Interesting People mailing list archives
Re: MIT monitoring campus network traffic
From: David Farber <dave () farber net>
Date: Sat, 18 Apr 2009 18:39:17 -0400
Begin forwarded message: From: "Craig A. Finseth" <fin () finseth com> Date: April 17, 2009 4:56:37 PM EDT To: lauren () vortex com Cc: nnsquad () nnsquad org Subject: [ NNSquad ] Re: MIT monitoring campus network traffic Reply-To: fin () finseth com
From this description, it appears that they are doing three different
things: 1) Monitoring netflow data [*]. 2) Doing malware detection (the scanning). 3) Tracking DHCP assignments (the data that map IP addresses to users). IMHO, all are (or should be) routine for any sizable network organization. It looks like they have selected a reasonable set of controls, guidelines and policies. The only thing that is at all questionable is the lack of publishing of the policy for the netflow data. That may be an oversight or it may be because there is often no good place to publish it (always a problem with large organizations). For that matter, it may even be published, but not in a readily findable place. Being a graduate, I do like to hold MIT to a higher standard than other places, but with the one item aside, where's the beef? I'm sure just about everywhere else does the same things with a lot fewer controls, less well-defined polices, and worse publication. Craig [*] For those readers that don't know what netflow data are, Cisco routers (and probably others) have the ability to track and report on network flows. Each flow is a source address, port, destination address, port, bytes, packets, and other information. It does not contain any user data but only uses header information. It is analagous to looking at call history data. Even with only the header information, the data are very sensitive: you can tell a LOT about someone by looking at this data. [ And even knowing IP addresses and ports won't necessarily tell you *which* Web site somebody visited in common virtual hosting situations. But that's not really the point. If MIT feels it necessary to collect such data, this should have been *clearly* disclosed in the usage agreements that I would assume all MIT students, faculty, and staff must see before being granted access to the MIT networks. It's not rocket science. -- Lauren Weinstein NNSquad Moderator ] ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- MIT monitoring campus network traffic David Farber (Apr 17)
- <Possible follow-ups>
- Re: MIT monitoring campus network traffic David Farber (Apr 17)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 21)