Skip to main content
Penn Information Systems & Computing Systems Home

Search form

System Status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Cloud Solutions
      • Data Center & Colocation Solutions
      • Database & Application Platform Support & Consulting
      • Endpoint Management
      • Recovery Solutions
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • LinkedIn Learning
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • PennBox
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • PennNet
        • Network Names & Numbers
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
  • Collaborations
    • Computing Policies
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Penn IT Strategic Plan
    • Cloud First
    • Next Generation Unified Communications
    • Penn Bot
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee (PTIC)
        • About PTIC
        • The PTIC IT Development Fund
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • Strategic Goals
    • Recognition
    • Staff Profiles
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get IT Help
    • Help for Students
    • Help for Faculty & Staff
    • Help for Alumni
    • Help for Guests & Others
    • Resources for IT Staff

You are here

Home » Policy on Computer Disconnection from PennNet

Policy on Computer Disconnection from PennNet

Background: A well functioning network is critical to the research, academic, and service missions of the University. Information Security has documented an increasing frequency of computer intrusions that threaten the integrity of PennNet. The capacity of entire departments to teach and conduct research has been limited as a result, and sensitive data have been at risk of unauthorized disclosure. At times, rapid response is required to protect the integrity of systems, data, and those that rely on them. Inefficiency sometimes results because the owners of the penetrated machines can not be located. Disagreements arise over the magnitude and immediacy of the problems without a formal mechanism for resolving conflicts.

Certain types of misconfiguration of Penn systems, intentional or otherwise, can have serious and detrimental consequences. Examples include using another host's Internet Protocol address ("IP Spoofing") or misconfigured networking protocols. Normal operation of Penn computers, and even computers elsewhere on the worldwide Internet, can be compromised. Networks can become so congested that network traffic can not get through.

Purpose: The goal of this policy is to protect the academic missions served by Penn's computers and networks from disruption.

Policy: Information Systems and Computing (ISC) will disconnect from PennNet any computers that have actually damaged or pose an imminent threat of harming the integrity of PennNet.

Scope: This policy only applies to computers and devices attached directly or indirectly to PennNet, including improper or defective "daisy-chain" connections and private Local Area Networks with active networking components connected to PennNet wallplates and hosts.

This policy does not address removing computers from PennNet for reasons related solely to their content.

Implementation: Systems administrators must report serious computer security incidents to the University Information Security Officer. Serious computer security incidents will be defined as those that jeopardize the integrity, privacy and/or availability of other computers and networks. Examples of serious computer security incidents include break-ins where privileged accounts (e.g. UNIX "root" account, or NT "Administrator" account) are used without authorization, incidents where network traffic is monitored without authorization, and incidents where Penn computers or networks are either the source or the target of "denial of service" attacks. The Information Security Officer will coordinate the response to computer security incidents, including notifying campus systems administrators, law enforcement officers, external sites, incident response teams and University offices as appropriate.

Authorized actions: If, in the judgment of the Vice Provost for ISC (VPISC) or his/her designate, criteria are met which suggest that a system poses a significant and immediate threat either to:

The security of other Penn computers and networks, or

The continued operation of Penn networks and computers,

and the problem cannot be resolved expeditiously through collaboration between the computer owners and ISC, then ISC will notify senior management of the department or unit and will require the owners to remove the computer from the network until the problem is solved.

Absent/Unidentified Owners: If ISC is unable, using the Assignments database, to identify a system owner or Local Support Provider (LSP), ISC will move unilaterally to protect the network by disconnecting the threatening system.

Disputes: In cases where there is a persistent disagreement between ISC and the owner of the perceived threat, ISC must notify the owner and the LSP of the following information in writing:

  • The reason for the disconnection
  • What steps must be taken for the network connection to be restored
  • How to arrange for the system to be reconnected
  • The process of appealing a decision to disconnect

When the owner of the system has taken the steps necessary to correct the problem, ISC will restore the PennNet connection as soon as possible.

Appealing a Decision to Disconnect: The Council Committee on Communications shall appoint a subcommittee to review appeals of decisions to disconnect computers. The subcommittee will consist of:

  • At least four members of the faculty appointed by the Committee on Communications, one of whom to serve as chair.
  • VPISC or her/his designate
  • University Information Security Officer or her/his designate
  • The Committee on Communications may designate alternates to serve on the hearings of an appeal when its appointees are unavailable.

The owner of a disconnected system who believes that the threat that the system posed is outweighed by the impact of its disconnection on their academic mission may appeal the decision by documenting this belief in writing to the chair of the subcommittee. The chair or her/his designate may resolve the dispute amicably; failing this it will be heard formally by the subcommittee. The subcommittee will resolve conflicts as rapidly as possible within the constraints of fairness. It will establish and follow its own operating procedures.

If the subcommittee does not begin the proceedings within 5 working days in cases where the issue is a threat and not actual harm, or 30 working days in cases where ISC can document actual harm, the subject system must be reconnected. Once the subcommittee has begun the process, time limits will not be imposed.

In considering appeals, the subcommittee will balance the value of leaving machines connected against the associated risks. Its decision will be final. The only recourse for faculty whose appeals are denied will be to the Senate Committee on Academic Freedom and Responsibility. ISC may not appeal. However, it may re-disconnect the computer and restart the entire process whenever another trigger event is detected.

System owners who believe that their freedom of expression has been unduly infringed may, under the Guidelines for Open Expression, request that the Committee on Open Expression determine if the Guidelines were properly interpreted and applied to the disconnection of their system.

Interpreting this policy: As technology evolves, questions may arise about how to interpret this policy. The VPISC may as needed, after consultation with the Council Committee on Communications, publish specific rules interpreting this policy.

Advice: To minimize the likelihood of a serious computer security compromise, campus systems administrators are encouraged to configure their systems in accordance with the following standards:

https://www.isc.upenn.edu/security/bestPractices

Glossary

Assignments Database: A computer database provided by ISC Networking where Local Support Providers maintain information about PennNet connected computers, including the network address, operating system, and contact information. For more information about how to maintain records in the Assignments Database, contact:

security@isc.upenn.edu.

Denial of Service Attack: An attack where someone takes up so much of a shared resource that insufficient is left for others. Denial of service attacks threatens the availability of resources, including computer processes, disk space, or network capacity among other things. The result is a degradation or loss of service.

Local Support Provider: Departments/Units at Penn appoint Local Support Providers to provide information technology support locally.

 

Visit ISC on LinkedIn

Print
InfoSec Home
Resources
  • IT Policy Committee (ITPC) 
  • Information Security Policies & Procedures
  • Information Security Best Practices
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2023 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff