Skip to content

News Feedback Submit a Problem Hours and Info glossary its home
  Link icon Internal Use
You are here: Home » Safe Computing » Security » Instructions for Owners of Quarantined Machines
Safe Computing
Folder icon Security
Folder icon System Maintenance
  Folder icon New System Setup
  Folder icon Passwords
  Folder icon Spyware and Adware
  Folder icon Updates and Patches
  Folder icon Viruses
Navigation
Folder icon Accounts & Registration
  Folder icon Case Network User ID
  Folder icon Leaving Case?
  Folder icon Network Registration
  Folder icon New to Case?
Folder icon Connecting to the Network
  Folder icon E-Store
  Folder icon Network Usage Policies
  Folder icon VPN
  Folder icon Wired Local Network
  Folder icon Wireless
Folder icon Email
  Folder icon Filtering Email & Junk Email
  Folder icon LDAP Directory Services
  Folder icon Mailing Lists & Aliases
  Folder icon Sending & Receiving
Folder icon General Computing
  Folder icon File Transfers
  Folder icon Newsgroups
  Folder icon Traveling with a Computer
Folder icon Key Services
  Folder icon Blackboard
  Folder icon Calendaring
  Folder icon Carbonite (Backup)
  Folder icon MyCase Portal
  Folder icon Novell
  Folder icon PeopleSoft
  Folder icon Printing
  Folder icon Software Center
  Folder icon SOLAR
  Folder icon Telecommunications Billing
  Folder icon Voice Over IP
  Folder icon www.case.edu
Print

Instructions for Owners of Quarantined Machines

This page describes what to do if your computer has been quarantined because of malicious network activity.

Case Quarantine Network

This page is the default web site for the Case Quarantine Network.  If you have been automatically directed to this page, then your network faceplate has been quarantined for security reasons.  This quarantine network is isolated from the regular Case network to protect other systems from malicious network activity yet provide a means for the end user to remediate the problems which are common causes for the quarantine process.  You need to contact the Case Help Desk (368-HELP) as soon as possible.

You will have 30 calendar days from the original quarantine date to address problems with your computer.  If a user has not contacted the Help Desk about a quarantined faceplate, the computer associated with the quarantine decision will be de-registered from the network (both wired and wireless).  To restore network services, the user will be required to bring the affected computer to a Case walk-in center, have the system evaluated and cleaned, and pay a network restoration fee.
While on the Case quarantine network, the user's computer will have restricted access to the Case networks.  Services that are available on the quarantine network are:
  1. mail.case.edu  Users can use the Case webmail client to communicate with Help Desk support personnel. 
  2. Microsoft's WindowsUpdate service is available to run updates to the Microsoft Operating systsem.
  3. Symantec LiveUpdate can be run from this network to scan and clean an infected computer.

These are the next steps that you should do in order to get your faceplate back onto the Case network as quickly as possible:

  1. The PerceptIS Call Center has already been notified about your quarantine.  Call the Case Help Desk at 368-HELP (4357).  If there are more computers on the same faceplate (e.g. your room-mate or other lab PCs) your computer may not be the infected one, or may not be the only infected one.  Tell them that you are on the quarantine network.  Please do not unplug or move your computer.  (Note that during some quarantines which are part of a security incident response a technicial analyst may be dispatched to evaluate the computer.  If this is the case the Help Desk will inform you to leave the computer unmodified until a first-responder has evalauted the computer.)
  2. The Help Desk will guide you through a clean-up process.
  3. You need to WindowsUpdate and install all Critical Updates. You can do so by clicking here. It is helpful to have Automatic Updates configured.  
  4. Update your Symantec antivirus definitions and run a full system scan.  Note that antivirus products will find a problem if there is a known signature.
  5. Update your spyware scanner's definitions and run a full system scan.
  6. If your system has a root-kit installed, back up your data and prepare to rebuild.  Experience has shown that the time spent cleaning often breaks OS functions, and is better spent in rebuilding the installation and configuring for more managed operations.
Please note the results of each step or if you are unable to perform them.

Common reasons for a quarantine:

  • part of a larger security incident- to prevent spreading of malicous software
  • an infected host with a spyware or 'bot client, usually identified as scanning the Case network or excessive malicious activity on network sensors
  • a user performing activities in violation of the Case Acceptable Use Policy (probing, scanning, unsanctioned 'security testing' of the hosts on the network)
  • any host that exceeds the mail transfer threshold is auto-quarantined to prevent spambots from causing the  case.edu domain from being blacklisted (this has happened to Windows and unix hosts)
What are the root causes of these problems (as reported by the Help Desk)?

  • "The user was running Windows XP SP1 and had not updatded patches in a long time"
  • The user had been attacked via AOL Instant Messaging
  • The user installed a peer-to-peer music service that was vulnerable to network attack.
  • The server was running a version of Apache which was in need of patching; it was administered by a third party services.
  • The user's system was compromised by a malicious spam email message that used the WMF extension overflow.
  • A faculty member demanded the server run an ftp service so they could scan images with the copier and upload them the server.  The ftp service was world-writeable, and the server became a covert server for pirated german-language movies.
November 22, 2009

The ITS Help Desk is OPEN.

Important Links
Link icon Users who have been Quarantined
2007-08-06
Link icon How to Register a New Computer
2007-07-13
Link icon How to set up Wireless
2007-07-13
Link icon Student Printing Page
2007-01-29
Link icon Case Password Reset Tool
2006-10-02
Link icon Welcome to Case!
2006-08-30
Link icon Buying a computer to use at Case
2006-05-09
Link icon Robust password change
2006-01-05
Link icon Windows XP Configuration Guide
2004-05-03
Link icon Spam Control Instructions
2004-05-03
Known Issues
News icon Updated Telecom Billing Information
2007-12-13
News icon Upcoming help.case.edu upgrade
2007-11-09
News icon ATTN: New Users with Windows Vista
2007-08-23
News icon Customer Satisfaction Survey Improvement
2007-07-13
News icon Welcome to Case!
2007-05-24
News icon Symantec Antivirus versions 10.1.5 and 10.2
2007-04-03
News icon Software Center Download Reset Request Form
2007-03-08
News icon PerceptIS has moved!
2007-02-26
News icon Student Financial Aid website under construction
2007-01-05
News icon Account Alert messages
2006-12-18
News icon Intermittent Issues Sending Email to AoL or Yahoo accounts from Case
2006-12-08
News icon New version of Internet Explorer Web Browser released
2006-11-21
News icon Planned network outages
2006-09-29
News icon OneCommunity Wireless Broadband Project
2006-09-15
News icon Student printing service page--NEW!
2006-08-30
News icon Apple issues battery recall
2006-08-28
News icon SOLAR outage for Macs
2006-08-15
News icon Dell recalls some types of laptop batteries
2006-08-15
News icon Windows update advisory
2006-08-11
News icon Help Desk self-support tool available on my.case.edu
2006-08-03
www.case.edu - www.plone.org - my.case.edu
Case ITS Help Desk | (216)-368-4357 | submit a ticket online | legal notice