What does the 'Port Disabled' email notice mean?

A problem has been identified on a computer attached to the campus network. The e-mail notice is sent to either, the Network Security Contact (NSC) list for the building where the compromised machine/ device is located, to the registered system owner, or to a member on the team responsible for supporting the system. Under the ‘Compromise and Host Details’ section of the message, a reason as to why the port was shut off (Compromise description), Action required to get the port turned back on, and the machine’s (host’s) location details are listed.


Why are ports disabled (turned off)?

Usually this is because the device attached to the network has been determined to be compromised by an unknown person/entity (attacker, hacker or malware) and the information on the computer is in danger. The computer/ device also represents a heightened risk to the campus network by allowing someone, unauthorized to access campus resources. This often leads to additional machines being compromised. The data contained on the machine, especially personally identifiable or protected information may also be of value and the longer an attacker (or malware) has access to a machine, the higher the risk of information being stolen.
A port may also be disabled if the host or device attached to it is disrupting normal network operations or is affecting network performance or services to other users. This includes situations where a machine or device is being used to interfere with or disrupt machines outside of the university.


Why can’t someone directly contact the user of the port?

Servers can be registered and associated with system owner contact information in the Uiowa System Registry or (USR), but for desktops and other personal devices there is no effective way to determine/ establish a direct point of contact.  Until that time, the department Network Security Contact facilitates with locating owners of unregistered devices within units or departments.  To search for a list of Network Security Contacts (NSCs) in your area, go to https://itsecurity.uiowa.edu/nsc/.

The Uiowa System Registry (USR) is a web-based application which allows system administrators to register their system(s) with the Information Security and Policy Office. IT system owners who have identified their servers using the USR application, and appointed a primary and secondary point of contact, will be notified directly in the event of any incident affecting their systems.

What other resources are available to me?

Visit: http://itsecurity.uiowa.edu/incidents/, for additional information how to, get your network port re-enabled, check for ports marked as disabled and see who the NSC contacts are for your unit and more.