IU South Bend Networked Servers – Vulnerabilities/Compromise
Adopted August, 2008
Security compromises of IU computing systems, either by way of system configuration problems or data breaches, pose a threat to the University.
Through a variety of network security resources which include intrusion prevention systems, intrusion detection systems and network vulnerability scans, the IU South Bend Information Security Officer (ISO) may become aware of servers which are either compromised or contain a vulnerability which may pose a serious risk of being exploited for the purpose of system compromise.
In these cases, the ISO has the responsibility to ensure that the problem is properly remedied within a reasonable time frame. Servers which remain on the network after being compromised or remaining unpatched, are in danger of being isolated from the IU South Bend network.
Typically, a compromised server should be removed from the network, the drives reformatted and a clean software build restored to it before the server is returned to active status. A server found to have a serious vulnerability should be addressed per IU IT Policy IT-12. http://informationpolicy.iu.edu/policies/IT12.shtml
Serious vulnerabilities are those whereby a known exploit is available in the wild which would give an unauthorized person the ability to exploit the vulnerability to gain access to the system data or to use the system in a way the system administrator does not intend. Systems with serious vulnerabilities which remain unpatched for 1 week from date discovered will be isolated from the IU South Bend network until such time that they are patched.
In cases where the server is used for illegal activity, the server may be confiscated by the ISO or law enforcement pending evidence collection.
Servers should be configured so that scanning by the IU South Bend ISO or UITS is permitted. Please see http://protect.iu.edu/tools/scanners/web for information on scanning settings.