FAQ: Turning Off Network Ports
What does the 'Port Disabled' email notice mean?
A problem has been identified on a computer attached to the campus network. The email notice is sent to either, the Network Security Contact (NSC) list for the building where the compromised machine is located, to the registered system owner, or to a member on the team responsible for supporting the system. Under the ‘Compromise and Host Details’ section of the message a reason as to why the port was shut off (Compromise description), Action required to get the port turned back on, and the machine’s (host’s) location details are listed.
Why are ports turned off?
Usually this is because the host attached to the network has been determined to be compromised by an unknown person/entity (attacker, hacker or malware) and the information on the computer is in danger. The computer also represents a heightened risk to the campus network by allowing someone unauthorized to access campus resources. This often leads to additional machines being compromised. The data contained on the machine, especially personally identifiable or protected information may also be of value and the longer an attacker (or malware) has access to a machine, the higher the risk of information being stolen.
A port may also be turned off if the host or device attached to it is disrupting normal network operations or is affecting network performance or services to other users. This includes situations where a machine or device is being used to interfere with or disrupt machines outside of the university.
Why can’t someone directly contact the user of the port?
Servers can be registered in USR with direct contact information (see below), but for desktops and other personal-use computers we don't have an effective way to determine the user for a direct contact. Until that time, your department Network Security Contact is responsible to play that role. The list of Network Security Contacts can be found by using this search (only available on campus).
The Uiowa System Registry (USR) is a web-based application which allows system administrators to register their system(s) with the IT Security Office. IT system owners who have identified their servers using the USR application, and appointed a primary and secondary point of contact, will be notified directly in the event of any incident affecting their systems.
I have a Mac, why was I shut off?
Though the majority of security threats are against Windows machines, no operating system is immune to infection or compromise. No matter what your operating system is, the basic discipline of keeping it up to date, turning on the firewall, using an automatically-updated anti-virus client, installing programs only from trusted sources, keeping good backups, and never opening unexpected attachments or clicking unexpected links, are equally important.
What other resources are available to me?
To have your network port re-enabled, check for ports marked as disabled, NSC contacts and changes, and incident resources, visit: http://cio.uiowa.edu/itsecurity/incident/