Recently, the Department announced that any system infected with a reproducing virus or worm that has a patch available may have its network access restricted. According to Pat Valiquette, manager of the Academic and Research Computing help desk, systems which have their network access restricted will be redirected to a website containing an explanation of why the system cannot access websites outside of the rpi.edu domain, instructions on how to patch and fix the system, and the steps needed to re-enable full access.

Last week, the new process was tested and ten machines were taken off the network. Valiquette noted that within four days, nine of the ten systems had been patched and put back on the network. This is a large change from the old method of notification which relied on e-mails to notify users that their systems were infected. Director of Academic and Research Computing Sharon Roy stated that this method not only took a great deal of staff’s time, but it also had a high rate of non-response.

Currently, the website only has an explanation of why network access has been restricted and it does not yet allow access to the Symantec or Microsoft websites so that a fix can be obtained. As a result, the user has to take the machine to the helpdesk before it can have access re-enabled. Plans are still being made for a full phase-in and to add the functionality to the website that would allow users to fix their own machine.

According to department numbers earlier this week, there were over 280 systems that have viruses and worms that risk having their access restricted. Network access restriction will be based upon the computer’s hardware network address (MAC) which means that access will be restricted regardless of what port a user plugs their computer into. Network access should be restored within 24 hours after the system is patched.

Roy and Director of Networking and Telecommunications John Bradley wanted to stress that the switch is simply a change in procedure, not a change in policy. In 1998, Roy co-chaired the committee that wrote RPI’s Policy on Electronic Citizenship. The document, which still governs computer use here at RPI, has a paragraph that reads, “Rensselaer reserves the right to terminate any computer network connection without notice should it be determined that network traffic generated from this connection inhibits or interferes with the use of the network by others.”

According to Bradley, as newer viruses and worms hit campus, the time between a patch becoming available and the time that systems risk having their network access restricted will depend upon the threat that the viruses pose to the network. Only viruses and worms that attempt to infect other machines on the network will lead to machines having their network access restricted.