Educause Security Discussion mailing list archives
Re: Sniffer notification
From: Carol Myers <carol.myers () DOMAIL MARICOPA EDU>
Date: Tue, 23 Mar 2004 10:49:14 -0700
Maricopa Community College's standards state: <snip>It is not Maricopa's practice to monitor the content of electronic mail transmissions, files, or other data maintained in its computing resources. The maintenance, operation and security of Maricopa's computing resources, however, require that network administrators and other authorized personnel have access to those resources and, on occasion, review the content of data and communications maintained there. A review may be performed exclusively by persons expressly authorized for such purpose and only for cause. To the extent possible in the electronic environment and in a public setting, a user's privacy will be honored. Nevertheless, that privacy is subject to Arizona's public records laws and other applicable state and federal laws, as well as policies of Maricopa's Governing Board all of which may supersede a user's interests in maintaining privacy in information contained in Maricopa's computing resources.</snip> http://www.dist.maricopa.edu/legal/dp/inbrief/compstandards.htm Tracy Mitrano wrote:
Just curious on this thread about a related question: How many schools have IT policies that state something to the effect of: "[Name of Institution] does not as a practice monitor its network for content" Please note that such a statement does not prevent whatever technical measures are necessary for security and maintenance, as is explained by additional policy language. Thanks! Tracy At 10:55 AM 3/23/2004 -0500, Richard Gadsden wrote:On Tue, 23 Mar 2004, Cal Frye wrote: > We're about to diagnose some networking issues here with rather > aggressive use of Sniffer on student ports. We've always considered this > to be pretty intrusive, and not to be done without notifying the users > involved that we would be listening in. But we don't have written > policies concerning this action, beyond the general statement that we > (1) respect users privacy but (2) reserve the right to sniff should the > need strike us. > > Anyone have a quick link to policies and notification documents to be > sent to the user that I might have a look at and/or steal outright? I > worry that there's something I might overlook in the process. If you're not sure that the existing "general statement" in your policy authorizes the diagnostic activity that you have in mind, then your first stop should be your university counsel's office. That should be part of your standard procedure for anything potentially invasive that's outside the scope of routine operations. If your legal counsel advises that you are authorized to proceed based on your existing policy, then you might, in terms of notification, simply let the affected users know about the coming diagnostic activity, and reference the policy that authorizes it. For example, were I in your shoes, I'd probably be referring the affected users to the "Privacy and Confidentiality" section of our school's computer use policy: <http://www.musc.edu/ccit/cup/cup2001.html> --- o --- Richard Gadsden Director of Computer and Network Security Medical University of South Carolina ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
-- Carol Myers Director, ITS Security Services Information Technologies Services Maricopa Community Colleges http://www.maricopa.edu/security 480.731.8903 "Reminds me of my safari in Africa. Somebody forgot the corkscrew and for several days we had to live on nothing but food and water." --W.C. Fields ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Sniffer notification, (continued)
- Re: Sniffer notification Richard Gadsden (Mar 23)
- Re: Sniffer notification Tracy Mitrano (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Neil_Sachnoff (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Dan Schneider (Network Administrator) (Mar 23)
- Re: Sniffer notification Doug Sandford (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification David L. Wasley (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Carol Myers (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Brian Kaye (Mar 24)
- Re: Sniffer notification Brian Eckman (Mar 24)
- Re: Sniffer notification Bruggeman, John (Mar 24)