UH IT Cyber Security Guidelines
The U.S. Department of Homeland Security may raise the threat level from the current 'yellow' condition to either 'orange - a high threat' level, or 'red - a severe threat' level in the future. The UH-IT Division will execute a series of steps which will address each of these threat levels.
When the Homeland Security Department announces an increase to 'Orange', the IT Division will increase the level of monitoring and verify our security readiness posture. This will be accomplished by the following:
- Contact technology providers and determine if any preventative measures need to be applied to equipment or software;
- Confirm availability of backup and recovery resources that may be needed;
- Focus IT resources on network monitoring and immediately disconnect computer systems with suspicious network traffic. (Restoration of service will have a reduced priority);
- Verify network configurations are ready to implement for threat level red;
- Contact services and facilities that will be used upon increasing threat level to red;
- Have System Administrators and technical support staff verify that all computer systems are at the appropriate version levels, including 'patches'. Also, resolve any open concerns detected in a security scan of each system. The results will be reported to IT and the college or division management;
- Require that System Administrators and technical support staff monitor each computer system's logs daily for detecting abnormal activity and report any suspect activity to IT security.
When 'threat level red' is announced, IT will immediately restrict the level of security exposure by changing how network communications are handled. This restriction will be enabled after briefly disconnecting all Internet services. This restricted processing of network traffic (safe mode) minimizes the threat exposure of all university computers by permitting only certain types of services and network communications to and from the Internet. The time that IT intends to maintain this restricted level is brief - a few hours or a day at most. This shift from 'permit all but special cases' to 'deny all but special cases' will be accomplished by:
- Restricting Internet connections to all but identified critical services (like the administrative systems and network infrastructure components);
- Filtering out all communications except for web browsing and email from IT managed mail servers;
- Limiting special software applications (like File Transfer Protocol (FTP) and TELNET) to specific computers;
- Providing remote access to university computers through a Virtual Private Network (VPN) service. The IT Help Desk will assist users in connecting through this service;
- Restricting all Instant Messaging (ICQ and others) and Peer-to-Peer (P2P) applications. The IT Help Desk will assist reconnecting any critical needs for these services;
- Verifying authenticity of critical communications sent via email;
- Filtering off the network machines that have security concerns (identified during threat level Orange);
- Continuously monitoring the network.