1.1 The University runs an "open" network, with many means of access to and from the outside world. It has high-bandwidth connections to the Internet, making it a prime target for those wishing to compromise computers to use for further exploits. The devolved responsibility for maintaining and updating systems means that many are vulnerable.
- Monitor the network
- Investigate suspicious traffic
- Take action, as required: this may include suspension of accounts or of network connectivity to a system; in extreme cases, temporary suspension of network connectivity to an entire college or department may prove necessary
- Inform departmental/college IT support staff (ITSS)
- Advise on procedures for cleanup of compromised systems and accounts, and recommendations for avoiding similar incidents in future
- Publish security bulletins on threats of particular concern to ITSS within the university
- Respond to network abuse reports
2.1 The service operates during normal office hours. Periodic monitoring takes place outside these hours, and informal arrangements exist for staff to be called, but no funding is provided to make this contractual.
2.2 OxCERT will normally aim to respond to requests to remove blocks againsts systems or accounts within one working day. Where a block cannot be lifted immediately, OxCERT will respond detailing the additional actions required.
2.7 Information for departmental and college ITSS is given at http://www.oucs.ox.ac.uk/network/security/
2.8 All correspondence should be sent to firstname.lastname@example.org.
4.1 Responsibilities are laid out in the University Regulations Relating to the use of Information Technology Facilities and the Information Security Policy.
4.2 Owners and administrators of computers connected to the university network are responsible for ensuring their security, especially against threats which may endanger the security or stability of other university systems or services.
4.3 Network administrators should take reasonable measures to ensure that the source of any abuse arising from their network can be traced. This includes maintaining adequate logs in accordance with OxCERT recommendations, especially where technologies such as Network Address Translation (NAT) are used.
4.5 Clients are expected to respond to requests for information or to take action within a reasonable amount of time. In particular, requests for server or NAT logs are generally high priority and unless otherwise indicated, these should be supplied within four working hours.