[OPLINTECH] Office of Information Technology Customer Update - March 13, 2006 (Suspicious and/or Malicious Network Activity Procedure)

Corroto, Vince vince.corroto at ohio.gov
Mon Mar 13 14:38:31 EST 2006 

Office of Information Technology Customer Update - March 13, 2006

 

Suspicious and/or Malicious Network Activity Procedure:

 

Moving forward with our goal of providing customers with a secure,
reliable, available, and stable Information Technology environment,
Unified Network Services/Network Administration is seeking participation
from our customers to address reports of questionable network activity.

 

The Office of Information Technology is the registrant of IP addresses
assigned to the State of Ohio by ARIN (American Registry for Internet
Numbers).  In accordance with state policy and industry best practices,
the Ohio Customer Service & Security Center (OCSSC) will notify
agencies, boards, and commissions when questionable activity is reported
or identified on state networks.  Once notified, the customer will be
asked to investigate and resolve the issue within the timelines listed
below. If the issue cannot be resolved within the specified timeframe,
then OIT will work with the customer to block the questionable internet
activity from the network until corrective action can be completed.

 

Based on the possible security implications, the following table defines
the classification along with a time allowance to the customer for
containment.  The OIT will initiate blocking, once the specified time
has elapsed.

 

Classification                      Description
Time Allowance Before Blocking    

 

Malicious Activity-Spam             Sending of unsolicited email
24 Hours    

Malicious Activity-Scanning         Checking for open port
30 Minutes  

Malicious Activity-Bandwidth Hog    Router/Switch packet rate too high
30 Minutes  

Malicious Activity-Access Attempts  Unauthorized access attempts
60 Minutes  

Malicious Activity-Defacement       Public facing web page defaced
60 Minutes  

Malicious Activity-Worm             Known source of infections
30 Minutes  

Malicious Activity-Bot              Repeated access to remote control
30 Minutes 

 

 

Your cooperation in this matter is greatly appreciated.  If you have any
questions or concerns, please contact Dixie Rogers at 614-466-4528.

 

 

 

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/mailman/private/oplintech/attachments/20060313/09ac8b55/attachment-0001.html

More information about the OPLINTECH mailing list