UD Computer Security

Computer Security Incident FAQs

 
  Computer Security Incident FAQ Main Page

Security Breach Procedures

Protecting Personal Non-Public Information

Responsible Computing
A Manual for:

   Staff
   Students

Student Guide to University Policies

Computer Security Home

What happens when UD IT-Security detects
a compromised system on the network?

  A system is removed from the UD network to protect the data on that computer from misuse or theft, to protect other computers on the network from being attacked and maintain the health of the network.

UD IT Security continuously monitors the UD network for traffic patterns that are symptomatic of compromised systems - e.g., port scanning, spamming, etc. When a system's network flow patterns fit the profile of a compromised machine, it is removed from the UD network to prevent it from attacking other systems and/or disrupting the health of the network.

After the suspected computer's network connection is disabled, a mail message is sent from UD IT Security (secadmin@udel.edu) to the UD network registrant or other contact person, describing the problem and necessary recovery steps. The network connection will be re-enabled after the system has been cleaned and all other requirements have been completed.


Return to Computer Security Incident FAQs


Questions / comments?
Copyright © 2006, University of Delaware