Security Incident
Report Problem
VPN
Login to vpn@ucsf
Help
email usConnecting Web Servers to the Internet
1. Contact OAAIS Enterprise Information Security (EIS) and provide the following information:
- Contact name, department, phone number and email address
- IP address of web server
- Server name
- OS platform
- Web Application
2. The request will be logged into a Remedy Ticket and you will be provided with the tracking number.
3. OAAIS Enterprise Information Security (EIS) will do a vulnerability assessment of the web server. If the scan shows that vulnerabilities do exist, you will be contacted to discuss the findings.
Note: If a device does not pass the vulnerability scan, the port 80 open request will be deferred until the server has been secured and passes the scan.
4. OAAIS Enterprise Information Security (EIS) will send the request to ENS.
5. ENS will inform OAAIS Enterprise Information Security (EIS) upon the completion of each request.
Note: Process time is approximately 14 calendar days.
6. OAAIS Enterprise Information Security (EIS) will notify you when port 80 has been opened.
Background Information
On July 19, 2001 the Code Red Worm attacked the Internet and all in-bound traffic to UCSF web servers (port 80) was blocked (http://www.ucsf.edu/its/listserv/admin-l/1301.html). Since that time, a process has been implemented by OAAIS Enterprise Information Security (EIS) to enable web servers to be connected to the Internet in a timely manner once they have been hardened.