Georgia Tech Cyber Security

Georgia Tech’s Cyber Security team protects Georgia Tech users and resources from potential attacks.

Georgia Tech Cyber Security works with campus units to identify and neutralize attacks on campus IT resources and data, educate users to cyber threats, and ensure compliance with information security laws and policies.

I WANT TO

Report a lost or stolen item

If your electronic device (including laptop, cellphone, or tablet) has been lost or stolen, please reach out to Georgia Tech Police Department and file a police report.

Phone: (404) 894-2500

In addition, please contact Georgia Tech Cyber Security at soc@gatech.edu to evaluate if protected data was present on the device, including but not limited to:

  • Health records
  • Employee/personnel records
  • Student data
  • Research data
  • Financial records
Report a vulnerability

The Georgia Institute Of Technology recognizes that security vulnerability research takes place on campus both through sponsored research, internally initiated research, and informal research. In addition, system users often find security vulnerabilities incidentally during the course of some other activity. Georgia Tech is fully committed to the identification and remediation of security vulnerabilities within Institute systems and networks.

If you have identified a security vulnerability within a Georgia Tech system, please send a message to the CyberSecurity team at vulnerability.reporting@gatech.edu.

Report a security incident

IMPORTANT NOTE: If you believe a security incident is an illegal act or life threatening, contact the Georgia Tech Police Department: (404) 894-2500, or Emergency: 911 immediately.

How to Report a Security Incident

If a Georgia Tech IT Resource user suspects or has observed an event that would satisfy the definition of a security incident, they should report the suspicion immediately to the Security Operations Center (SOC). Do NOT attempt to investigate or remediate the incident on your own.

Security Incident – A security incident is an event, as determined by Georgia Tech Cyber Security, that violates an applicable law or Institute policy including the violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. An incident could also be established based on the potential for harm to the confidentiality, integrity, or availability of Georgia Tech IT resources.

 404-385-2927 
 soc@gatech.edu 

Requested Information:

  1. Contact information & affiliation to Georgia Tech
  2. Impacted system(s) or services
  3. Date and time of the incident
  4. What data types may have been impacted?

 PLEASE TAKE THESE STEPS:

 

  1. Stop work on the machine immediately.
  2. Do NOT disconnect the network or power cables from the machine(s) so that we can use our approved endpoint software to respond to the incident.
  3. Do NOT attempt to investigate or remediate the incident on your own. Wait for instructions from the Security Operations Center (SOC). There may be compliance requirements, a ‘bigger picture’, or other ’complications’ that you may not know about.
  4. Provide us with as much information as you can about the user(s), GT account(s), and/or endpoint(s) that are affected. Some helpful scoping information is outlined in Requested Scoping Information (below) OR in the GT Security Incident Response Plan.
  5. Do NOT send sensitive information via email.
Abuse

If you suspect that your network, systems, or services may have been negatively impacted by resources at Georgia Tech, please report them to the Georgia Tech Cyber Security via email to: abuse@gatech.edu.

Report a phishing email

Please forward suspected phishing messages as an attachment to:
phishing@gatech.edu

*Forwarding the email as an attachment provides Cyber Security with email header information, which is valuable during their analysis of the message.

Instructions to forward an email message as an attachment are referenced below:

Change my password

Article here

Report abuse

If you suspect that your network, systems, or services may have been negatively impacted by resources at Georgia Tech, please report them to the Georgia Tech Cyber Security via email to:

abuse@gatech.edu

When reporting abuse, provide the following:

  • Your name, and an email address or phone number for contacting you
  • If you are affiliated with Georgia Tech, your affiliation (Faculty, Staff, Student, etc.) and your GT account
  • The type of abuse (SPAM, bandwidth abuse, etc.)
  • The IP address of the attacking system, if appropriate
  • The date and time of the abuse
  • Any additional information that you feel may help us to locate and diagnose the problem, such as full message headers, system logs, etc.
Use or manage two-factor authentication

Article here

Do Security Research

Disclaimer

Submission of a policy exception request does not constitute an approved policy exception. Please await a response from the Cyber Security team prior to proceeding with your work.

Following this procedure and submitting the required policy exception is necessary, but may not be sufficient, to comply with all applicable Institute policies. Please seek IRB approval, etc. if your research requires it.

Purpose

This procedure allows Cyber Security researchers to conduct their research without violating the law, violating Institute policy, or introducing reputational risk.

Scope

This procedure applies to all research and coursework that involves interacting with hosts and networks outside of your own lab environment. Examples of this type of interaction include:

  • Port scanning the internet (see best practices)
  • Port scanning the Georgia Tech network
  • Malware analysis allowing for callbacks
  • Sending malicious email
  • Operating Tor (or similar) exit nodes
  • Operating Darknets or Honeypots

Procedure

Click on the following link to complete the policy exception form.

The form will require you enter the following information. Please collect this information prior to clicking the above link:

  • Name of the research project or course
  • Project website URL (for any project/course that may generate abuse complaints)
  • Name, email address, and phone number of the:
    • Principal Investigator or Professor
    • Primary point of contact
    • Secondary point of contact
  • A list of all Georgia Tech hosts involved in the research/course
  • A list of all Georgia Tech IP addresses involved in the research/course
  • A list of all student user IDs involved in the class project (for course only)

For any research project that is likely to generate abuse complaints (e.g. port scanning the internet), the following actions must be taken

  • Create a project website and include your host and IP address information on the website. The website should give visitors a description of what you are doing and give people direction on how to contact you and request that you no longer scan their hosts and networks.
  • Provide a simple means of opting out and honor requests promptly.
  • Create and use a whitelist of hosts/networks that have requested to opt-out.
  • Indicate the purpose of the interaction in the reverse DNS, UserAgent, etc. where possible.
  • Clearly explain the purpose and scope of the research in all communications.
  • Scope the interactions to be no larger, or more frequent, than is necessary for research objectives
  • Do not include special or unrouted network ranges.

For any abuse complaints, third party security notifications, or Georgia Tech generated alerts, the Georgia Tech Cyber Security team will send a notification to the primary point of contact for action. A response is required to the Cyber Security team within 24 hours. If no response is received within 24 hours, the secondary point of contact will be alerted and a response expected within 12 hours. If no response is received and appropriate action taken, the Cyber Security team is authorized by Institute policy to take the following actions as needed:

  • Physically or logically remove the device from the GT network
  • Physically power down the host in question
  • Physically seize the host in question (if it is a GT owned asset), if the host presents a threat to the Institute or others and forensic analysis is required
  • Lockout user accounts

In any case where the Cyber Security team believes a system to be compromised and is actively attacking Institute systems or networks, or outside systems or networks, the Cyber Security team is authorized to immediately take action as noted above.

Prohibited Actions

The following actions are expressly prohibited and will result in the Cyber Security team taking action as stated above:

  • Launching scanning activities or other research directly from the campus VPN subnets
  • Releasing malware into the wild
  • Exploiting hosts outside of your own lab environment without explicit permission from the owner of the systems you are attempting to exploit
  • Launching denial of service attacks outside of your own lab environment without explicit permission from the owner of the systems you are attempting to attack

SECURITY@GATECH

Institute for Information Security & Privacy

GT Police Department

Office Of Emergency Preparedness

GT Cyber Security Statistics

HOW TO

Avoid being phished

Set up remote logging for your server

Secure your password

Configure a personally owned Mac

SECURITY RESOURCES

Phish Bowl

Policies, Procedures, & Standards

Vulnerability Management

Incident Reponse

Services Security Checklist

Desktop & Laptop Security

Password & Identity Management

Copyright & Intellectual Property

Secure Configurations

LATEST SECURITY NEWS

Beware of Valentine’s Day Scam Email

Stopping vistor-uploaded spam submissions on your website

New Features in LastPass to Focus on Family Digital Life

Security Research Procedure

Keylogger found on HP laptops/desktops