A number of serious network abuses have occurred recently within the campus network: external attacks have compromised department computers, and non-university sites have been attacked from within the campus network. Examples of incidents include the use of university resources to illegally sell copyrighted material, an attack launched from a UC Davis library computer that took down an external Web site, and unauthorized access to a departmental server. A number of attempts to break into the campus network and secured campus computers are detected each day. Any of these attacks could cause severe damage to shared and individual electronic resources, such as email or computer files.

To understand the potential severity of a breach in network security, it's important to realize that if your computer is on while connected to the network, your hard drive is vulnerable to attack from any other point in the network. (This makes it especially important to back up your files if your computer is connected to the network.) It may be helpful to think of network security as the hull of a ship. A boat is only as sound as the thin layer separating what's inside from what's outside. Data corruption, loss and theft are all possible outcomes of a successful network attack. As the population of campus computer users grows, the number of tempting targets increases. This increases the likelihood that such damaging incidents will occur. So, unless steps are taken to protect the campus network, the risk continues to escalate over time.

Until February, no official policy existed to control and respond to network security breaches or violations. So, the Network Policy and Oversight Committee (NPOC) drafted the Emergency Network Security Policy immediately delegating network protection authority to the Network Operations Center (NOC). The NPOC plans to release an Interim Network Security Policy by the end of the 1998-99 academic year, with a finalized Network Security Policy scheduled for release in January 2000.

Developing a network security policy is a challenge, as the policy must not only foster sharing of computing resources, but also assist in minimizing risks to those resources. The final policy will address difficult and sensitive issues, and will therefore require extensive consultation with the campus community. As an institution of higher learning, UC Davis has a responsibility to serve as an example of a "good network neighbor" to the Internet community at large. The NPOC is deliberating on these issues as it moves toward a finalized Network Security Policy.

The Emergency Network Security Policy assigns the Network Operations Center (NOC) the purview to monitor network traffic and halt suspected network abuse. In the event of a potentially serious network incident, the Emergency Network Security Policy also grants the NOC authority to temporarily isolate systems, disconnect devices, and/or revoke network privileges. In cases where the local network administrator cannot be reached, or is unable to comply with a request from the NOC for assistance in trouble-shooting, network access may be suspended without notification.

These powers are aligned with the officially adopted UC Electronic Mail Policy and "Business and Finance Bulletin IS-3: Electronic Information Security" issued by the University of California Office of the President (UCOP). While enforcing this policy, every effort will be made to identify legitimate causes of peculiar network behavior before corrective actions are taken. The NPOC will act as a mediator in the event a system is inadvertently affected while trouble-shooting a potential network abuse and a formal complaint is made. Due judicial process will be provided to persons whose network privileges have been revoked. The final policy will require coordination between the NPOC and Student Judicial Affairs, Human Resources, the UC Davis Police, and other campus units that oversee the conduct of students, faculty, staff, and non-university individuals.

Wendy Phillips, Senior Writer with IT-Communications Resources, contributed to this article.

Resources
Please refer questions about the Emergency Network Security Policy to IT-Communications Resources Director Doug Hartline (jdhartline@ucdavis.edu) or Network Operations Center Manager Kevin Rhodes (kcrhodes@ucdavis.edu). For more information on electronic resources policies, including the UC Electronic Mail Policy (reissued March 23, 1998), the "Business and Finance Bulletin IS-3: Electronic Information Security" (issued by UCOP on November 12, 1998), and the UC Davis Computer and Network Use Policy, point your Web browser to http://it.ucdavis.edu/policies.html.

Plan of action to protect the campus network as outlined in the Emergency Network Security Policy

The Network Operations Center (NOC) monitors the network in order to detect potential network abuse. The NOC and other campus units investigate when a network abuse is detected. The NOC then promptly communicates suspected network abuse to affected network administrators and other groups as appropriate. In the event a port is shut down, the NOC notifies the Associate Vice Chancellor of IT within 24 hours of the action taken and maintains records of network security activities. The Network Policy and Oversight Committee mediates and resolves cases if issues arise from the above actions.