Security Operations Center

The main task of the RWTH Security Operation Center (SOC) is to ensure IT security at the university. It is responsible for operating the central RWTH firewall and the firewalls in the data centers and institutes, including maintaining rule sets and analyzing log files.

As the interface to DFN-CERT, the SOC processes reports on security incidents and informs the persons concerned. Employees and students can contact the SOC at any time if they notice suspicious activity on devices, servers, virtual machines, or user accounts.

Responsibilities

The SOC team is responsible for the following tasks:

  • Monitoring communication network security
  • Detecting and analyzing security incidents
  • Initiating measures against cyber attacks
  • Performing vulnerability analyses
  • Providing advice and training on IT security issues
  • Acting as a point of contact for security and law enforcement agencies
  • Actively preventing damage by blocking accounts, devices, networks, and services
  • Operating IT security systems

Consulting and Support

The IT Center provides technical support in responding to security incidents.

If you have general questions about IT security, please contact the IT-ServiceDesk.

The SOC team at the IT Center also provides technical support in responding to security incidents and threats, as well as prevention measures and security strategies.

Emergency Contact

In the event of acute IT security incidents, please contact the SOC team at soc@rwth-aachen.de or by phone at +49 241 80-29505.

In addition, there is the address abuse@rwth-aachen.de, which can also be contacted by non-RWTH users, as the address is stored in the RIPE database for the RWTH IP ranges.

If you are unsure whether an incident is a security incident, please contact your IT network contact person at your institution or the IT-ServiceDesk.

SOC On-Call Service

In order to be able to respond promptly to potential threats outside regular working hours, an SOC on-call service has been set up. This means that the SOC team is available around the clock if necessary.

Protective shield with inscription “SOC Security Operations Center” Copyright: © IT Center

IT Center Help