Re: Network Device Registration

[Joel Rosenblatt <joel () COLUMBIA EDU>]

Just to offer a different view, the following article about Free Love

<http://www.educause.edu/ir/library/pdf/ERM0266.pdf>

describes the Columbia non-registration system.  We have built, and are very successfully using, all of the methods of 
mediation described in the paper (along
with others that were subsequently developed) and I would like for someone to describe what a "netreg" system does that our 
"free love" way of doing things
doesn't.

Please don't get me wrong, I am not looking to argue .. I really just want to understand if there is something major 
that I may have missed.

Our local network contains over 32,000 active devices and we average about .33 percent of the active devices (about 4.5 
per day) that show up compromised.

That number includes students, faculty, staff and other stuff (printers, equipment) that are plugged into our network.

Some additional facts - we do not scan machines or look at packet content.  All of our detection is done with netflow 
data only.

I would be happy to discuss this on or off the list - by email or phone :-)

One of my motivations for this discussion is that I was asked to find out what we would gain by registering - my contention is 
"not much" -- but I would be
just as happy if someone could point out the errors in my ways :-)

Thank you,
Joel Rosenblatt


Joel Rosenblatt, Senior Security Officer & Windows Specialist, CUIT
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel - You can't spell seCUrITy without CUIT