Merit Joint Technical Staff
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Merit's Internet Abuse Policy
- From: Mike Mosher
- Date: Mon Jul 20 15:42:16 1998
Merit has recently published an Internet Security and Abuse Policy
document on the web at:
http://www.merit.edu/michnet/policies/abuse.html
Since Merit feels this is an important topic for all sites, and Merit
is asking all sites to create an email address (read below), I am
including the entire abuse document below.
Feedback is always encouraged and welcome.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Dealing with Internet Abuse at Merit and on MichNet
As the Internet has grown, there also has been a steady growth in the
number and variety of Internet "abuse" cases. Internet abuse encompasses
all sorts of negative acts, from e-mail spamming to network-based hacking
to personal crimes including stalking and harassment.
As a result of these unfortunate side effects of growth, Merit receives an
ever-increasing number of abuse reports from Internet users and network
providers, both within MichNet and from the greater Internet.
The purpose of this memorandum is to promote effective mechanisms for Merit
and organizations connected to MichNet to use in dealing with such
incidents.
Reporting Abuse (and Receiving Abuse Reports) Effectively
To receive reports about Internet abuse, Merit supports an email alias
named:
abuse@merit.edu
This email address is widely published in the Internet community as the
preferred way to report abuse incidents involving traffic carried on
MichNet. Messages to this address are received by several MichNet
managerial and system administration staff who work to resolve serious
abuse issues. Merit prefers this mechanism for Internet abuse reports
because it allows everyone involved to create and exchange a written record
of incidents.
It is becoming a standard practice for all organizations on the Internet to
support an
abuse@my-domain-name
alias on their email servers. We encourage all Merit members and
affiliates to create such an abuse alias, and to subscribe the appropriate
staff to receive email sent to the alias. RFC-2142 describes Internet
mail addresses to be used when contacting personnel at an organization.
When setting up an abuse alias, keep in mind that there are significant
advantages to having a group of staff, rather than a single individual,
receive reports of abuse incidents. First, multiple coverage allows
individuals to go on vacation or otherwise be away from e-mail without
abuse reports being ignored. Second, in serious cases--especially those
involving law enforcement agencies--it is always better to have several
people aware of the incident and of the site's plan of action.
Responding to Serious Incidents
If you have a serious on-going Internet security incident that needs
immediate attention, you should phone the MichNet Network Operations
Center (NOC). The NOC is open 24x7, every day of the year, and follows
protocols for contacting staff as needed to respond to emergencies, any
time of the day or night. If you don't have the phone number of the NOC,
contact your Merit Internet Consultant.
Do not report serious on-going incidents to abuse@merit.edu since that
list is not monitored 24 hours a day 7 days a week. The NOC will provide
much faster response to serious on-going incidents.
Serious on-going incidents include: when the health or safety of an
individual is at risk or threatened, network accessible data of a
confidential nature will be disclosed, network accessible data that is
difficult or impossible to replace will be lost or damaged, or on-going
incidents that seriously disrupt network use by others. These types of
incidents should prompt you to immediately call the MichNet NOC.
In some cases an incident is so serious that in addition to calling the
NOC you may want to contact law enforcement agencies.
If you have a possible abuse situation that you need help investigating, or
need help sorting out what is or isn't acceptable under the MichNet
Acceptable Use Policy, you can send e-mail to abuse@merit.edu or contact
your Merit Internet Consultant. Merit is willing to consult with Merit
members and affiliates to help determine the appropriate response to abuse
incidents.
Actions You Should Implement
There are a few technical steps that you can take to limit and help recover
from Internet abuse incidents:
--Limit anonymous access to and from your systems.
--If you must allow anonymous access, limit what can be done from the
anonymous session to local activities that are not likely to cause
problems for others elsewhere on the Internet.
--Develop and publicize your own Acceptable Use Policy.
--Include information about acceptable Internet use in staff and
student orientation and other classes that you offer.
--Help your staff and students understand the importance of selecting
good passwords and give them examples of what are and are not good
ways to pick passwords.
--Log information that will allow you to identify individual
users or locations if you are called upon to investigate a complaint.
--Inform your users that while you don't routinely monitor
network activity, you can trace most access using IP addresses or
logged information about userIDs used to authorize sessions.
--Inform your dial-in users that Merit logs the Access IDs used to
authorize dial-in sessions and will use this information to investigate
complaints.
--Configure your e-mail servers to log the IP addresses and domain names
of the systems that submit messages. This information should be included
in the headers of the messages that your systems forwards.
--On UNIX systems, be a good Internet neighbor and run identd (ident
daemon). Remote hosts can query this background process to see who is
initiating a connection. Identd, used potentially by any TCP services
(e.g. sendmail and ftp), gives the remote system more detailed
information on individual userIDs than is available from ordinary
logs. For details on the ident protocol, see RFC 1413. Identd is
publicly available at:
ftp://ftp.lysator.liu.se/pub/ident/
Much of the information in this memo was taken from an article that
appeared in the Summer, 1997, issue of MichNet News. This article is on
the Merit web site at:
http://www.merit.edu/michnet/michnet.news/mnn.1997-02/net-abuse.html
The MichNet Acceptable Use Policy (AUP) is online at:
http://www.merit.edu/michnet/policies/acceptable.use.policy.html
Online Resources for Handling Network Abuse
Information on writing Acceptable Use Policies and handling network abuse
is widely available online. Try starting with these sites:
Sample Policies and Tips for Writing AUPs:
EFF's CAF Academic Computing Policy Statements Archive
http://www.eff.org/pub/CAF/policies/
K-12 Acceptable Use Policy Examples
http://www.trc.org/aup.htm
http://www.etc.sccoe.k12.ca.us/caltip/aups.html
http://www.crminc.com/aup.htm
Information on Spams:
Collection of anti-spam links and resources
http://spam.abuse.net/spam/
The Coalition Against Unsolicited Commercial Email (CAUCE)
http://www.cauce.org/
Mall-Net's Spam FAQ
http://www.mall-net.com/spamfaq.html
The Internet Junkbusters
http://www.junkbusters.com/
Newsgroup on Network Abuse
news.admin.net-abuse.misc
--{-~"~-} {-~"~-} {-~"~-} {-~"~-} {-~"~-} {-~"~-} {-~"~-} {-~"~-}--
Mike Mosher | mmosher@merit.edu
Manager for MichNet User Services | http://www.merit.edu
Merit Network, Inc. | phone: 734.936.0287
4251 Plymouth Rd. Ann Arbor, MI 48105-2785 | fax: 734.647.3185
|
