Guidelines and Procedures for Blocking Network Access
The following was approved at the March 12, 2002 meeting
of the Provost's Advisory Council.
Purpose
Central campus network and security personnel must take immediate action to
mitigate any threats that have the potential to pose a serious risk to campus
information system resources or the Internet. If the threat is deemed
serious enough, the computer(s) posing the threat will be blocked or
disconnected from network access. These guidelines specify how the decision to
block is made and the procedures involved.
Guidelines
Central campus network and security personnel have the authority to evaluate
the seriousness and immediacy of any threat to campus information system
resources or the Internet and to take action to mitigate that threat. Action
that is taken will be responsible and prudent based on the risk associated
with that threat and the potential negative impact to the campus mission
caused by making the offending computer(s) inaccessible. Examples of threats
that are serious enough to invoke these procedures are:
- The level of network activity is sufficiently large as to interfere with the normal business activity of the University,
- System administrative privilege has been acquired by someone who is not
supposed to have it;
- An attack on another computer or network has been launched;
- Confidential, private or proprietary electronic information or
communications are being in appropriately collected;
- Complaints have been received regarding inappropriate activity or the
system exhibits a high-risk vulnerability and no response has been received
from the departmental security contact regarding the incident.
Other regulations or campus policies for which separate procedures exist may
also result in blocking network access. These include:
- Digital Millennium Copyright Act or DMCA (please see Digital Millennium Copyright Act at UCSC for more information on DMCA at UCSC)
- ResNet Responsible Use Policy Student violations of the ResNet policies will be handled through normal
policy violation procedures established by UCSC Colleges, Housing, Dining and
Child Care Services, ITS, Student
Judicial Affairs Office and/or the University Police Department. Sanctions
may include blocking network access.
Procedures
The intent of central campus network and security personnel who operate
under these guidelines is to work cooperatively with departmental security
contacts in blocking network access. The practice is to notify departmental
security contacts prior to blocking in order that they may address the
problem in a timely and appropriate manner. However, there may be times when
this is not possible or practical.
If the threat is immediate, or the impact is severe, as evaluated by the
central campus network and security personnel, the offending computer(s)
will be blocked immediately and notification will be sent to the
departmental security contact(s) via phone and email regarding the threat.
Approval of the blocking by the Director of Core Technologies
or departmental security contact must be obtained
within 3 days, or the blocking will be removed.
If the threat is not immediate, or the impact is acceptable, notification
of the threat will be sent to the departmental security contact(s) via phone
and email. If a response is not received within 2 days indicating that the
department is taking action to mitigate the threat, the offending computer(s)
will then be blocked.
In either case, if a block has been put in place it will be removed when
both the department and central campus security personnel agree that the
problem causing the incident has been sufficiently addressed.
Recourse
If a department feels that a computer has been inappropriately blocked it
may request a review of the decision by the Director of Core Technologies.
If there is still a disagreement with
the decision, it may be further reviewed by the Vice Chancellor, Business and
Administrative Services, and if necessary, by the Executive Vice Chancellor
and Provost.
References
|
