Educause Security Discussion mailing list archives
Re: P2P sensitive data searches
From: "Consolvo, Corbett D" <cc72 () TXSTATE EDU>
Date: Thu, 24 Apr 2008 11:18:20 -0500
We are searching the P2P networks in general (across the Internet). The data in question that was discovered was personal data not related in any way to Texas State University. We have discovered some need to see whether our data is being shared in general, not just on campus. We don't run a P2P network ourselves and generally block P2P at our edge. We are first most interested in looking for institutional data but anything we can do to protect student data is certainly high on the list. Thanks, Corbett -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian Sent: Thursday, April 24, 2008 10:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] P2P sensitive data searches Hi Corbett, Is your P2P inspection on your local resnets, and/or academic or administrative networks? I'm not clear on whether or not the information you found is institutional data, or if it is data being leaked from a student's personal computer, for example. If you are checking resnets, I'm guessing your objective is bigger than just institutional data, and also includes the general intent to protect students? ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Consolvo, Corbett D Sent: Thursday, April 24, 2008 7:17 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] P2P sensitive data searches Scenario: We have begun doing investigation in to whether any sensitive data from our institution (Texas State University) is showing up on P2P networks. We are doing this right now through keyword searches. Issue: We are coming across sensitive/confidential personal information (SSN, Drivers License, etc.). While a lot of this seems to be fake (perhaps a honeypot situation), a small amount of legitimate information looks to be accidentally shared. I feel that we have an ethical obligation to at least make an attempt to either pass the information to an appropriate agency or contact the individual. Does anyone have any suggestions or thoughts about the path to take as well as any possible issues with pursuing this? Thanks for any input, Corbett Consolvo Texas State University Cc72 () txstate edu
Current thread:
- P2P sensitive data searches Consolvo, Corbett D (Apr 24)
- <Possible follow-ups>
- Re: P2P sensitive data searches Jenkins, Matthew (Apr 24)
- Re: P2P sensitive data searches Basgen, Brian (Apr 24)
- Re: P2P sensitive data searches Consolvo, Corbett D (Apr 24)
- Re: P2P sensitive data searches Kathy Bergsma (Apr 24)