Educause Security Discussion mailing list archives
Re: consequences for student hacking
From: "Halliday,Paul" <Paul.Halliday () NSCC CA>
Date: Tue, 19 Feb 2008 22:19:51 -0400
"What do your institutions do when you catch a student sniffing the wired or wireless network for userID's and passwords?" This is an interesting question. Years ago a close friend of mine made the following statement: "I will stop listening to your conversations when you stop transmitting them to me" This prompts the following: If I happen to be 'passively' collecting data that 'your' network happens to be providing me with, have I done something wrong? If you feel I have, how will you prove it? If your answer is because I have another users credentials, I will vehemently deny it and claim that the user gave me those credentials for xyz reason. If you wish to pursue it further, your arguments will be nothing but speculation. That said It is your responsibility to sanitize, or at least police what type of information a casual observer can glean from your network (passively). If the offender has transpired past casual observation and is actively scanning, probing, sniffing (as we will now be aware of it (contrary to the opinion of a previous poster)) then that person is doing something illegal :) and last time I checked policies do not trump law. -p ________________________________ From: The EDUCAUSE Security Constituent Group Listserv on behalf of Bob Henry Sent: Tue 2/19/2008 5:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] consequences for student hacking Boise State has a policy restricting the use of network scanners, host scanners, sniffers, etc. to those approved by the Network Engineer. The consequences for violating the policy are described with these words: Depending on the seriousness of an offense, violation of this policy can result in penalties ranging from reprimand, to loss of use, to referral to University authorities for disciplinary action, to criminal prosecution. That's the theory. I'm looking for a reality check. What do your institutions do when you catch a student sniffing the wired or wireless network for userID's and passwords? Thanks,
Current thread:
- consequences for student hacking Bob Henry (Feb 19)
- <Possible follow-ups>
- Re: consequences for student hacking Valdis Kletnieks (Feb 19)
- Re: consequences for student hacking Halliday,Paul (Feb 19)
- Re: consequences for student hacking Halliday,Paul (Feb 19)
- Re: consequences for student hacking Eric Case (Feb 19)
- Re: consequences for student hacking Bob Mahoney (Feb 19)
- Re: consequences for student hacking Valdis Kletnieks (Feb 19)
- Re: consequences for student hacking Bill Brinkley (Feb 20)
- Re: consequences for student hacking Doug Markiewicz (Feb 20)
- Re: consequences for student hacking Schley Andrew Kutz (Feb 20)
- consequences for student hacking Tom Siu (Feb 20)