Georgia Tech’s Cyber Security team protects Georgia Tech users and resources from potential attacks.
Georgia Tech Cyber Security works with campus units to identify and neutralize attacks on campus IT resources and data, educate users to cyber threats, and ensure compliance with information security laws and policies.
I WANT TO
Report a lost or stolen item
If your electronic device (including laptop, cellphone, or tablet) has been lost or stolen, please reach out to Georgia Tech Police Department and file a police report.
Phone: (404) 894-2500
In addition, please contact Georgia Tech Cyber Security at soc@gatech.edu to evaluate if protected data was present on the device, including but not limited to:
- Health records
- Employee/personnel records
- Student data
- Research data
- Financial records
Report a vulnerability
The Georgia Institute Of Technology recognizes that security vulnerability research takes place on campus both through sponsored research, internally initiated research, and informal research. In addition, system users often find security vulnerabilities incidentally during the course of some other activity. Georgia Tech is fully committed to the identification and remediation of security vulnerabilities within Institute systems and networks.
If you have identified a security vulnerability within a Georgia Tech system, please send a message to the CyberSecurity team at vulnerability.reporting@gatech.edu.
Report a security incident
IMPORTANT NOTE: If you believe a security incident is an illegal act or life threatening, contact the Georgia Tech Police Department: (404) 894-2500, or Emergency: 911 immediately.
How to Report a Security Incident
If a Georgia Tech IT Resource user suspects or has observed an event that would satisfy the definition of a security incident, they should report the suspicion immediately to the Security Operations Center (SOC). Do NOT attempt to investigate or remediate the incident on your own.
Security Incident – A security incident is an event, as determined by Georgia Tech Cyber Security, that violates an applicable law or Institute policy including the violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. An incident could also be established based on the potential for harm to the confidentiality, integrity, or availability of Georgia Tech IT resources.
404-385-2927
soc@gatech.edu
Requested Information:
|
PLEASE TAKE THESE STEPS:
|
Abuse
If you suspect that your network, systems, or services may have been negatively impacted by resources at Georgia Tech, please report them to the Georgia Tech Cyber Security via email to: abuse@gatech.edu.
Report a phishing email
Please forward suspected phishing messages as an attachment to:
phishing@gatech.edu
*Forwarding the email as an attachment provides Cyber Security with email header information, which is valuable during their analysis of the message.
Instructions to forward an email message as an attachment are referenced below:
Change my password
Report abuse
If you suspect that your network, systems, or services may have been negatively impacted by resources at Georgia Tech, please report them to the Georgia Tech Cyber Security via email to:
When reporting abuse, provide the following:
- Your name, and an email address or phone number for contacting you
- If you are affiliated with Georgia Tech, your affiliation (Faculty, Staff, Student, etc.) and your GT account
- The type of abuse (SPAM, bandwidth abuse, etc.)
- The IP address of the attacking system, if appropriate
- The date and time of the abuse
- Any additional information that you feel may help us to locate and diagnose the problem, such as full message headers, system logs, etc.
Use or manage two-factor authentication
Do Security Research
Disclaimer
Submission of a policy exception request does not constitute an approved policy exception. Please await a response from the Cyber Security team prior to proceeding with your work.
Following this procedure and submitting the required policy exception is necessary, but may not be sufficient, to comply with all applicable Institute policies. Please seek IRB approval, etc. if your research requires it.
Purpose
This procedure allows Cyber Security researchers to conduct their research without violating the law, violating Institute policy, or introducing reputational risk.
Scope
This procedure applies to all research and coursework that involves interacting with hosts and networks outside of your own lab environment. Examples of this type of interaction include:
- Port scanning the internet (see best practices)
- Port scanning the Georgia Tech network
- Malware analysis allowing for callbacks
- Sending malicious email
- Operating Tor (or similar) exit nodes
- Operating Darknets or Honeypots
Procedure
Click on the following link to complete the policy exception form.
The form will require you enter the following information. Please collect this information prior to clicking the above link:
- Name of the research project or course
- Project website URL (for any project/course that may generate abuse complaints)
- Name, email address, and phone number of the:
- Principal Investigator or Professor
- Primary point of contact
- Secondary point of contact
- A list of all Georgia Tech hosts involved in the research/course
- A list of all Georgia Tech IP addresses involved in the research/course
- A list of all student user IDs involved in the class project (for course only)
For any research project that is likely to generate abuse complaints (e.g. port scanning the internet), the following actions must be taken
- Create a project website and include your host and IP address information on the website. The website should give visitors a description of what you are doing and give people direction on how to contact you and request that you no longer scan their hosts and networks.
- Provide a simple means of opting out and honor requests promptly.
- Create and use a whitelist of hosts/networks that have requested to opt-out.
- Indicate the purpose of the interaction in the reverse DNS, UserAgent, etc. where possible.
- Clearly explain the purpose and scope of the research in all communications.
- Scope the interactions to be no larger, or more frequent, than is necessary for research objectives
- Do not include special or unrouted network ranges.
For any abuse complaints, third party security notifications, or Georgia Tech generated alerts, the Georgia Tech Cyber Security team will send a notification to the primary point of contact for action. A response is required to the Cyber Security team within 24 hours. If no response is received within 24 hours, the secondary point of contact will be alerted and a response expected within 12 hours. If no response is received and appropriate action taken, the Cyber Security team is authorized by Institute policy to take the following actions as needed:
- Physically or logically remove the device from the GT network
- Physically power down the host in question
- Physically seize the host in question (if it is a GT owned asset), if the host presents a threat to the Institute or others and forensic analysis is required
- Lockout user accounts
In any case where the Cyber Security team believes a system to be compromised and is actively attacking Institute systems or networks, or outside systems or networks, the Cyber Security team is authorized to immediately take action as noted above.
Prohibited Actions
The following actions are expressly prohibited and will result in the Cyber Security team taking action as stated above:
- Launching scanning activities or other research directly from the campus VPN subnets
- Releasing malware into the wild
- Exploiting hosts outside of your own lab environment without explicit permission from the owner of the systems you are attempting to exploit
- Launching denial of service attacks outside of your own lab environment without explicit permission from the owner of the systems you are attempting to attack
SECURITY@GATECH
Institute for Information Security & Privacy
GT Police Department
Office Of Emergency Preparedness
GT Cyber Security Statistics
HOW TO
Avoid being phished
Set up remote logging for your server
Secure your password
Configure a personally owned Mac
SECURITY RESOURCES
Phish Bowl
Policies, Procedures, & Standards
Vulnerability Management
Incident Reponse
Services Security Checklist
Desktop & Laptop Security
Password & Identity Management
Copyright & Intellectual Property
Secure Configurations
LATEST SECURITY NEWS
Beware of Valentine’s Day Scam Email
Stopping vistor-uploaded spam submissions on your website
New Features in LastPass to Focus on Family Digital Life
Security Research Procedure
Keylogger found on HP laptops/desktops