Educause Security Discussion mailing list archives

Re: CALEA compliance, how do you do it?

From: Eric Lukens <eric.lukens () UNI EDU>
Date: Fri, 12 Jun 2015 10:58:16 -0500

I have a friend who previously worked for a datacenter provider and they
had a few warrants to deal with. All they had to do was supply the span
port and give internet access to a piece of equipment that would managed by
the agency supplying the warrant. That sounds simple, but it was a bit
painful, since they had to limit the number of people that had knowledge of
the device, and had to keep detailed records regarding the equipment
supplying the span port.

That said, if you anticipate needing to supply span ports for CALEA
compliance, I think you want your span port capability to be as granular as
possible, so other people's data doesn't get vacuumed by the warrant as
well. Now, if the warrant's target is utilizing something like IPsec or
encrypted VOIP where you have the key, you might be required to decrypt
packets for them or provide the key to decrypt the data.

Of course, you could always just ask the FBI for help, supposedly that's
free. :-) http://askcalea.fbi.gov/ (Note: half the links on this website
don't work. They must have "gone dark.")

-Eric

On Thu, Jun 11, 2015 at 6:40 PM, Rossella Mariotti-Jones <
rossella.mariotti.jones () chemeketa edu> wrote:

Hello all, I found the following FAQ on Educause and I have some questions
about how the compliance technically works. At some point in the past when
we were figuring out how to comply, someone suggested that as long as we
can supply a span port on various key pieces of equipment we could be ok
because the Feds will come in with their own boxes. Is this at all close to
what happens in reality? and if not, what is the college required to
provide?
TIA.


http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq

rossella mariotti-jones | network analyst | information technology |
chemeketa community college | p: 503-589-7775 | e: rmariott () chemeketa edu




-- 

Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
319-273-7434http://www.uni.edu/elukens/

Current thread:

CALEA compliance, how do you do it? Rossella Mariotti-Jones (Jun 11)
- Re: CALEA compliance, how do you do it? Eric Lukens (Jun 12)