Re: RIAA Notices

["Doty, Timothy T." <tdoty () MST EDU>]

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Sana
> Sent: Monday, January 26, 2009 1:01 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] RIAA Notices
>
> Aloha,
>
> Not trying to hijack this thread but I think its relative...
[snip]
> 2. For those who block P2P, how do you deal with distinguishing between
> legitimate P2P transfers such as an ISO Linux download versus
> copyrighted material.

We only block by default. In fact, this is one of the reasons we have the
automated tool for enabling P2P. Our disabling by default has as much to do
with the inordinate load it puts on the network as anything else. Another
factor is things that are "P2P-like" -- which includes (for example)
matching services used by some online games.

Oh, and to quibble ;), the ISO Linux download *is* a download of copyrighted
material. A lot (most?) of the data going across the network is copyrighted
thanks to that being automatic for qualifying works. The question really is
one of license to distribute -- and I defy anyone to come up with a
technical solution that can determine whether or not the source has a
license (or is otherwise permitted) to distribute to the recipient(s) of the
transfer.

Occasionally the argument is made that P2P is "faster" but that is really
only a specialty case, and even then it is *always* less efficient. Our
current infrastructure can handle P2P, but we had to upgrade it because of
the routing load P2P imposes. I'll take HTTP or FTP over P2P any day...

> We are currently using a packet shaper to identify/throttle/block P2P
> in
> conjunction with a CS MARS box to readily flag/identify if it believes
> a
> P2P transaction is occurring.  From there, we can cross reference the
> internal IP with Bradford to identify who the laptop is registered to
> (not always necessarily the owner).  And because we NAT, I can also use
> CS MARS to do a query on reverse NAT translations when the dreaded
> letters come in.  This process is still currently in refinement...

Sounds like a lot of work to me. The Cisco SCE handles this transparently
for us...

Tim Doty

> mike.sana.
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
> Sent: Monday, January 26, 2009 5:02 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] RIAA Notices
>
> All,
>
> I was wondering how other Universities deal with RIAA notices ? Do you
> really invest the time and effort to track down ? what methodology and
> tools do you use for investigation ? Do you block all peer-peer traffic
> ?
>
> Thanks,
> Anand
>
> Anand Malwade
> Information Security Officer,
> Seton Hall University
> malwadan () shu edu

Attachment: smime.p7s
Description: