The University of Tennessee
A-Z Index  /  WebMail  /  Dept. Directory
 

Port Disabling

There are three classifications for security issues that could require the disabling of access to the University of Tennessee OIT managed network. Both the "Normal" and "High Risk" classifications require an attempt, by the designated security representative, to contact the administrator/owner of the effected system. Upon an initial contact attempt, a predetermined time period (depending on the level of severity defined by the security representative) is established for the owner/administrator to respond. If contact has not been made within the prescribed time period, network access will be disabled. All incidents must be reported to the appropriate security representative (the Information Security Office in Knoxville and ABUSE in Memphis). All disconnects of network service shall be performed by Office of Information Technology (OIT) authorized personnel only.

1. Normal Security Incident - Defined as any issue that does not affect the normal operations of any part of the University information systems infrastructure. An attempt to contact the user or administrator is required prior to disconnecting network access. The network service can be disabled if contact is not made within a pre-defined time period starting from the initial contact attempt.

2. High Risk Security Incident - Defined as any incident that affects, directly or indirectly, the normal operations of any part of the University information systems infrastructure. An attempt to contact the user or administrator is required but the service can be disabled if contact is not made within a pre-defined short time period from discovery of the incident.

3. Critical Security Issue - Defined as any issue that has a direct affect on the normal operations of any part of the University information systems infrastructure. An attempt to contact the user or administrator is not required prior to disconnecting network access. The decision to immediately disable network service can only be made by approved OIT personnel.
Some examples of security violations that are governed by these policies are:


A. Bandwidth over subscription
B. Virus infections
C. Attacks against another system
D. Attacks against a mission critical system that requires special circumstances for service disconnection.
E. Dormant compromised system (confirmed to be compromised but not currently being used in a malicious manner)
F. Stolen IP Address
G. Denial of Service Attacks
H. Copyright violation
I. Unauthorized scanning of ports
J. Second offense of the same type incident
K. Active compromised system