Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MIT monitoring campus network traffic

From: David Farber <dave () farber net>
Date: Sat, 18 Apr 2009 18:39:17 -0400


Begin forwarded message:

From: "Craig A. Finseth" <fin () finseth com>
Date: April 17, 2009 4:56:37 PM EDT
To: lauren () vortex com
Cc: nnsquad () nnsquad org
Subject: [ NNSquad ] Re: MIT monitoring campus network traffic
Reply-To: fin () finseth com


From this description, it appears that they are doing three different

things:

1) Monitoring netflow data [*].

2) Doing malware detection (the scanning).

3) Tracking DHCP assignments (the data that map IP addresses to users).

IMHO, all are (or should be) routine for any sizable network
organization.

It looks like they have selected a reasonable set of controls,
guidelines and policies.  The only thing that is at all questionable
is the lack of publishing of the policy for the netflow data.  That
may be an oversight or it may be because there is often no good place
to publish it (always a problem with large organizations).  For that
matter, it may even be published, but not in a readily findable place.

Being a graduate, I do like to hold MIT to a higher standard than
other places, but with the one item aside, where's the beef?  I'm sure
just about everywhere else does the same things with a lot fewer
controls, less well-defined polices, and worse publication.

Craig

[*] For those readers that don't know what netflow data are, Cisco
routers (and probably others) have the ability to track and report on
network flows.  Each flow is a source address, port, destination
address, port, bytes, packets, and other information.  It does not
contain any user data but only uses header information.  It is
analagous to looking at call history data.

Even with only the header information, the data are very sensitive:
you can tell a LOT about someone by looking at this data.

  [ And even knowing IP addresses and ports won't necessarily tell
    you *which* Web site somebody visited in common virtual hosting
    situations.  But that's not really the point.  If MIT feels it
    necessary to collect such data, this should have been *clearly*
    disclosed in the usage agreements that I would assume all MIT
    students, faculty, and staff must see before being granted access
    to the MIT networks.  It's not rocket science.

      -- Lauren Weinstein
         NNSquad Moderator ]









-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: