Educause Security Discussion mailing list archives
Re: CALEA
From: Luke Sheppard <lshep () TCPIPLAB COM>
Date: Fri, 7 Oct 2005 13:53:34 -0700
Randy, Thanks. I'm at a private univ. so I don't have access to that stuff. I might be able to find a contact that could give it to me. But you know how it goes: my boss wants the paper today in about an hour. What I was able to find out is that everyone is just waiting for that final "order" to come down from the FCC. A couple of vendors (Cisco & Enterasys) have features in their network hardware/software that can do the intercept piece but we'd have to get some 3rd party software to make sense of the captured packets and reformat it for presentation to law enforcement. Another option is to hand the whole problem over to a "trusted 3rd party" that will, for a fee, take care of everything from receiving court orders to intercept, presentaiton, etc. Verisign offers "NetDiscovery" for this. ANother option is Fiducianet, a small outfit started by a former CALEA guy from the FBI. Let me know if you find anything else out. Luke Sheppard, CISSP lshep () tcpiplab com <<<Randy's reply omitted>>>
-----Original Message----- From: Luke Sheppard [mailto:lshep () TCPIPLAB COM] Sent: Tuesday, October 04, 2005 4:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] CALEA Many appologies if this has already been discussed recently. But I did not see any way to search the archives of this forum from the ISC2 website. I'm the security director for the IT/ISP department at the University of Southern California, so I very much need to be able to guide the university's compliance with CALEA. I've read much of the law itself as well as the FBI's 4th version of their FlexGuide. So I have an idea of what CALEA might require in the future. But what I really need to know is what will USC be required to do in 18 months, when the CALEA deadline for broadband/ISPs/universities goes into effect. I've also read the little bit that Educause has but it's more of legal stance than any actual technical guideline. So does anyone on this forum know any more about what to do about CALEA than I do? If so, please let me know. There's not much on google. Thank you. -- Luke Sheppard, CISSP Director of Information Security ISD, University of Southern California lshep () tcpiplab com (not using my usc.edu email because I want to use this address just for listservs & fora).