Policies and Procedures


Click here to start

Table of Contents

Policies and Procedures

Quick Overview of Network Security at MIT

What? No firewalls?

MITnet Rules of Use http://web.mit.edu/olh/Rules/

Security Team History

Volume of incoming requests, statistics

Composition of team

Team Rules, AKA, "The Riot Act"

The interchangeable role of staff and students

How we track our cases: Casetracker

First Response

Different situations that call for different responses

General procedures

Machine is doing "something bad"

Machine is compromised, but not actively doing "something bad"

Machine is merely vulnerable

In All Cases:

Another site reports a scan from MIT

Another site says we are scanning them (more)

Another site scans MITnet

Scanning our own network for vulnerabilities

Someone tells us that a machine is vulnerable

Site visits

Checking up

Non-obvious MIT web policies

Non-obvious MIT web policies

Lawyers - who needs them? :-)

Author: Bob Mahoney

Email: bobmah@mit.edu

Download presentation source