Educause Security Discussion mailing list archives
Re: consequences for student hacking
From: Bob Mahoney <bobmah () MIT EDU>
Date: Tue, 19 Feb 2008 22:45:36 -0500
I don't know the current policy, but I think MIT had a successful approach to this in years past: Only the security team was allowed to scan on the main campus. Departments who fully managed their own networks (CSAIL, Media Lab, etc) were allowed to scan their own address space. (The machines had intentionally-reassuring hostnames, like "SECURITY-SCAN-1", for the benefit of the log reading audience) Random machines scanning the network were assumed to be compromised, and taken off the net. The resulting conversation with the owner usually had three possible outcomes: 1) Machine is compromised => cleanup and return to service 2) User is scanning intentionally, for "no good reason". "Vigilante bandwidth policing" in the dorms was a common Bad Reason... A stern, in-person talking to, and a serious ethics refresh were the usual first-offense result. (student network privacy was taken seriously, and the lecture was not fun for the offender) Subsequent foolishness was rare, and dealt with more harshly. 3) Very occasionally, the student was scanning or sniffing intentionally, but for an actual good reason we would accept. This was commonly a CS student trying to debug some project. We would ask probing questions, do an ethics refresh, set some limits, and send them on their way. The reality was that actual student hacking events were quite rare, and usually did fall into the Vigilantism model. The reasoning behind allowing "good reasons" was simple: We (security) were tasked to support research and education, usually by preventing or interrupting bad things. But sometimes, we supported the mission by not being an obstruction. Guess at event distribution: 80% were Case 1, 15% Case 2, 5% Case 3 Just a random historical data point. (and again, I do not know the current policy regarding this issue) -Bob On Feb 19, 2008, at 4:38 PM, Bob Henry wrote:
Boise State has a policy restricting the use of network scanners, host scanners, sniffers, etc. to those approved by the Network Engineer. The consequences for violating the policy are described with these words: Depending on the seriousness of an offense, violation of this policy can result in penalties ranging from reprimand, to loss of use, to referral to University authorities for disciplinary action, to criminal prosecution. That's the theory. I'm looking for a reality check. What do your institutions do when you catch a student sniffing the wired or wireless network for userID's and passwords? Thanks,
Current thread:
- consequences for student hacking Bob Henry (Feb 19)
- <Possible follow-ups>
- Re: consequences for student hacking Valdis Kletnieks (Feb 19)
- Re: consequences for student hacking Halliday,Paul (Feb 19)
- Re: consequences for student hacking Halliday,Paul (Feb 19)
- Re: consequences for student hacking Eric Case (Feb 19)
- Re: consequences for student hacking Bob Mahoney (Feb 19)
- Re: consequences for student hacking Valdis Kletnieks (Feb 19)
- Re: consequences for student hacking Bill Brinkley (Feb 20)
- Re: consequences for student hacking Doug Markiewicz (Feb 20)
- Re: consequences for student hacking Schley Andrew Kutz (Feb 20)
- consequences for student hacking Tom Siu (Feb 20)