[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IMRG] privacy and network monitoring

To: Stephan Bohacek <bohacek@eecis.udel.edu>
Subject: Re: [IMRG] privacy and network monitoring
From: "Jin Guojun [DSD]" <j_guojun@lbl.gov>
Date: Wed, 17 Dec 2003 14:42:44 -0800
Cc: imrg@ietf.org
List-help: <mailto:imrg-request@ietf.org?subject=help>
List-id: Internet Measurement Research Group <imrg.ietf.org>
List-post: <mailto:imrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/imrg>,<mailto:imrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/imrg>,<mailto:imrg-request@ietf.org?subject=unsubscribe>
References: <ABEOJLOIOAGFICFCJOBGKEAACPAA.bohacek@eecis.udel.edu>
Sender: imrg-admin@ietf.org

Stephan Bohacek wrote:

> I am interested in making passive network measurements at my university.
> However, the system administrators are hesitant to allow access to the
> network. I suppose that they are worried that we will steal credit card
> numbers, steal passwords and break into machines that control payroll,
> become involved in lawsuits, etc. In order to make my case, I would like to
> explain what types of privacy and security measures are taken at other
> universities. Any information in this regard would be very useful.
>
> If you don?t want to announce to the world that you have a hard drive
> somewhere with full packet data, feel free to respond directly to me.
>
> Stephan

It is hard to make your case strong anywhere if you want to sniff on the wire
for everything..
You may argue that all purchasing/payroll should be SSL encrypted, but what
about email, etc.

We have deployed a number of passive boxes -- called SCNM -- in a several
edge routers around country. See more information about SCNM at:
    http://dsd.lbl.gov/SCNM
The security model is that users can only watch their own traffic.
This means that users must have valid accounts on one or both sides of a path
to generate traffic as well as activation/deactivation signals.
Or users can be authorized from third place to obtain traffic permitted to
watch.
In addition, only L3/L4 headers are captured. This will be the case that can be
accepted by network sys-admin people.

The next issue is who will maintain these monitoring boxes? Probably not a user,

because whoever can access a monitoring box, this one also can get all traffic
from the box. This means that network sys-admin has to do maintenance.
Will network sys-admin personnel be willing to do that? even though these
monitoring boxes are virtually maintenance free.
If they are, then you may ask them to set up a SCNM box for you.
Asking for router access or your own monitoring on DMZ is almost
impossible thing.

--
------------ Jin Guojun ----------- v --- j_guojun@lbl.gov ---
Distributed Systems Department          http://www.itg.lbl.gov/~jin
M/S 50B-2239                            Ph#:(510) 486-7531 Fax: 486-6363
Lawrence Berkeley National Laboratory,  Berkeley, CA 94720

_______________________________________________
IMRG mailing list
IMRG@ietf.org
https://www1.ietf.org/mailman/listinfo/imrg

References:
- [IMRG] privacy and network monitoring
  - From: Stephan Bohacek

Prev by Date: [IMRG] privacy and network monitoring
Next by Date: [IMRG] NetMeter
Previous by thread: [IMRG] privacy and network monitoring
Next by thread: [IMRG] NetMeter
Index(es):
- Date
- Thread