Guidelines and Procedures for Blocking Network Access
Purpose
Central campus network and security personnel must take immediate
action to mitigate any threats that have the potential to pose a
serious risk to campus information system resources or the Internet.
Departmental security contact(s) and Domain Network Liaison(s) may
also request that action be taken if any computer within their
jurisdiction poses a serious risk. If the threat is deemed serious
enough, the computer(s) posing the threat will either be blocked from
network access or have its (their) bandwidth rate limited. These
guidelines specify how the decisions to block or rate limit are made
and the procedures involved.
Guidelines
Central campus network and security personnel have the authority to
evaluate the seriousness and immediacy of any threat to campus
information system resources or the Internet and to take action to
mitigate that threat. Departmental security contact(s) and Domain
Network Liaison(s) also have the authority to request that action be
taken on any computer within their jurisdiction that they feel is a
serious threat. Action that is taken will be responsible and prudent
based on the risk associated with that threat and the potential
negative impact to the campus mission caused by making the offending
computer(s) inaccessible. Examples of threats that are serious enough
to invoke these procedures are:
The level of network activity is sufficiently large as to cause
serious degradation in the performance of the network;
System administrative privilege has been acquired by someone who
is not supposed to have it;
An attack on another computer or network has been launched;
Confidential, private or proprietary electronic information or
communications are being collected in an insecure manner;
Confidential, private or proprietary electronic information or
communications are being collected in an insecure manner;
Procedures
If the threat is immediate, the offending computer(s) will be blocked
or rate limited immediately, and notification will be sent to the
departmental security contact(s) and the Domain Network Liaison(s) via
email that the block or rate limit has occurred. If the threat is not
immediate and serious, notification of the threat will be sent to the
departmental security contact(s) and Domain Network Liaison(s) via
email. If a response is not received within 4 hours indicating that
the department is taking action to mitigate the threat, the offending
computer(s) will then be blocked or rate limited. A departmental
security contact or Domain Network Liaison may also request that a
computer within their jurisdiction be blocked or rate limited by
contacting the EITS Help Desk at (706) 542-3106. In any case, central
campus network and security personnel will work with the departmental
security contact(s) and/or Domain Network Liaison(s) or the system
administrator(s) to ensure that the computer(s) are properly secured.
If a block or rate limit has been put in place, it will be removed
when both the department and central campus security personnel agree
that the problem causing the incident has been sufficiently addressed.
Central campus network and security personnel will continue to monitor
the computer(s) for a few days to make sure no further action is
necessary.
Recourse
If a department feels that a computer has been inappropriately
blocked, it may request a review of the decision by the Chief
Information Officer and Chief Information Security Officer.
