an Offsite Hostname requires two different registration applications: the Off-Site Hosting (https://offsitehosting.berkeley.edu/) website to complete an off-site hosting request and NetReg (https://security.berkeley.edu/services/netreg) to...

Manage Assets

Register or Claim Network Assets in NetReg: Subnets and individual IP addresses Offsite hostnames Subdomains CC IP Addresses

Initially, security contacts and their maintainers, as well as registered IP addresses and subnets, subdomains and off-site hostnames were converted from the previous Security Contact application.

For new registrations and ongoing maintenance of existing registrations:

Register a Subnet or IP Address: Select ‘Subnets’ from the left nav bar. Use the buttons at the bottom of the page to 'Claim unclaimed subnets', 'Request...

Create Role

To create a new, primary Department Security Contact (DSC): Click the Request a Department Security Contact link in the left nav bar ISO will conduct an intake process and will create the DSC To create a Group Security Contact (GSC) within your DSC: Select 'Group Security Contact' from the left menu bar Click 'Add Group Security Contact' Provide information about the new Security Contact and its first member. Click the 'Help' button for help on specific fields Click 'Save' to add the GSC To request a Group Security Contact (GSC) in another DSC: From your Individual Security Contact Search for...

Manage Role

Register or Claim Network Assets: Subnets and individual IP addresses Offsite Hostnames Subdomains CC IP Addresses

The first member, and all subsequent members of a CR, can add and remove other members, provided they have read/write privileges within the CR. A DCR can create (and add the first member) or retire Group CRs. When a DCR retires a GCR, if it has any registered assets they will be transferred to the parent DCR. To retire a DCR, send an email to netreg@berkeley.edu.

Membership will be reviewed for...

What email address should I use for my security contact?

The email address should reach multiple people via a listserv, group address, or, ideally, a CalNet SPA account so that security incidents involving a department or group's IT Resources receive prompt attention. CalNet SPAs (Special Purpose Accounts) are CalNet IDs that can be shared by multiple users for collaborative purposes, and are recommended for this purpose.

See...

Getting Started

Overview

NetReg uses distinct sets of security contacts (SCs) to support the various ways network resources are managed on campus.

Network assets (e.g., subnets, IP addresses, devices) are registered to SCs in NetReg to enable the correct routing of security notices. An SC is a role that is comprised of members. NetReg users who have membership in a security contact have varying levels of access privileges.

SC members may have the ability to:

View and respond to NetReg...

What are Service Provider Security Contacts and how do they work?

Service Provider Security Contacts (SCs) are a special purpose security contact. As a service provider, they don't have registered network assets, but they are flagged within NetReg as providing support for another SC. For example, the Service Provider SC might register devices for the Client SC. Service Provider SCs have "device-based" privileges with the Client SC; they can create, edit and delete devices from the Client SC.

Service Provider SCs can be grouped or departmental. Notifications about security events (compromises, vulnerabilities...

How are security notices routed?

Security notices are routed based upon the most specific registration information available in NetReg.

For example, if an IP address has a registered security contact, the security notice is sent to that contact. If there is no specific IP address registration then the notice is sent to the security contact that claimed the subnet. Notices will also be sent to:

• the registrant contact role's service provider if any
• its departmental / parent contact role if any,
• and any contact roles that have 'CC SC' status for the IP address

...