NNSquad - Network Neutrality Squad
[ NNSquad ] Re: MIT monitoring campus network traffic
>From this description, it appears that they are doing three different things: 1) Monitoring netflow data [*]. 2) Doing malware detection (the scanning). 3) Tracking DHCP assignments (the data that map IP addresses to users). IMHO, all are (or should be) routine for any sizable network organization. It looks like they have selected a reasonable set of controls, guidelines and policies. The only thing that is at all questionable is the lack of publishing of the policy for the netflow data. That may be an oversight or it may be because there is often no good place to publish it (always a problem with large organizations). For that matter, it may even be published, but not in a readily findable place. Being a graduate, I do like to hold MIT to a higher standard than other places, but with the one item aside, where's the beef? I'm sure just about everywhere else does the same things with a lot fewer controls, less well-defined polices, and worse publication. Craig [*] For those readers that don't know what netflow data are, Cisco routers (and probably others) have the ability to track and report on network flows. Each flow is a source address, port, destination address, port, bytes, packets, and other information. It does not contain any user data but only uses header information. It is analagous to looking at call history data. Even with only the header information, the data are very sensitive: you can tell a LOT about someone by looking at this data. [ And even knowing IP addresses and ports won't necessarily tell you *which* Web site somebody visited in common virtual hosting situations. But that's not really the point. If MIT feels it necessary to collect such data, this should have been *clearly* disclosed in the usage agreements that I would assume all MIT students, faculty, and staff must see before being granted access to the MIT networks. It's not rocket science. -- Lauren Weinstein NNSquad Moderator ]