Wireless PennNet Disconnect Process

See below for process of determining LSP and school.

1. A computer is identified as compromised (by Security, as identified by internal scans or reports or external reports), infected (by ProDesk) or a threat to the network (by Security or NOC).

2. Security or ProDesk requests a port trace or PennKey lookup from the NOC based on either: 1) the computer's IP address and timestamp, or 2) the computer's IP address and MAC address (when available).

3. The NOC determines and reports the associated wireless MAC address, location (i.e. wireless area such as College Green, Houston Hall, Wharton, etc.), PennKey, and the user's full name to the requester. Requester reports this information as well as timestamp to the LSP and to the user's school (if different).

4. Next step depends on threat level:

* If the threat is severe, the NOC immediately disables wireless access for the PennKey using the following steps:

o disconnect any existing session
o disable future connections to any wireless PennNet location
o generate a disconnect case in Remedy (ISC Net-Maint - Network Security - PennKey Disable)
o notify LSP (and the user's school, if different) of the disconnect, associated PennKey and MAC address, and disconnect case ID number
o resolves disconnect case in Remedy

* In the event of a minor initial incident, Security notifies the LSP but there is no disconnect. Security will provide LSP with the PennKey, IP and MAC addresses and timestamp.

* If the problem continues, and Security has received multiple additional reports regarding the same MAC/IP having the same associated PennKey, request originator (Security or ProDesk) notifies the LSP (and user's school, if different) of disconnect and requests same from the NOC via a Remedy request (ISC Net-Maint - Network Security - PennKey Disable). In all cases, the LSP should be given symptoms and disconnect case ID. NOC does the disconnect, records when the wireless access has been disabled and resolves the disconnect case.

5. When wireless access has been disabled for a user, they will see this page the next time they try to connect to Wireless PennNet: http://netview.isc-net.upenn.edu:1950/wireless/denied.html. Other uses of their PennKey will not be affected.

6. The LSP should ensure that the user's computer is cleaned or reformatted and patched. The LSP also should record the associated wired MAC address (where multiple network interfaces exist).

7. The LSP contacts the ISC group that notified them of the disconnect. The LSP should provide the PennKey, IP address, wired and wireless MAC addresses, disconnect case ID, and description of the resolution.

8. The same ISC group submits a request via Remedy (ISC Net-Maint - Network Security - PennKey Re-enable), asking NOC to re-enable PennKey wireless access, with reference to the disconnect case ID.

9. The same ISC group searches for any port disconnect cases containing the wired MAC address.

10. If wireless disconnect cases exist, the same ISC group submits a request via Remedy, asking the NOC to re-enable the wired port(s).

11. In one business day (minimum), the NOC will re-enable wireless access, let the requesting ISC group know, and resolve the reconnect Remedy case. The requesting ISC group in turn should notify the LSP.

Determining LSP and School:

1. Security or ProDesk look up PennKey in email field of Online Directory (not Remedy).

2. If that is not sufficient to determine LSP/school, look up organization (for faculty and staff) or school and address (for students) in PennCard view PCADMIN.PERSON_ADDRESS and Penn Community SSN4 view COMMADMIN.AFFILIATION.

3. Based on address, determine if student is supported by College House ITAs, CRC and First Call (students living off-campus or in Sansom Place East or West), or Greek ITAs.

4. If LSP can be determined using these steps, proceed with disconnect. Otherwise, do not proceed unless activity is causing an outage for PennNet users.

5. Revisit this process if necessary.