Educause Security Discussion mailing list archives
Re: Sniffer notification
From: "David L. Wasley" <david.wasley () UCOP EDU>
Date: Tue, 23 Mar 2004 09:25:08 -0800
An important corollary question is "how do you define 'monitor'?" I have heard that some schools record traffic (complete packets) but don't look at it in any way unless something untoward happens. They feel they need to be able to diagnose problems in retrospect. In general terms, I believe we should consider our networks "common carriers" (even if the courts may or may not agree) since that starts with the assumption that we don't and should not eavesdrop on what is sent over them. We only examine content under specific circumstances as defined by policy and confirmed by an authorized individual. The parallel is a wiretap order from a court. WRT troubleshooting a client/server problem, in most all cases the parties concerned are involved in the problem resolution process and therefore could give (tacit?) permission to examine the packets they send and receive. The network staff also can look at aggregate behavior of the network without examining the data content of packets, as Oberlin describes. Only if a case can be made that the data content of other network packets, while not congesting or affecting the proper operation of the network or being received by either platform in the client/server situation, are somehow causing the problem would the relevant campus authority give permission for broader examination of traffic. I fear that venturing over this strict line could open up a huge number of ugly problems. David ----- At 11:11 AM -0500 on 3/23/04, Tracy Mitrano wrote:
Just curious on this thread about a related question: How many schools have IT policies that state something to the effect of: "[Name of Institution] does not as a practice monitor its network for content" Please note that such a statement does not prevent whatever technical measures are necessary for security and maintenance, as is explained by additional policy language. Thanks! Tracy
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Sniffer notification, (continued)
- Re: Sniffer notification Doug Sandford (Mar 23)
- Re: Sniffer notification Matthew Keller (Mar 23)
- Re: Sniffer notification Richard Gadsden (Mar 23)
- Re: Sniffer notification Tracy Mitrano (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Neil_Sachnoff (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Dan Schneider (Network Administrator) (Mar 23)
- Re: Sniffer notification Doug Sandford (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification David L. Wasley (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Carol Myers (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Brian Kaye (Mar 24)
- Re: Sniffer notification Brian Eckman (Mar 24)
- Re: Sniffer notification Bruggeman, John (Mar 24)