Re: RIAA Notices

["Sweeny, Jonny" <jsweeny () IU EDU>]

As many folks do, we use logs to identify the user/machine responsible.  More details are outlined (including 
escalating procedures for repeat offenders) here: http://filesharing.iu.edu/procedure.php.

Over the last 18 months I've automated the heck out of it so we're able to more-easily handle the 60-70 notices-per day 
that we sometimes get.  Because of academic freedom, legitimate uses, and our fat pipes, we do not block p2p.

In fact I'll be presenting on automation and Incident Response tools at the Educause Security Professionals Conference 
this April in Atlanta.

> Do your students all have routable IPs?

-yes

--
~Jonny Sweeny, GSEC, GCWN, GCIH, GWAS, SSP-CNSA
Incident Response Manager, Lead Security Analyst
Office of the VP for Information Technology, Indiana University
PGP key & S/MIME cert: http://informationpolicy.iu.edu/jsweeny
jsweeny () iu edu - phone: (812)855-4194 - fax: (812)856-1011





-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S 
Malwade
Sent: Monday, January 26, 2009 10:02
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] RIAA Notices

All,

I was wondering how other Universities deal with RIAA notices ? Do you really invest the time and effort to track down 
? what methodology and tools do you use for investigation ? Do you block all peer-peer traffic ?

Thanks,
Anand

Anand Malwade
Information Security Officer,
Seton Hall University
malwadan () shu edu