Help Desk - Procedure for Proactive Notification of Campus Network (Housing) Quarantined Accounts
Fall 2023 update
Escalate infected computers in Housing cases to Security --> BadgIRT --> Quarantine Campus Network Housing . Please be sure that the case is escalated to the BadgIRT team and not Help Desk.
Network Services and Cybersecurity are developing the new copyright infringement process for campus network users, which includes determining Help Desk's role in the process. This is due to networking changes made in summer 2023 and the Bradford decommission.
Procedure for proactive notification of campus network housing quarantined accounts
The Process
- CSOC receives an alert that a computer is infected on the Campus Housing Network. They send an email to the customer, and an incident is automatically created and escalated to the HDQA queue. The description will contain the user's name, NetID, and infringement. At this point, devices on the Campus Housing Network cannot be quarantined at this time (Internal note: Depending on the severity of the instance the CSOC may disable the NetID).
- HDQA will need to update some fields in the Cherwell incident due to the current settings.
- The incident Requestor field will be set to "Default Customer". Update using the customer's NetID located in the Description.
- The incident will come in with the Call Source set as "Email". Update the Call Source to "Autocall"
- The Service | Category | Subcategory will need to be updated also. Service: Security | Category: BadgIRT| Subcategory: Quarantine Campus Network Housing.
- The Help Desk will cross reference this NetID with the user's name and attempt to locate a phone number for this person. You should check for a WiscIT incident to see if the customer has already contacted us.
- If you can find a phone number, contact the customer and identify yourself using the following script:
Campus Network (Housing) Quarantine Script
"This is X from the University of Wisconsin, Division of Information Technology. Your Campus Network (Housing) connection has been compromised due to virus or malware activity, and we have disabled your access. To resolve this issue, please go to https://kb.wisc.edu/helpdesk/ and search for 9974 and follow the instructions. Once you are done following the instructions, please call the Help Desk at 608.264.4357 and reference your ticket number: ticket number.
-
If you cannot find a phone number, send the customer an email with the script below (In this case, two emails are sent - one from OCIS, and one from the Help Desk):
Email Script for Campus Network (Housing) Quarantine
The Office of Campus Information Security recently detected a device connecting to the Campus Network (Housing) using your NetID to be infected with a virus or malware. In order to mitigate damage to the University network, access to the Campus Network has been disabled for your account.
We will need you to run a virus scan on your system and remove any threats found. Once you have removed the threats, please call us at (608) 264-4357, and we will reinstate your access to these services. For more detailed instructions on this, please see http://kb.wisc.edu/helpdesk/page.php?id=9974.
Please refer to ticket ##### when you call.
- Once you have contacted the customer (either via direct contact through phone, or indirect contact through voice mail/email), take ownership of the incident and follow the procedure for a quarantine/copyright incident in [Link for document 76090 is unavailable at this time] as relevant. Be sure to leave a journal note detailing the actions you have performed. Until this action happens, the customer will still have full access to the Bradford network.
- When the customer contacts us again to let us know that the infection has been removed, confirm their Campus ID and Date of Birth per standard procedure. Take ownership of the case, and follow the procedure in [Link for document 76090 is unavailable at this time] to remove the device from quarantine/copyright violation. Be sure to leave a journal detailing your actions.