University Network Services and Security
office must take immediate action to mitigate any threats that have
the potential to pose a serious risk to campus information system
resources or the Internet. If the threat is deemed serious enough,
the computer(s) user posing the threat will be restricted or blocked
from network access. These guidelines specify how the decision to
block is made and the procedures involved.
University Network and Systems Security
Office personnel have the authority to evaluate any threat to campus
information system resources or the Internet and to take action to
mitigate that threat. Action that is taken will be responsible and
prudent based on the risk associated with that threat and the potential
negative impact to the campus mission caused by making the offending
computer(s) inaccessible. Examples of threats that are serious enough
to invoke these procedures are:
The level of network activity is
sufficiently large as to cause serious degradation in the performance
of the network.
System administrative privilege
has been acquired by someone who is not supposed to have it.
An attack on another computer or
network has been launched.
Confidential, private or proprietary
electronic information or communications are being collected.
Continued complaints have been received
regarding inappropriate activity and no response has been received
from the departmental contact regarding the incident.
If the threat is immediate, the offending
computer(s) user(s) will be blocked immediately and notification will
be sent to the departmental security contact(s) via email notifying
that the block has occurred. If the threat is not immediate, notification
of the threat will be sent to the departmental security contact(s)
via email. If a response is not received within 4 hours indicating
that the department is taking action to mitigate the threat, the offending
computer(s) will then be blocked. In either case, network and systems
security personnel will work with the departmental security contact(s)
and/or the system administrator(s) to ensure that the computer(s)
are properly re-secured. If a block has been put in place it will
be removed only when both the department and central campus security
personnel agree that the problem causing the incident has been sufficiently
If a department feels that a computer
user has been inappropriately blocked it may request a review of the
decision by the Network & Systems Security Officer. If, after
the review, there is still a disagreement with the decision, it may
be further reviewed by the Associate Vice President of Computing.
to other Policies