Purpose:
To enhance network security, the Information Security team will maintain a list of verified malicious IP addresses, identified through known Indicators of Compromise (IOCs), and enforce their blocking at the firewall level. These blocks aim to prevent unauthorized access, mitigate threats, and protect University systems from compromise.
Process:
-
Aggregation & Validation:
- A list of malicious IP addresses is compiled by aggregating threat intelligence data from NJCCIC.
- The list is reviewed and vetted by a team of NJCCIC analysts to ensure accuracy
- Any IOCs found to have low confidence or insufficient evidence are removed before the list is submitted to the Kean IT Security team.
- Additional screening of the list is performed by the Kean IT Security team.
-
Implementation:
- The vetted list of malicious IP addresses will be uploaded to the firewalls for blocking.
-
IOC Expiration & Removal
- IP addresses that have not appeared in the list for four consecutive weeks will be unblocked on the firewalls.
- Regular audits will be conducted to ensure the timely removal of outdated IOCs.
Compliance
All IT staff responsible for network security must adhere to this policy to ensure proper threat mitigation while maintaining operational efficiency. Any exceptions must be reviewed and approved by the security team.
For any questions or concerns, please contact the IT Security team – at security@kean.edu.