Re: Monitoring traffic/protecting student accessible machines

[Ron Parker <rparker () BRAZOSPORT EDU>]

1) We use Etherpeek from Wildpackets for our sniffer. I have a chokepoint
set up where I can capture all traffic between our network and our
internet links. If the traffic is purely internal, we use spanned
monitor ports on our Cisco switches.

We also run Websense in conjunction with our firewall. It provides
filtering and reporting of activity for some protocols but not all. You
may also be able to use RMON to remotely capture packets of interest from
network switches that support RMON.

In my experience with a number of these kinds of cases, your best tool is
a detailed packet capture combined with someone verifying the identify of
the person at the computer being monitored. It is very time consuming to
pursue these cases. That's one reason I've started filtering the hardcore
porn via Websense.

2) We use Deep Freeze in our labs. It isn't a perfect solution but it's
the best we've found so far. We are still looking for something better.
For example, during the recent Blaster worm outbreak, we couldn't just
send out the patch to our lab XP machines via SUS and group policy. Every
change to the machine requires disabling Deep Freeze, rebooting, making
the change and re-enabling Deep Freeze. That is a real time waster with
the hundreds of lab machines we have. I would like to have a way to use
Ghost to blast out new images to the labs under such conditions but we're
still working on that.

--
Ron Parker, Director of Information Technology, Brazosport College
Voice: (979) 230-3480             FAX: (979) 230-3111
http://www.brazosport.edu


On Fri, 10 Oct 2003, Charles Bombard wrote:

> I have two questions:
> 1)
> What do you use to monitor traffic? I am looking for actual packet
> sniffing. Example of what I am looking for, we have a complaint of a
> student viewing material they should not be on a lab machine. The IT staff
> are at another location but can remotely monitor the network.. I want to
> know what sites the person is going to. They are using their own machine
> but our network. I have MAC address and IP. What do you recommend?
>
> 2)
> What do you do to protect your lab machines from your students? Do you use
> deepfreeze or a similar product? How do you like the solution that you are
> using?
>
> -Charlie Bombard
> LAN Systems Administrator
> Community College of Vermont
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.