Re: IRC policies

["Hull, Dave" <dphull () KU EDU>]

I agree. There are legitimate uses for IRC. I'm logged into several IRC
channels on a daily basis as I work on various software development
projects. Being able to field questions to a group of developers and get
immediate feedback is invaluable.

Whitelisting legit users is a great idea. Require users to register in
order to use IRC, but I don't think I'd block it out right.

-- 
Dave Hull, CISSP, CHFI
IT Director
KU School of Architecture & Urban Planning
785-864-2629 

"The free world says that software is the embodiment of knowledge about
technology, which needs to be free in the same way that mathematics is
free." 
-- Eben Moglen, Software Freedom Law Center 

-----Original Message-----
From: Elliot Kendall [mailto:ekendall () BRANDEIS EDU] 
Sent: Wednesday, June 06, 2007 7:59 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IRC policies

On 2007-06-06 07:47:14 -0400, Knowles, Richard N. CISSP PMP wrote:
> Are there any schools that are blocking IRC to curb 'bot activity?

We use some rules built into Snort to monitor IRC activity, but do not
block it outright. Once we confirm that a particular user is legitimate,
we whitelist them to avoid further alerts. This system also allows us to
identify and remediate infected machines. If you simply block IRC,
infected machines may be safe while they remain on campus, but will
start causing problems as soon as they're connected to a different
network.

I've been very surprised by the number of legitimate IRC users we have
on campus. I had thought IRC's popularity was on the wane, but many
applications with chat functionality use it as a backend. For that
reason, I would be very careful about blocking it completely.

--
Elliot Kendall <ekendall () brandeis edu>
Network Security Architect
Brandeis University

Trouble replying? See http://people.brandeis.edu/~ekendall/sign/