Educause Security Discussion mailing list archives
Re: Sniffer notification
From: Brian Kaye <bdk () UNB CA>
Date: Wed, 24 Mar 2004 08:53:25 -0400
Below are the words from our "draft" policy (since December 1999). Basically we took ownership of everthing. Its our network. We paid for it. If they want to use the network they must accept this. The AUP they sign off on (but probably don't read) says: "UNB is the owner and operator of these facilities. When there is evidence of a problem, authorized personnel may examine any file or system on any computer attached to UNB's networks, in order to identify the cause and effect a repair." They get two chances to read this. One is at they time they register their computer and the second is when we email them a copy of the AUP. This covers student owned machines as well as staff and faculty machines. Lab machines are covers by an AUP they sign off on when they register for their account(s) and email id. .......Brian Kaye .....UNB Traffic Monitoring - On an ongoing basis Computing services staff monitor the types of traffic (protocols), amount of traffic (bytes sent and received), source and destinations as well as traffic patterns. When necessary because of network incidents or other security violations Computing Services will monitor, record and analyze traffic to and from particular workstations. Network Server Monitoring - Computing Services and other departments operate servers on the network to provide various resources to the University community. Records are maintained for 2 months as to who uses workstations, when they were used and for how long. Other records are maintained with respect to server performance. When necessary, because of security incidents or performance issues more detailed information may be recorded and kept. Note the University reserves the right to examine any file on any personal computer, workstation or server owned by the University, connected to the University's network or located on university property. This includes University owned machines which may be used at home. This also includes personal machines which are connected to the University network. Physical Monitoring of Labs - The University has begun to monitor its publicly accessible laboratories with video surveilance equipment. Visual records of the use of these facilities are kept for 2 weeks. When incidents are detected these records are kept for as long as necessary to resolve the incident. On Tue, 23 Mar 2004, Neil_Sachnoff wrote:
Date: Tue, 23 Mar 2004 11:14:52 -0500 From: Neil_Sachnoff <Neil_Sachnoff () MIDDLESEXCC EDU> Reply-To: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Sniffer notification Our Acceptable Use Policy includes the following statements: "To insure adherence to these standards and protect the integrity of its computing resources, the college reserves the right to monitor such resources. Any behavior in violation of the college's standards is cause for disciplinary action." Neil S. Sachnoff, Executive Director, Information Technology Middlesex County College 2600 Woodbridge Avenue, JLC Rm. 209 Edison, NJ 08818-3050 V-732.906.2601/Fax 732.548.6814 Neil_Sachnoff () MiddlesexCC edu Web: http://www.MiddlesexCC.edu <http://www.middlesexcc.edu/> -----Original Message----- From: Tracy Mitrano [mailto:tbm3 () CORNELL EDU] Sent: Tuesday, March 23, 2004 11:12 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Sniffer notification Just curious on this thread about a related question: How many schools have IT policies that state something to the effect of: "[Name of Institution] does not as a practice monitor its network for content" Please note that such a statement does not prevent whatever technical measures are necessary for security and maintenance, as is explained by additional policy language. Thanks! Tracy At 10:55 AM 3/23/2004 -0500, Richard Gadsden wrote: On Tue, 23 Mar 2004, Cal Frye wrote:We're about to diagnose some networking issues here with rather aggressive use of Sniffer on student ports. We've always considered this to be pretty intrusive, and not to be done without notifying the users involved that we would be listening in. But we don't have written policies concerning this action, beyond the general statement that we (1) respect users privacy but (2) reserve the right to sniff should the need strike us. Anyone have a quick link to policies and notification documents to be sent to the user that I might have a look at and/or steal outright? I worry that there's something I might overlook in the process.If you're not sure that the existing "general statement" in your policy authorizes the diagnostic activity that you have in mind, then your first stop should be your university counsel's office. That should be part of your standard procedure for anything potentially invasive that's outside the scope of routine operations. If your legal counsel advises that you are authorized to proceed based on your existing policy, then you might, in terms of notification, simply let the affected users know about the coming diagnostic activity, and reference the policy that authorizes it. For example, were I in your shoes, I'd probably be referring the affected users to the "Privacy and Confidentiality" section of our school's computer use policy: <http://www.musc.edu/ccit/cup/cup2001.html <http://www.musc.edu/ccit/cup/cup2001.html> > --- o --- Richard Gadsden Director of Computer and Network Security Medical University of South Carolina ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/ <http://www.educause.edu/cg/> . ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Sniffer notification, (continued)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Neil_Sachnoff (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Dan Schneider (Network Administrator) (Mar 23)
- Re: Sniffer notification Doug Sandford (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification David L. Wasley (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Carol Myers (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Brian Kaye (Mar 24)
- Re: Sniffer notification Brian Eckman (Mar 24)
- Re: Sniffer notification Bruggeman, John (Mar 24)