Network Abuse Shutdown Procedure

1.0 Overview

Occasionally a computer causes enough of a disturbance on the network that it must be removed from the network.

2.0 Purpose

This procedure is designed to specify, step-by-step, the actions that must be taken to facilitate the forced removal of a computer from the Clarkson University computer network.

3.0 Scope

This policy applies to any OIT staff member.

4.0  Policy

Once it has been deemed it necessary to terminate network access, the following information must be gathered.

  1. Fine Acceptance Form – this form is generated automatically by entering the information regarding the shutdown into the Online Port Shutdown Tool (found at http://www.clarkson.edu/oit/network/shutdown)
  2. Proof of registration (if registered) – this page should be printed from the NetReg admin tool (http://netreg.clarkson.edu/admin/admin.cgi)
  3. Printout of Network Access Termination email – this is the email that will be sent to the user informing them of the reason for the shutdown
  4. Printout of complaint email (if appropriate) – this is the email that was received from the RIAA, MPAA, BSA, etc.
  5. Electronic packet capture of offending traffic with a printout of representative sample (if appropriate) – An ethereal capture should be performed to capture the offending traffic, if possible.  A printout of a representative sample should be made.
  6. Printout of DHCP logs– from dns or omnigate, obtain an appropriate DHCP lease history for the IP address in question

Once this information has been gathered, it should be presented to either the Director of Network Services or the Manager of Network Operations.  Upon receiving either of their approval, a shutdown may be processed by first contacting the user to request that their computer be removed from the network.  If the user refuses or is unreachable, then the port should be shutdown.  Following a shutdown, a Network Access Termination email should be sent to the user.

4.1  Virus/SPAM Activity 

Once the user has been contacted or the port has been shutdown, the process should follow these steps:

  1. User brings computer to the HelpDesk
  2. An OIT representative shall examine the machine, looking for indications that the Clarkson University anti-virus package is installed.
  3. If the Clarkson University anti-virus package was installed, then the machine shall be disinfected at no charge and no fine shall be assessed.
  4. If the Clarkson University anti-virus package is not installed, then either:  (i) a fine shall be assessed, but no bench fee shall be required; or (ii) a fine shall not be assessed, but a bench fee will be required.

4.2  Acceptable User Policy Violation

Once the user has been contacted or the port has been shutdown, the process should follow these steps:

  1. User comes to the HelpDesk to speak with either the Director of Network Services or the Manager of Network Operations
  2. A fine is assessed

5.0 Enforcement

Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including a formal written letter of corrective action.

6.0 Revision History

Draft Policy – 21 February 2006 – jfiske

Draft Policy – 24 February 2006 – jfiske

Draft Policy – 11 February 2009 – jfiske

Approved Policy v1.0 – 4 November 2013 – jfiske