There are many wall jacks with data (network) ports installed throughout UAB buildings. Usually, the only ports that are active are those in use; other ports are de-activated. How can you tell?
What if suspect your network port has developed a problem of some sort?
To check whether the port has been activated and is working:
- Send a message to AskIT@UAB.EDUcontaining the
- Room Number
- Jack Number (it is written on the face plate)
- Port position number (If there are two DATA ports, the one on the left is D1 and the one on the right is D2. If there are four DATA ports, D1 is the upper left, D2 is upper right, D3 is lower left, D4 is lower right).
AskIT will check to determine if the port is activated and whether it appears to be working correctly. If the port shows as active but does not work correctly, either AskIT (or you) can dispatch a technician to fix it by calling 4-7777.
Every unit at UAB with devices connected to the UAB campus network should have a "network contact" person, even if there is no department server or local area network. At least one person within your department should be designated to be responsible for communicating your requests to DC/NS, and for assisting network users with basic configuration, software installation, computer training, and problem solving.
- Each department or unit at UAB should have an officially designated "network contact" person.
- The dean, chairman or director designates who is to serve as "network contact" for your unit. The dean, chairman or director should send either a written memo or an e-mail message to firstname.lastname@example.org indicating who is to be considered the official contact person.
- Data Communications / Network Services (DC/NS) recommends that the contact person be a trained computer professional.
- If the "network contact" person is not a UAB employee, the department should additionally designate a contact person who is a UAB employee.
- The "network contact" person should have access to a UAB e-mail account (hostname ends in uab.edu). All requests to DC/NS must be submitted via e-mail (email@example.com), and for security reasons these must originate from a server registered through DC/NS.
- When there is a change in personnel or responsibilities within your department, DC/NS should be notified. The previous "network contact" may send a message to firstname.lastname@example.org introducing the new person. If no replacement arrives before the old person departs, the last "network contact" should hand this function to their supervisor or other person in the department, who will then hand the job to the replacement person when they arrive. IP records, and any other records, should be turned in to the department for safekeeping.
- If the "network contact" left UAB without notifying DC/NS, the dean, director or department head should contact DC/NS with the name of the replacement contact person.
- Manage a block of IP (internet protocol) numbers given to the department by DC/NS, and maintain records of the location for each IP number used. Requests for new IP numbers should be submitted by e-mail to mailto:email@example.com?subject=Request new IP numbers
- Request registration of host names in the UAB DNS (domain name service). Requests for DNS registration should be submitted via e-mail to firstname.lastname@example.org
- Communicate network problems to DC/NS, and assist in trouble-shooting and problem resolution. Please call 4-3540 to report network communications problems, and call 4-7777 to report network wiring problems. You may also report problems via web interface.
- Request and properly configure other net-wide addressing, such as Novell server names and addresses, and Appletalk zone numbers and names. Net-wide addressing requests should be submitted via e-mail to email@example.com
- Coordinate equipment installation and relocation with DC/NS.
A domain name such as the one described above is called a third-level domain name. There is a $500 one-time fee for creating new third-level domains. There is no additional charge for registering names within the domain once it is set up. Third-level domain names should be requested by the department network contact.
Please send requests for third-level domain names to UserServices@uab.edu and include an FAS account number to bill. register the name.
Faculty, staff and students who are involved in professional, academic, or student-social organizations are sometimes interested in hosting a web site for their group and want to use a domain name that does not end in uab.edu.
UAB cannot provide DNS (Domain Name) service for domains other than uab.edu. However, what we can do is register an on-campus server with a uab.edu name, and then you can arrange for an outside Internet Service Provider (ISP) to provide the name www.alabama_engineers.org and point it to your UAB server. The end result is that someone who types the URL www.alabama_engineers.org into their web browser will be taken to the organization's home page, which may happen to be sitting on a computer housed at UAB. Most ISP's charge a small fee for providing you with this service.
Contact the UAB Web Center for further details about this type of arrangement.
- Isolate the device
Make sure the system is disconnected from the network. This is to protect UAB from any additional impact from the incident.
Determine the affected data.
Confirm whether or not sensitive data was housed on the compromised device. This includes employee, student, patient, or research data. Determine if any sensitive data was inappropriately accessed. If so, immediately escalate to both your local management and the UAB Data Security (https://silo.dso.uab.edu/incident or call 205-975-0842).
If sensitive data is at risk, do not perform additional activity until you have spoken with Data Security.
- Perform Root Cause Analysis
Establish the reason that the system was exploited. Ask yourself these questions:
- Did an end user install something harmful?
- Was it caused by a weak password?
- Was the system missing a patch?
- Remediate the issue
The best way to restore a compromised machine is frofm a trusted backup or to do a clean installation. Even what used to be routine virus infections have become so advanced that we cannot trust a system once it's been infected.
Perform password changes for end users and any administrators that may have used the system as well. This includes BlazerIDs and other accounts such as websites that were accessed from the compromised machines. Local Administrator passwords should also be changed.
- Reconnect to the network
Once the system has been properly remediated, UAB Data Security, in conjunction with the HIPAA Security Office, will reconnect the machine to the network. This process can take up to 24 hours after the initial request.
If you receive a notice saying the machine was compromised, the best way to get reconnected is to reply to that email.
Otherwise, Please call 205-975-0842 or email DataSecurity@uab.edu for assistance.
No. Each person needs to create their own
If you are dialing into the system from a different number,(other than your mailbox number), press the "*" key next and you will be prompted to enter your seven digit mailbox number followed by your passcode. This allows the server to match your passcode to the correct mailbox number.
Data Custodians must:
- Designate appropriate individuals with system administration responsibilities, ensuring that their role in securing the system is defined in their job description, and that they are trained in administration and security of the system.
- Ensure adherence to UAB guidelines and procedures for protecting data as found in IT Security Practices.
- Ensure compliance with all stipulations of this and other UAB policies and other legal and regulatory requirements including those related to dissemination of data (UAB's Information Disclosure and Confidentiality Policy) and disposal of computer equipment and systems (UAB's Equipment Accounting standards, and "Guidelines for secure disposal of media containing sensitive information").
- Ensure that risk assessments are performed (including disaster recovery plans, backup and contingency plans) as required by HIPAA for all PHI. Risk assessment is recommended for all other sensitive or mission critical data.
- Ensure that documentation of data resources created, used, or stored within their area of control is maintained.
- Ensure that systems containing sensitive information are physically secured from unauthorized access.
- Ensure that the department/unit follows procedures to mitigate all identified compromises or identified data security threats.
- Ensure that actual or suspected data security breaches, especially when involving sensitive data, are reported to the Data Security Office immediately and that any recommended corrective action is implemented.
- Ensure that non-UAB entities or contracted third party vendors handle data in accordance with UAB policies and procedures.
UAB IT has a procedure for secure media destruction of discs, CDs, DVDs, tapes and hard drives.
Departmental IT personnel should call AskIT or submit a ticket to AskIT requesting an appointment for secure media destruction, then fill out a UAB Secure Media Destruction Custody Form with the ticket number. AskIT staff will make an appointment for you to bring the media and the form to the AskIT help desk in Cudworth Hall (CEC 225).
- The individual transferring the media to UAB IT's AskIT help desk is required to verify all media listed on the forms is present.
- All media must be listed on forms and numbered.
- Media not numbered or listed on forms will not be accepted.
- All fields on forms must be completed.
- Each form must accompany the related media.
Once in the possession of AskIT, the media is stored securely until it is picked up by UAB IT staff for transport to the destruction site. The media is delivered to the Waste Holding Facility to be destroyed using the metal shredder or incinerator as appropriate. UAB IT personnel are required to witness the destruction of media and record this on the form you submit. The form will be attached to the work order created with AskIT.