Guidelines and Procedures for Blocking Network Access

The following was approved at the March 12, 2002 meeting of the Provost's Advisory Council.

Purpose

Central campus network and security personnel must take immediate action to mitigate any threats that have the potential to pose a serious risk to campus information system resources or the Internet. If the threat is deemed serious enough, the computer(s) posing the threat will be blocked or disconnected from network access. These guidelines specify how the decision to block is made and the procedures involved.

Guidelines

Central campus network and security personnel have the authority to evaluate the seriousness and immediacy of any threat to campus information system resources or the Internet and to take action to mitigate that threat. Action that is taken will be responsible and prudent based on the risk associated with that threat and the potential negative impact to the campus mission caused by making the offending computer(s) inaccessible. Examples of threats that are serious enough to invoke these procedures are:

  • The level of network activity is sufficiently large as to interfere with the normal business activity of the University,
  • System administrative privilege has been acquired by someone who is not supposed to have it;
  • An attack on another computer or network has been launched;
  • Confidential, private or proprietary electronic information or communications are being in appropriately collected;
  • Complaints have been received regarding inappropriate activity or the system exhibits a high-risk vulnerability and no response has been received from the departmental security contact regarding the incident.

Other regulations or campus policies for which separate procedures exist may also result in blocking network access. These include:

  • Digital Millennium Copyright Act or DMCA (please see Digital Millennium Copyright Act at UCSC for more information on DMCA at UCSC)
  • ResNet Responsible Use Policy Student violations of the ResNet policies will be handled through normal policy violation procedures established by UCSC Colleges, Housing, Dining and Child Care Services, ITS, Student Judicial Affairs Office and/or the University Police Department. Sanctions may include blocking network access.

Procedures

The intent of central campus network and security personnel who operate under these guidelines is to work cooperatively with departmental security contacts in blocking network access. The practice is to notify departmental security contacts prior to blocking in order that they may address the problem in a timely and appropriate manner. However, there may be times when this is not possible or practical.

If the threat is immediate, or the impact is severe, as evaluated by the central campus network and security personnel, the offending computer(s) will be blocked immediately and notification will be sent to the departmental security contact(s) via phone and email regarding the threat. Approval of the blocking by the Director of Core Technologies or departmental security contact must be obtained within 3 days, or the blocking will be removed.

If the threat is not immediate, or the impact is acceptable, notification of the threat will be sent to the departmental security contact(s) via phone and email. If a response is not received within 2 days indicating that the department is taking action to mitigate the threat, the offending computer(s) will then be blocked.

In either case, if a block has been put in place it will be removed when both the department and central campus security personnel agree that the problem causing the incident has been sufficiently addressed.

Recourse

If a department thinks that a computer has been inappropriately blocked it may request a review of the decision by the Director of Core Technologies. If there is still a disagreement with the decision, it may be further reviewed by the Vice Chancellor, Division of Finance, Operations and Administration, and if necessary, by the Executive Vice Chancellor and Provost.

References