Educause Security Discussion mailing list archives
Re: CALEA compliance, how do you do it?
From: Eric Lukens <eric.lukens () UNI EDU>
Date: Fri, 12 Jun 2015 10:58:16 -0500
I have a friend who previously worked for a datacenter provider and they had a few warrants to deal with. All they had to do was supply the span port and give internet access to a piece of equipment that would managed by the agency supplying the warrant. That sounds simple, but it was a bit painful, since they had to limit the number of people that had knowledge of the device, and had to keep detailed records regarding the equipment supplying the span port. That said, if you anticipate needing to supply span ports for CALEA compliance, I think you want your span port capability to be as granular as possible, so other people's data doesn't get vacuumed by the warrant as well. Now, if the warrant's target is utilizing something like IPsec or encrypted VOIP where you have the key, you might be required to decrypt packets for them or provide the key to decrypt the data. Of course, you could always just ask the FBI for help, supposedly that's free. :-) http://askcalea.fbi.gov/ (Note: half the links on this website don't work. They must have "gone dark.") -Eric On Thu, Jun 11, 2015 at 6:40 PM, Rossella Mariotti-Jones < rossella.mariotti.jones () chemeketa edu> wrote:
Hello all, I found the following FAQ on Educause and I have some questions about how the compliance technically works. At some point in the past when we were figuring out how to comply, someone suggested that as long as we can supply a span port on various key pieces of equipment we could be ok because the Feds will come in with their own boxes. Is this at all close to what happens in reality? and if not, what is the college required to provide? TIA. http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq rossella mariotti-jones | network analyst | information technology | chemeketa community college | p: 503-589-7775 | e: rmariott () chemeketa edu
-- Eric C. Lukens IT Security Policy and Risk Assessment Analyst ITS-Network Services Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 319-273-7434http://www.uni.edu/elukens/
Current thread:
- CALEA compliance, how do you do it? Rossella Mariotti-Jones (Jun 11)
- Re: CALEA compliance, how do you do it? Eric Lukens (Jun 12)