ITSC Security Notices and Action

Common ITSC security notices are given below for reference:

Compromised Host

ITSC has strong evidence that attackers have gained unauthorized access to the computer.

ITSC action

  1. Host blocked from network access to prevent further damage.
  2. ITSC emails relevant network log message and location host information to Cyber Security Cordinators.

Your action

  1. Read the log message that triggered the ITSC notice.
  2. Reply to ITSC if you believe the alert is “false-positive”.

Otherwise

  1. Check and clean up the infection or re-install the machine.
  2. Reply to ITSC with evidence that the above action has been taken.
  3. ITSC will re-enable network access.
  4. Reset users’ passwords compromised by using this host.

ITSC will enforce re-installation if the host is found to be compromised again.

Suspicious Host

ITSC detects suspicious network activities but is not sure the host has been compromised. This may be due to rogue software or adware, ill-fate downloader being installed, or malware being downloaded.

ITSC action

  1. ITSC emails related network log message and host location information to Cyber Security Coordinators.

Your action

  1. Check if the host is infected.
  2. If the host has been infected, clean it up.

There is no need to reply to ITSC unless you have other questions.

Vulnerable Host

ITSC scans detect that the host has flaws, which may allow attackers to compromise it. This is usually caused by outdated patches, or if the system configuration is not secure.

ITSC action

  1. ITSC emails relevant vulnerable information, remedial steps, and host location information to the Cyber Security Coordinators.

Your action

  1. Apply related patches or the proper secure configurations.
  2. Reply to ITSC that remedial action has been taken.