What is quarantine?
CWRU UTech Information Security and Network Engineering monitor network sensors to track malicious activity and overuse of campus resources.
Quarantine is imposed on faceplates, to isolate computers involved in malicious traffic on the campus network. Computers attached to a quarantined faceplate have limited access to the network.
Why do computers get quarantined?
Quarantine is imposed on an entire faceplate in order to isolate the threat from the rest of the campus network. If a host registered in your name has been detected in the act of:
- Aggressive port-scanning hosts (on or off-campus)
- Connecting to a known botnet Command-and-Control node
- Miscellaneous activities that violate the CWRU Acceptable Use Policy (e.g., man-in-the-middle attacks, unsanctioned 'security testing' of hosts on the network, using excessive bandwidth)
How do I get out of quarantine?
Once quarantined, you have 30 calendar days from the original quarantine date to contact the Service Desk at 216.368.HELP (4357) regarding the quarantine issue(s).
Hosts that spend longer than 30 days in quarantine will have their network registration disabled.
Restoring the faceplate to service
Do not unplug your computer or move it to another faceplate.
Call the UTech Service Desk at 216.368.HELP (4357) to resolve the issue. Tell the analyst who answers that you see the quarantine notification page.
The analyst will ask for details about your system including:
- Registered hostname
- MAC address
- MalwareBytes log
The analyst may also request to control your computer remotely in order to diagnose the problem.
Often the most effective remedy for quarantine issues is to reload your operating system. If this is necessary, the analyst will assist in backing up critical documents and advise of necessary next steps.
The Service Desk analyst will verify that the minimum standards for release from quarantine have been met, including:
- Antivirus software installed and running up-to-date definitions
- Automatic Updates configured
- Operating System fully patched and up-to-date
- The quarantine network will allow traffic to and from Symantec
- Automatic Updates and Microsoft Windows Updates.
Remember, any or all computers that share a faceplate (e.g. your roommates, lab computers) may be infected. Before your faceplate is restored to full service, all computers connected to the faceplate must have been certified for release from quarantine.