case western reserve university



Network Quarantine Process Revision

October 20, 2007

Case ITS has revised the Network Quarantine Process workflow, and users are advised to take notice of the changes. In the case of a computer that is quarantined, the Case Help Desk will call and send email to the registered owner. If the owner has not responded to the Help Desk notifications within 30 days of the quarantine, the computer will be permanently removed from the network.

To restore network services, a full security assessment and configuration mitigation of the host will be necessary. Upon determination that the system is clean of malware and the user is aware of safe computing practices, the system will receive network service after payment of a $100.00 return-to-service fee. This fee covers the additional resource usage incurred in reconnecting a host.

This change is effective November 8, 2007.

The driver for this change is that users have been unresponsive to Help Desk calls to address quarantined systems, and thus we have network availability outages. This is especially a problem for multiple users who use the same network faceplate (e.g. roommates). The availability of the CaseGuest wireless infrastructure also is seen as a cause for users to ignore the quarantine process.

When a host on the Case network is detected conducting activity that is counter to the Acceptable Use or Network Protocols Policy, it is evaluated as a potentially compromised system. To contain the malicious activity, the networking for that computer can be quarantined such that the host cannot attack other computers on the network, but can receive basic network-based services such as anti-virus updates, operating system patches, and Case webmail.

The objective is to return quarantined computers to full service as rapidly as possible, but in many cases over the past year, the return to service has been delayed because of user inaction. The objective of this process change is to avoid the extra effort to remove and later reconnect a host that has been infected or compromised.

Posted by Thomas Siu at 09:20 AM

Powered by
Movable Type

Site Last Updated: Friday December 17, 2004 at 17:55:51