NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: MIT monitoring campus network traffic


>From this description, it appears that they are doing three different
things:

1) Monitoring netflow data [*].

2) Doing malware detection (the scanning).

3) Tracking DHCP assignments (the data that map IP addresses to users).

IMHO, all are (or should be) routine for any sizable network
organization.

It looks like they have selected a reasonable set of controls,
guidelines and policies.  The only thing that is at all questionable
is the lack of publishing of the policy for the netflow data.  That
may be an oversight or it may be because there is often no good place
to publish it (always a problem with large organizations).  For that
matter, it may even be published, but not in a readily findable place.

Being a graduate, I do like to hold MIT to a higher standard than
other places, but with the one item aside, where's the beef?  I'm sure
just about everywhere else does the same things with a lot fewer
controls, less well-defined polices, and worse publication.

Craig

[*] For those readers that don't know what netflow data are, Cisco
routers (and probably others) have the ability to track and report on
network flows.  Each flow is a source address, port, destination
address, port, bytes, packets, and other information.  It does not
contain any user data but only uses header information.  It is
analagous to looking at call history data.

Even with only the header information, the data are very sensitive:
you can tell a LOT about someone by looking at this data.

   [ And even knowing IP addresses and ports won't necessarily tell
     you *which* Web site somebody visited in common virtual hosting
     situations.  But that's not really the point.  If MIT feels it
     necessary to collect such data, this should have been *clearly*
     disclosed in the usage agreements that I would assume all MIT
     students, faculty, and staff must see before being granted access
     to the MIT networks.  It's not rocket science.

       -- Lauren Weinstein
          NNSquad Moderator ]