Re: classifying P2P traffic - what about legit uses?

["Harris, Michael C." <HarrisMC () HEALTH MISSOURI EDU>]

All licensing and free use issues aside (that argument has been beaten
back and forth way too often, let's not rehash it) for some of us it is
as much an issue of bandwidth (see David Gillett's post) and malware
embedded in the download.  How often is gross P2P activity a tell-tale
for other abuse or malware risk?  Additionally is it legitimate to be
upgrading our pipes to accommodate what some may feel is questionable
activity?

> From a user education standpoint, the moral and ethical controls of the
individual seem to be slower to develop than the technical ability.
Enforcement down to the individual is rare at best when the money and
publicity incentive is to go after the institution not the individual.
It shifts the liability upward from the individual to the institution.

Similar to Joel's posing we are in a 250MB/day kind of range before we
take action, Not that we block anything, it merely is a trigger point to
investigate or dig deeper.

Mike
  

-----Original Message-----
From: Joel Rosenblatt [mailto:joel () COLUMBIA EDU] 
Sent: Tuesday, January 29, 2008 11:25 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] classifying P2P traffic - what about legit uses?

Three cheers for Randy .. a sane voice in all of the chatter :-)

No disrespect intended .... I happen to agree with Randy about this.

We have an open network and our policy states that if you break the law,
you are responsible for the consequences.

My 2 cents.

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security Columbia
Information Security Office (CISO) Columbia University, 612 W 115th
Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel


--On Tuesday, January 29, 2008 12:13 PM -0500 Randy Marchany
<marchany () CANDI2 CIRT VT EDU> wrote:

> Having lurked on this and other related threads over the past couple 
> of months, I'd like to ask a few questions and make a few observations

> about how EDUs appear to be dealing with P2P.
>
> 1. With all of the "monitoring" and "rate limiting" strategies, how 
> does your institution deal with legit uses of P2P? We're a land grant 
> and our extension division may use P2P to distribute videos/sound 
> recordings of their products to extension agents around the state.  
> Obviously, blocking all P2P would prevent them from doing their 
> business. Music students working on projects and putting their 
> "product" on the net for download (legit because permission was given
to distribute) is another example.
> 2. How many BitTorrent servers or other P2P servers are on your campus
nets?
> What type of scanning or metrics do you collect about p2p traffic? The

> usual suspects like excessive traffic to/from IP address is nice but 
> what do you do to keep tabs on "normal" P2P traffic?
>
> 3. An observation: I'm a security type and a musician. I've always 
> thought that banning P2P traffic because of the potential "copyright" 
> problems was like banning the US Postal Service (Fedex, UPS) because 
> someone xeroxed a book and use them to mail the book. I don't buy the 
> volume issue (it's much faster using P2P than USPS....duh!) because 
> that's a smoke screen. The real issue is making sure users understand 
> copyright issues and know what the potential penalties are.  There are

> legit uses of P2P in our world and I don't see forcing users to jump 
> through hoops to do real work as being an effective practice. If it's 
> too cumbersome, they'll circumvent it. Having IPS rulesets blocks the 
> casual user but not the determined user. I can remember not being able

> to download tunes from our band www site because of an arbitrary block

> while visiting an EDU. Never mind that it was legal (we, the copyright
owners, give permission to distribute freely). The block prevented a
legit use of P2P.
> 4. Another observation: are we taking the easy way by arbitrarily 
> blocking P2P because a) we're short staffed b) we're lazy c) we don't 
> have resources for user education d) we don't have upper mgt support 
> d) we're afraid of the RIAA/MPAA e) all of the above? Shouldn't we be 
> investing more in the short term (policy enforcement, user education, 
> categorizing P2P traffic to id the illegal stuff)? This short term 
> effort would eliminate a good chunk of the longer term problem.
>
> Just my .01 worth.
>
>       -Randy Marchany
>       VA Tech IT Security Office
>       



Joel Rosenblatt, Manager Network & Computer Security Columbia
Information Security Office (CISO) Columbia University, 612 W 115th
Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel