Educause Security Discussion mailing list archives
Re: Data capture protection for security staff
From: Cal Frye <cjf () CALFRYE COM>
Date: Wed, 10 Sep 2008 16:08:48 -0400
Young, Beth A. wrote:
Hello, I am looking for example statements that people have used for permission to do packet captures or other traffic/computer analysis that may involved confidential information whether that statement is a blanket policy statement warning every user that there is no expectation of privacy or statements included in job descriptions.
Excerpt from our AUP: "Oberlin College values the free flow of information. The College respects individual privacy, civility, and intellectual property rights. Because an electronic environment is easily disrupted and electronic information is readily copied, users of the College’s resources are honor-bound to promote and protect these institutional values. "Under normal circumstances, College officials will not examine personal information transmitted over the network or stored on College-owned computers. However, the College reserves the right to monitor system resources, including activity and accounts, with or without notice, when: * necessary to protect the integrity, security, or functionality of College computing resources * an account or system is engaged in unusual or excessive activity * it has good cause to believe that regulations, rules, or laws are being violated. "Additionally, the normal operation and maintenance of the College’s computing resources requires the backup of data, the logging of activity, the monitoring of general usage patterns, and other such activities as may be necessary in order to provide desired services." In practice, we usually ask permission to set up a port mirror and capture traffic if investigating a particular user's end connection. When working on server issues or generally around the network, packet captures are done as needed. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "Acceptance without proof is the fundamental characteristic of Western religion; rejection without proof is the fundamental characteristic of Western science." -- Gary Zukav, from "The Dancing Wu Li Masters."
Current thread:
- Data capture protection for security staff Young, Beth A. (Sep 09)
- <Possible follow-ups>
- Re: Data capture protection for security staff Bob Kalal (Sep 09)
- Re: Data capture protection for security staff Martin Manjak (Sep 09)
- Re: Data capture protection for security staff Basgen, Brian (Sep 09)
- Re: Data capture protection for security staff Cal Frye (Sep 10)