Re: HEOA Question

["Gioia, Matthew P." <MGioia () STLCC EDU>]

This is similar to what we do as well - things get dicey and when the
complaint doesn't include the source port though - usually you can pin
it down throwing in netflow and/or application layer data as well
though. So you'll be going through logs or reports from the firewall +
dhcp server (which you could also throw at syslog) + netflow + whatever
traffic shaping device in the roughest circumstances. Having some
application or scripts to search through the logs will really speed up
the process.

 

 

Matthew Gioia, CISSP

Network Security Analyst

St. Louis Community College

(314) 539-5075

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bulanda, Dave G
Sent: Monday, January 31, 2011 9:25 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HEOA Question

 

Bill,

I have been using NAT on my perimeter for about 10 years...  I logged
the translations to a syslog server. Then match outside to inside
addresses for the time. All my students are registered with PacketFence
NAC. Just look up the inside translation address to the Packetfence
logs/interface (sometime against DHCP logs to verify). The process can
suck... but I can usually process a notice fairly quickly. I don't have
to handle very many notices since we lay it on the Freshman about using
file-sharing. Plus the small fine for violation helps a bit.

 

David Bulanda
Network Services Manager
dgbulanda () indianatech edu

Indiana Tech <http://www.indianatech.edu/> 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of William Derwostyp
Sent: Monday, January 31, 2011 9:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] HEOA Question

 

I need some input.

Here at USM the students are segregated to a wireless network that is
now behind a single address(NAT). This has caused a problem with
responding to RIAA notices as we cannot tie the notice to a specific
user on the network which in turn affect the compliance to the "Higher
Education Opportunity Act" (HEOA).

 

I am going to assume that there are other universities that use the NAT
process to control traffic on their perimeter and use non-routable
addresses on the internal network. Is there any tool or application I
can use that will help to tie the notices back to the person without
having to go back to public addressing?

 

William (Bill) Derwostyp, 

CISSP, G7799, GCIH, GSNA, GSLC, GSPA, GSEC, CCNA, CCSE

Technology Security Officer University of Southern Mississippi

william.derwostyp () usm edu

Office: 601-266-5416

 

  

Confidentiality Note: The information contained in this e-mail and/or
document(s) attached is for the exclusive use of the individual named
above and may contain confidential, privileged, and non- disclosable
information. If you are not the intended recipient, you are hereby
notified that you are strictly prohibited from reading, photocopying,
distributing or otherwise using this e-mail or contents in any way. If
you have received this transmission in error, please notify me
immediately.