Educause Security Discussion mailing list archives

Re: return to service fee

From: Tom Siu <thomas.siu () CASE EDU>
Date: Fri, 16 Feb 2007 15:40:58 -0500

Hi Everybody!
Thanks for your input to the 'informal' survey.

Here are the results:  10 responses

3 institutions are collecting 'return to service' fees for getting
machines back on the network after an infection/quarantine/
disconnection event. Examples are
- $25  reactivation fee after suspension due to abuse
- $75 for turning ports back on
- $100

7 are not collecting fees in this area.

1 institution is investigating the approach.



Where I'm going in our environment:

Goal: Drive down the number of security events (virus/worms/bots) in
the environment by encouraging responsibility.

1. Offer a server management and hardening course for departmental
administrators.  This course gets you a certificate, and one coupon
for 'get out of  quarantine' free.  Server resources should never be
hit, but they are.  No matter how many times you take the course, you
only get one free ride.
2. A first offender (non-IT person, student, faculty, etc.) gets one
'clean up' free from our Help Desk (even if they are not
quarantined).  Repeat offenders get the quarantine, and the MAC
disabled.
2.1  To get back on the network, they either FFR (f-disk, format,
rebuild) and have the Help Desk certify it, or have the Help Desk do
it.  Minimum configuration guidelines are then verified.  Maybe even
vuln scanning before they are re-enabled.  The fee ($100) covers this
effort (re-enabling the   MAC address) and serves as a dis-incentive
to the previous behavior.  Th
3. Some network locations do not support our quarantine system, so
they have to be MAC disabled; these will be first-time exceptions
won't be charged.

When it goes live, the process will have been highly publicized!

Thanks everybody for the ideas!
Tom

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|||
   Tom Siu
   Chief Information Security Officer
   Case Western Reserve University
   thomas.siu () case edu
   www.case.edu/its/security
   my pgp key can be found at pgpkeys.mit.edu
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|||

Current thread:

return to service fee Tom Siu (Feb 06)
- <Possible follow-ups>
- Re: return to service fee Ken Connelly (Feb 06)
- Re: return to service fee Rick Coloccia (Feb 06)
- Re: return to service fee Samuel Young (Feb 07)
- Re: return to service fee Geoff Nathan (Feb 07)
- Re: return to service fee Tom Siu (Feb 16)