Re: Sniffer notification

[Brian Kaye <bdk () UNB CA>]

Below are the words from our "draft" policy (since December 1999).

Basically we took ownership of everthing. Its our network. We paid for it.
If they want to use the network they must accept this. The AUP they sign
off on (but probably don't read) says:

"UNB is the owner and operator of these facilities. When there is evidence
of a problem, authorized personnel may examine any file or system on
any computer attached to UNB's networks, in order to identify the cause and
effect a repair."



They get two chances to read this. One is at they time they register their
computer and the second is when we email them a copy of the AUP. This
covers student owned machines as well as staff and faculty machines. Lab
machines are covers by an AUP they sign off on when they register for
their account(s) and email id.


.......Brian Kaye
.....UNB


Traffic Monitoring - On an ongoing basis Computing services staff monitor
the types of traffic (protocols), amount of traffic (bytes sent and
received), source and destinations as well as traffic patterns. When
necessary because of network incidents or other security violations
Computing Services will monitor, record and analyze traffic to and from
particular workstations.

Network Server Monitoring - Computing Services and other departments
operate servers on the network to provide various resources to the
University community. Records are maintained for 2 months as to who
uses workstations, when they were used and for how long. Other records are
maintained with respect to server performance. When necessary, because
of security incidents or performance issues more detailed information may
be recorded and kept. Note the University reserves the right to
examine any file on any personal computer, workstation or server owned by
the University, connected to the University's network or located on
university property. This includes University owned machines which may be
used at home. This also includes personal machines which are connected to the
University network.

Physical Monitoring of Labs - The University has begun to monitor its
publicly accessible laboratories with video surveilance equipment. Visual
records of the use of these facilities are kept for 2 weeks. When
incidents are detected these records are kept for as long as necessary to
resolve the incident.


On Tue, 23 Mar 2004, Neil_Sachnoff wrote:

> Date: Tue, 23 Mar 2004 11:14:52 -0500
> From: Neil_Sachnoff <Neil_Sachnoff () MIDDLESEXCC EDU>
> Reply-To: The EDUCAUSE Security Discussion Group Listserv
>     <SECURITY () LISTSERV EDUCAUSE EDU>
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Sniffer notification
>
> Our Acceptable Use Policy includes the following statements:
>
>
>
> "To insure adherence to these standards and protect the integrity of its
> computing resources, the college reserves the right to monitor such
> resources.  Any behavior in violation of the college's standards is cause
> for disciplinary action."
>
>
>
> Neil S. Sachnoff, Executive Director, Information Technology
>
> Middlesex County College
>
> 2600 Woodbridge Avenue, JLC Rm. 209
>
> Edison, NJ 08818-3050
>
> V-732.906.2601/Fax 732.548.6814
>
> Neil_Sachnoff () MiddlesexCC edu
>
> Web: http://www.MiddlesexCC.edu <http://www.middlesexcc.edu/>
>
>
>
> -----Original Message-----
> From: Tracy Mitrano [mailto:tbm3 () CORNELL EDU]
> Sent: Tuesday, March 23, 2004 11:12 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Sniffer notification
>
>
>
> Just curious on this thread about a related question:
>
>         How many schools have IT policies that state something to the effect
> of:
>
>         "[Name of Institution] does not as a practice monitor its network
> for content"
>
> Please note that such a statement does not prevent whatever technical
> measures are necessary for security and maintenance, as is explained by
> additional policy language.
>
> Thanks!
>
> Tracy
>
>
>
>
> At 10:55 AM 3/23/2004 -0500, Richard Gadsden wrote:
>
>
>
> On Tue, 23 Mar 2004, Cal Frye wrote:
>
> > We're about to diagnose some networking issues here with rather
> > aggressive use of Sniffer on student ports. We've always considered this
> > to be pretty intrusive, and not to be done without notifying the users
> > involved that we would be listening in. But we don't have written
> > policies concerning this action, beyond the general statement that we
> > (1) respect users privacy but (2) reserve the right to sniff should the
> > need strike us.
> >
> > Anyone have a quick link to policies and notification documents to be
> > sent to the user that I might have a look at and/or steal outright? I
> > worry that there's something I might overlook in the process.
>
> If you're not sure that the existing "general statement" in your policy
> authorizes the diagnostic activity that you have in mind, then your first
> stop should be your university counsel's office. That should be part of
> your standard procedure for anything potentially invasive that's outside
> the scope of routine operations.
>
> If your legal counsel advises that you are authorized to proceed based on
> your existing policy, then you might, in terms of notification, simply let
> the affected users know about the coming diagnostic activity, and
> reference the policy that authorizes it.
>
> For example, were I in your shoes, I'd probably be referring the affected
> users to the "Privacy and Confidentiality" section of our school's
> computer use policy:
>
>  <http://www.musc.edu/ccit/cup/cup2001.html
> <http://www.musc.edu/ccit/cup/cup2001.html> >
>
>  --- o ---
>  Richard Gadsden
>  Director of Computer and Network Security
>  Medical University of South Carolina
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/cg/
> <http://www.educause.edu/cg/> .
>
> ********** Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/cg/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.