- The word 'problem' in this document refers to 'the use of all equipment using University of Groningen internet facilities about which we have received an official and verifiable complaint'. The use concerned should also be contrary to the Acceptable Use Policy of the University of Groningen.
Complaints might come from CERT or could be internal, and thus might be submitted by the network management or be the result of a security scan.
- The term 'complaint' in this document only refers to complaints that can be verified: both the nature of the complaint and the authenticity of the complainant. An 'abuse' report that does not state the authenticity of the complainant and/or the nature of the complaint is not covered by this document. However, after consultation with members of the Security Team, this document can still be declared applicable.
- The complaint will be registered by the back office and handled by the local IT support team, which determines the validity of the complaint. If the complaint is unfounded, the person/agency who filed the complaint receives an e-mail. If the complaint is valid, feedback is sent after the problem has been resolved.
- The nature of the problem may lead to the Security Team immediately disconnecting the IP address involved from the internet. In some cases we use the 'shoot first, ask questions later' strategy. At the request of at least two members of the Security Team and under the responsibility of the Security Manager, the back office can perform the disconnection.
- In the event of a disconnection we will contact the registered user of the disconnected address. If we do not succeed in reaching him/her by phone, we will send a letter with a request to reply a.s.a.p.
- The IP address will be reconnected as soon as the managing IT team has concluded that the problem has been resolved.
- If the same problem occurs several times in one month, the equipment will be disconnected from the internet and the user will be invited to a meeting with at least two members of the Security Team, among them the Security Manager or his deputy. During this consultation the cause of the problem will be analysed and possible solutions will be discussed.
- If the problem reoccurs within a month after the last occurrence it will be brought to the attention of the local manager. A period of disconnection will then be determined in consultation with the manager, and another appointment with the Security Team will be made.
- Before reconnecting, the user must present the equipment to the University crash team for investigation. It is up to the members of the crash team to decide whether a new operating system has to be installed on the computer. If a reinstallation is desirable and the crash team is not able to perform this operation, they can decide to delete all information from the system. The fee for a crash team consultation is (in 2006-2007) €150 per incident.
- This procedure can be repeated again and again. With every repetition, the period of disconnection will be doubled and the costs will be multiplied up to a maximum of four times the initial amount.
|15 June 2016 1.51 p.m.