Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8920

Number 9-8-8920
Priority Critical
Description Temporarily Quarantine Bot Infected Devices:
ISPs may temporarily quarantine a subscriber account or device if a compromised device is detected on the subscribersÂ’ network and the network device is actively transmitting malicious traffic. Such quarantining should normally occur only after multiple attempts to notify the customer of the problem (using varied methods) have not yielded resolution. In the event of a severe attack or where an infected host poses a significant present danger to the healthy operation of the network, then immediate quarantine may be appropriate. In any quarantine situation and depending on the severity of the attack or danger, the ISP should seek to be responsive to the needs of the customer to regain access to the network. Where feasible, the ISP may quarantine the attack or malicious traffic and leave the rest unaffected.
Network Type(s) Internet/Data
Industry Role(s) Service Provider
Keyword(s) Cyber Security;Intrusion Detection;
Reference/Comments The temporary delay of web pages for the purpose of providing web browser notification, as suggested in Best Practice 8-8-X018, does not constitute a 'quarantine' as used in this Best Practice.
Some information regarding quarantine technology can be found at:
http://www.trustedcomputinggroup.org/developers/trusted_network_connect

Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.