Title of Service: Network Security Services (OxCERT)
Status of Document: This document describes services offered in July 2011.
1.1 The University runs an "open" network, with many means of access to and from the outside world. It has high-bandwidth connections to the Internet, making it a prime target for those wishing to compromise computers to use for further exploits. The devolved responsibility for maintaining and updating systems means that many are vulnerable.
1.2 The Network Security Team (OxCERT) is tasked to:
- Monitor the network
- Investigate suspicious traffic
- Take action, as required: this may include suspension of accounts or of network connectivity to a system; in extreme cases, temporary suspension of network connectivity to an entire college or department may prove necessary
- Inform departmental/college IT support staff (ITSS)
- Advise on procedures for cleanup of compromised systems and accounts, and recommendations for avoiding similar incidents in future
- Publish security bulletins on threats of particular concern to ITSS within the university
- Respond to network abuse reports
2. Summary of IT Services' responsibilities
Hours of Service
2.1 The service operates during normal office hours. Periodic monitoring takes place outside these hours, and informal arrangements exist for staff to be called, but no funding is provided to make this contractual.
2.2 OxCERT will normally aim to respond to requests to remove blocks againsts systems or accounts within one working day. Where a block cannot be lifted immediately, OxCERT will respond detailing the additional actions required.
2.3 Not applicable.
2.4 Not applicable.
Hardware and Software Maintenance
2.5 Not applicable.
2.6 Not applicable.
Administration and Support
2.7 Information for departmental and college ITSS is given at http://www.oucs.ox.ac.uk/network/security/
2.8 All correspondence should be sent to email@example.com.
3. Education and Training
3.1 Not applicable, though OxCERT does provide occasional briefings to IT Support Staff as well as extensive documentation and material online.
4. Summary of client's responsibilities
4.1 Responsibilities are laid out in the University Regulations Relating to the use of Information Technology Facilities and the Information Security Policy.
4.2 Owners and administrators of computers connected to the university network are responsible for ensuring their security, especially against threats which may endanger the security or stability of other university systems or services.
4.3 Network administrators should take reasonable measures to ensure that the source of any abuse arising from their network can be traced. This includes maintaining adequate logs in accordance with OxCERT recommendations, especially where technologies such as Network Address Translation (NAT) are used.
4.4 The client will provide: contact details of the person or persons with responsibility for departmental and college services, with whom IT Services can liaise.
4.5 Clients are expected to respond to requests for information or to take action within a reasonable amount of time. In particular, requests for server or NAT logs are generally high priority and unless otherwise indicated, these should be supplied within four working hours.
5. Premium services
5.1 Not applicable.