Educause Security Discussion mailing list archives
Re: return to service fee
From: Tom Siu <thomas.siu () CASE EDU>
Date: Fri, 16 Feb 2007 15:40:58 -0500
Hi Everybody! Thanks for your input to the 'informal' survey. Here are the results: 10 responses 3 institutions are collecting 'return to service' fees for getting machines back on the network after an infection/quarantine/ disconnection event. Examples are - $25 reactivation fee after suspension due to abuse - $75 for turning ports back on - $100 7 are not collecting fees in this area. 1 institution is investigating the approach. Where I'm going in our environment: Goal: Drive down the number of security events (virus/worms/bots) in the environment by encouraging responsibility. 1. Offer a server management and hardening course for departmental administrators. This course gets you a certificate, and one coupon for 'get out of quarantine' free. Server resources should never be hit, but they are. No matter how many times you take the course, you only get one free ride. 2. A first offender (non-IT person, student, faculty, etc.) gets one 'clean up' free from our Help Desk (even if they are not quarantined). Repeat offenders get the quarantine, and the MAC disabled. 2.1 To get back on the network, they either FFR (f-disk, format, rebuild) and have the Help Desk certify it, or have the Help Desk do it. Minimum configuration guidelines are then verified. Maybe even vuln scanning before they are re-enabled. The fee ($100) covers this effort (re-enabling the MAC address) and serves as a dis-incentive to the previous behavior. Th 3. Some network locations do not support our quarantine system, so they have to be MAC disabled; these will be first-time exceptions won't be charged. When it goes live, the process will have been highly publicized! Thanks everybody for the ideas! Tom |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ||| Tom Siu Chief Information Security Officer Case Western Reserve University thomas.siu () case edu www.case.edu/its/security my pgp key can be found at pgpkeys.mit.edu |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||
Current thread:
- return to service fee Tom Siu (Feb 06)
- <Possible follow-ups>
- Re: return to service fee Ken Connelly (Feb 06)
- Re: return to service fee Rick Coloccia (Feb 06)
- Re: return to service fee Samuel Young (Feb 07)
- Re: return to service fee Geoff Nathan (Feb 07)
- Re: return to service fee Tom Siu (Feb 16)