Educause Security Discussion mailing list archives
Re: HEOA Question
From: "William C. Moore" <wcmoore () VALDOSTA EDU>
Date: Tue, 1 Feb 2011 19:32:32 +0000
Bill, If your network is like our network once was I never found a viable solution beyond netflows. The main hurdle for me was the single NAT'ed address and a few hundred users authenticated and active (using the same single IP) at the time the RIAA noted the alleged infringement (from that single IP). We moved away from that architecture which allowed our guys to pinpoint users reported by the RIAA/MPAA but more importantly to track reports from REN-ISAC. The issue we had with netflows was the volume of log data over periods of time and at the time RIAA notices were not as quick. We did not choose this option but one that I think is possible is to set aside a range of addresses and do a one-to-one translation. This will most likely require you to determine what your highest number of "online" users are at peak times and set your range a little beyond that. Of course you will also need to determine your address lease times and negotiate what is acceptable. The trick here though is to log the authentication / address / (I also suggest MAC addresses) date / time stamps so when you receive an abuse report you can tell which private IP was associated to the public IP at a given time and then which user was authenticated and provided the associated public/private IP pair (MAC to determine if it was the user's desktop or laptop). Best of luck. Bill William C. Moore II, CISSP, MEd, MLIS Chief Information Security Officer Division of Information Technology Valdosta State University Valdosta, GA 31698 Phone:(229)333-5974 Fax: (229)245-4349 *********************************************************************** The information transmitted is intended only for the person addressed. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this message in error, please contact the sender and delete or destroy this message and any copies. *********************************************************************** From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of William Derwostyp Sent: Monday, January 31, 2011 9:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] HEOA Question I need some input. Here at USM the students are segregated to a wireless network that is now behind a single address(NAT). This has caused a problem with responding to RIAA notices as we cannot tie the notice to a specific user on the network which in turn affect the compliance to the "Higher Education Opportunity Act" (HEOA). I am going to assume that there are other universities that use the NAT process to control traffic on their perimeter and use non-routable addresses on the internal network. Is there any tool or application I can use that will help to tie the notices back to the person without having to go back to public addressing? William (Bill) Derwostyp, CISSP, G7799, GCIH, GSNA, GSLC, GSPA, GSEC, CCNA, CCSE Technology Security Officer University of Southern Mississippi william.derwostyp () usm edu<mailto:william.derwostyp () usm edu> Office: 601-266-5416 [Description: Description: cid:image001.jpg@01CB3E13.82661520][Description: Description: Description: CCNA_security_sm] Confidentiality Note: The information contained in this e-mail and/or document(s) attached is for the exclusive use of the individual named above and may contain confidential, privileged, and non- disclosable information. If you are not the intended recipient, you are hereby notified that you are strictly prohibited from reading, photocopying, distributing or otherwise using this e-mail or contents in any way. If you have received this transmission in error, please notify me immediately.
Current thread:
- Re: HEOA Question, (continued)
- Re: HEOA Question Harry E Flowers (flowers) (Feb 02)
- Re: HEOA Question Dave Inman (Feb 03)
- Re: HEOA Question Dexter Caldwell (Jan 31)
- Re: HEOA Question Cal Frye (Jan 31)
- Re: HEOA Question Jacobson, Dick (Jan 31)
- Re: HEOA Question Dexter Caldwell (Jan 31)
- Re: HEOA Question Jacobson, Dick (Jan 31)
- Re: HEOA Question Cal Frye (Jan 31)
- Re: HEOA Question Cal Frye (Jan 31)