Home page logo

educause logo Educause Security Discussion mailing list archives

Re: return to service fee
From: Tom Siu <thomas.siu () CASE EDU>
Date: Fri, 16 Feb 2007 15:40:58 -0500

Hi Everybody!
Thanks for your input to the 'informal' survey.

Here are the results:  10 responses

3 institutions are collecting 'return to service' fees for getting
machines back on the network after an infection/quarantine/
disconnection event. Examples are
- $25  reactivation fee after suspension due to abuse
- $75 for turning ports back on
- $100

7 are not collecting fees in this area.

1 institution is investigating the approach.

Where I'm going in our environment:

Goal: Drive down the number of security events (virus/worms/bots) in
the environment by encouraging responsibility.

1. Offer a server management and hardening course for departmental
administrators.  This course gets you a certificate, and one coupon
for 'get out of  quarantine' free.  Server resources should never be
hit, but they are.  No matter how many times you take the course, you
only get one free ride.
2. A first offender (non-IT person, student, faculty, etc.) gets one
'clean up' free from our Help Desk (even if they are not
quarantined).  Repeat offenders get the quarantine, and the MAC
2.1  To get back on the network, they either FFR (f-disk, format,
rebuild) and have the Help Desk certify it, or have the Help Desk do
it.  Minimum configuration guidelines are then verified.  Maybe even
vuln scanning before they are re-enabled.  The fee ($100) covers this
effort (re-enabling the   MAC address) and serves as a dis-incentive
to the previous behavior.  Th
3. Some network locations do not support our quarantine system, so
they have to be MAC disabled; these will be first-time exceptions
won't be charged.

When it goes live, the process will have been highly publicized!

Thanks everybody for the ideas!

   Tom Siu
   Chief Information Security Officer
   Case Western Reserve University
   thomas.siu () case edu
   my pgp key can be found at pgpkeys.mit.edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]