Educause Security Discussion
mailing list archives
Re: return to service fee
From: Tom Siu <thomas.siu () CASE EDU>
Date: Fri, 16 Feb 2007 15:40:58 -0500
Thanks for your input to the 'informal' survey.
Here are the results: 10 responses
3 institutions are collecting 'return to service' fees for getting
machines back on the network after an infection/quarantine/
disconnection event. Examples are
- $25 reactivation fee after suspension due to abuse
- $75 for turning ports back on
7 are not collecting fees in this area.
1 institution is investigating the approach.
Where I'm going in our environment:
Goal: Drive down the number of security events (virus/worms/bots) in
the environment by encouraging responsibility.
1. Offer a server management and hardening course for departmental
administrators. This course gets you a certificate, and one coupon
for 'get out of quarantine' free. Server resources should never be
hit, but they are. No matter how many times you take the course, you
only get one free ride.
2. A first offender (non-IT person, student, faculty, etc.) gets one
'clean up' free from our Help Desk (even if they are not
quarantined). Repeat offenders get the quarantine, and the MAC
2.1 To get back on the network, they either FFR (f-disk, format,
rebuild) and have the Help Desk certify it, or have the Help Desk do
it. Minimum configuration guidelines are then verified. Maybe even
vuln scanning before they are re-enabled. The fee ($100) covers this
effort (re-enabling the MAC address) and serves as a dis-incentive
to the previous behavior. Th
3. Some network locations do not support our quarantine system, so
they have to be MAC disabled; these will be first-time exceptions
won't be charged.
When it goes live, the process will have been highly publicized!
Thanks everybody for the ideas!
Chief Information Security Officer
Case Western Reserve University
thomas.siu () case edu
my pgp key can be found at pgpkeys.mit.edu