[unisog] IDS vs. Privacy

Andrea Tanner andrea.tanner at emich.edu
Tue Feb 3 18:24:28 GMT 2004

I think everyone who has posted replies has some very valid points
and suggestions, so won't reiterate that here.  :)

Maybe I am overlooking something obvious, but what exactly is this
IT management trying to protect?  "Privacy Policies" is vague.  Are
they concerned about the privacy of student data (ie a person
not authorized to know student social security numbers or health
information may see this information) or some other privacy concern?

At a place I worked at before, we had to sign forms (and so did all the
people who worked with student data).  It was more of an awareness
thing.  And not to mention it showed that the University
was trying to hold people accountable and was educating it's own
ranks about student data privacy.  If anyone did anything wrong, they
could hold them against the signed form.  I am not sure how your
data centers/server rooms are, but at my previous school they had
cameras as well that recorded who went in and out of the room and
at what time.   I am not sure if that is done here at Eastern MI; I am
not a part of the central IT ranks.

I guess I would rather hear the management's worst-case scenario
as to what they are afraid of.  Like someone said, they might be
misinformed or confused about something.  Once you get that
out in the open, try to figure out ways to prevent it with audits,
checks-and-balances, etc.  If they are afraid of their own IT staff,
maybe they would accept criminal background checks before hiring, for

That is just my thoughts off the top of my head. ;)

Andrea Tanner                          Academic Technology Specialist
andrea.tanner at emich.edu       Academic Programming
734-487-0169                           225 Rackham

On Monday, February 2, 2004, at 03:33 PM, E. Larry Lidz wrote:

> Hello,
> I was asked, as moderator, to pose this question to the group from
> someone at an institution who wished to remain anonymous. They fear 
> that
> if this message was public their institution might be the target of
> unwanted attention from the underground.
> The institution has about 25,000 machines on their network, and had 
> been
> running an IDS system which received a copy of all traffic across the
> network's gateway to the Internet/I2. The IDS system had a track record
> of being successful -- it detected most of the viruses, worms, port
> scans, spam relays, proxies, rogue FTP sites, rogue IRC bots, and so
> forth.
> IT management then changed. The IDS system was shut off with no advance
> notice over the concern that it might lead to a compromise of privacy
> policies. The new management believes that people having access raw
> packets is an unacceptable risk. They felt that technologies that
> summarize information (Cisco Flows from a router/switch, mirroring
> traffic to an IDS system that has no ability to sniff, etc.) about the
> traffic is acceptable, however.
> They would like to know: has anyone been in a similar situation? If so,
> were you able to bring back your IDS? What arguments were compelling to
> management? Are other institutions similarly concerned about the 
> privacy
> issues involved? Why or why not?
> Any other advice?
> -Larry

More information about the unisog mailing list