[OPLINTECH] Office of Information Technology Customer Update - March 13, 2006

Corroto, Vince vince.corroto at ohio.gov
Mon Mar 13 13:44:02 EST 2006 

Office of Information Technology Customer Update - March 13, 2006

 

 

Suspicious and/or Malicious Network Activity Procedure:

 

 

As the New Year begins, and the Office of Information Technology (OIT)
reflects back on 2005, network activity that was deemed suspicious
and/or malicious in nature occurring on state assigned networks was
notably on the rise.  Moving forward with our goal of providing
customers with a secure, reliable, available, and stable Information
Technology environment, Unified Network Services/Network Administration
is seeking participation from our customers to address reports of
questionable network activity.

 

The Office of Information Technology is the registrant of IP addresses
assigned to the State of Ohio by ARIN (American Registry for Internet
Numbers).  In accordance with the State of Ohio IT Policy, ITP-B.1,
state policy and industry best practices the Ohio Customer Service &
Security Center (OCSSC) will notify agencies, boards, and commissions
when questionable activity is reported or identified on state networks.
Once notified, the customer will be asked to investigate and resolve the
issue within the timelines listed below. If the issue cannot be resolved
within the specified timeframe, then OIT will work with the customer to
block the questionable internet activity from the network until
corrective action can be completed.

 

Based on the possible security implications, the following table defines
the classification along with a time allowance to the customer for
containment.  The OIT will initiate blocking, once the specified time
has elapsed.

 

 

Classification                      Description
Time Allowance Before Blocking    

 

Malicious Activity-Spam             Sending of unsolicited email
24 Hours    

Malicious Activity-Scanning         Checking for open port
30 Minutes  

Malicious Activity-Bandwidth Hog    Router/Switch packet rate too high
30 Minutes  

Malicious Activity-Access Attempts  Unauthorized access attempts
60 Minutes  

Malicious Activity-Defacement       Public facing web page defaced
60 Minutes  

Malicious Activity-Worm             Known source of infections
30 Minutes  

Malicious Activity-Bot              Repeated access to remote control
30 Minutes 

 

 

Your cooperation in this matter is greatly appreciated.  If you have any
questions or concerns, please contact Dixie Rogers at 614-466-4528.

 

 

 

 

 

 

 

 

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/mailman/private/oplintech/attachments/20060313/0ba81cf5/attachment.html

More information about the OPLINTECH mailing list