<UNSCommunication>

Suspicious and/or Malicious Network Activity Procedure

Moving forward with our goal of providing customers with a secure, reliable, available, and stable Information Technology environment, Unified Network Services/Network Administration is seeking participation from our customers to address reports of questionable network activity.

The Office of Information Technology is the registrant of IP addresses assigned to the State of Ohio by ARIN (American Registry for Internet Numbers). In accordance with state policy and industry best practices, the Ohio Customer Service & Security Center (OCSSC) will notify agencies, boards, and commissions when questionable activity is reported or identified on state networks. Once notified, the customer will be asked to investigate and resolve the issue within the timelines listed below. If the issue cannot be resolved within the specified timeframe, then OIT will work with the customer to block the questionable internet activity from the network until corrective action can be completed.

Based on the possible security implications, the following table defines the classification along with a time allowance to the customer for containment. The OIT will initiate blocking, once the specified time has elapsed.

Classification	Description	Time Allowance Before Blocking
Malicious Activity	Spam - Sending of unsolicited email	24 Hours
Malicious Activity	Scanning Checking for open port	30 Minutes
Malicious Activity	Bandwidth Hog Router/Switch packet rate too high	30 Minutes
Malicious Activity	Access Attempts Unauthorized access attempts	60 Minutes
Malicious Activity	Defacement Public facing web page defaced	60 Minutes
Malicious Activity	Worm Known source of infections	30 Minutes
Malicious Activity	Bot Repeated access to remote control	30 Minutes

Your cooperation in this matter is greatly appreciated. If you have any questions or concerns, please contact the Ohio Customer Service & Security Center at 614-644-0701 or 800-644-0701.