Educause Security Discussion mailing list archives
Re: P2P Software
From: Lance Jordan <lancejor () RCI RUTGERS EDU>
Date: Thu, 27 Feb 2003 15:16:03 -0500
Tracy Here is the policy on network monitoring and data retention from Rutgers Network Data Collection Standard It is the policy of Rutgers University to maintain access for its community to local, national and international sources of information and to provide an atmosphere that encourages the free exchange of ideas and sharing of information. Access to this environment and the University's information technology resources is a privilege and must be treated with the highest standard of ethics. The university expects all members of the community to use computing and information technology resources in a responsible manner; respecting the public trust through which these resources have been provided, the rights and privacy of others, the integrity of facilities and controls, and all pertinent laws and university policies and standards. Our customers have a reasonable expectation that Rutgers University Computing Services (RUCS) will recognize and respect the privacy of the data that we transport across the university network on their behalf. It is a RUCS policy to respect the privacy of its users and RUCS will not monitor, edit, or disclose the contents of a user's communications unless required to do so by law or in the good faith belief that such action is necessary to respond to an operational problem or a security concern. RUCS has responsibility for managing and maintaining equipment that makes forwarding decisions based on hardware address, Internet Protocol (IP) address, port number and size. RUCS reserves the right to routinely collect gross characteristics (eg. source address, destination address, port numbers, size, etc.) from any university maintained network link. The payload portion of a datagram, that part which contains your information, would not be routinely captured or preserved. The primary purpose of collected data is to understand the traffic characteristics of the network, manage demand, plan for growth, and respond to network problems. RUCS may also utilize this data to address identified or suspected security incidents. This data will be made available to authorized agents where required by law or where it is reasonable to believe that it is both unambiguous and necessary. This data is not available to resolve administrative disputes within, or between, business units. Tracy Mitrano wrote:
Hi Tom and others, I am curious: do you consider this activity "monitoring" the network for content and do you have any IT policies regarding "monitoring?" Thanks, Tracy
-- Lance D. Jordan Director, Information Protection & Security Rutgers University Computing Services (Voice) 732-445-8138 (Fax) 732-445-8023 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- P2P Software Piscitello, Frank (Feb 27)
- <Possible follow-ups>
- Re: P2P Software Tom Conley (Feb 27)
- Re: P2P Software Tracy Mitrano (Feb 27)
- Re: P2P Software Lance Jordan (Feb 27)
- Re: P2P Software Tom Conley (Feb 27)