Educause Security Discussion mailing list archives
consequences for student hacking
From: Tom Siu <thomas.siu () CASE EDU>
Date: Wed, 20 Feb 2008 23:04:00 -0500
Bob, First, since you have a policy prohibiting the activity, and hopefully clearly delineated consequences, you should determine if your institution has the will to enforce the policy. In the case of students, you need to have a good relationship with your student affairs group, who usually has governance over the student population. The 'zero tolerance' approach works if you tell everybody all the time ad nauseum before hand. Be sure your acceptable use policy prohibits illegal activity, and you can use that as the fulcrum for all your other policy. Typically any number of sensors will correlate a host scanning, so you will have indirect evidence on hand. Determining if you have a person actually running nessus, nmap, hping, etc., is another topic because you'll need to pretty much catch them in the act. When somebody installs and runs a utility like CainAbel, which does ARP spoofing, the network problems that arise help you find them. If this happens from a staff or faculty perspective, we investigate and deliver a stern warning, first offense. If it is a student, we can seize the machine with the assistance of student affairs/housing (not under direction of law enforcement) to determine what happened. We then engage the judicial process, unless it looks like criminal activity was evident, then it might go that direction. Check to see what student housing does with drug abuse/marijuana cases, because there might a similar precedent for having them let your staff into a student campus residence for 'probable cause.' The legality needs to be maintained as administrative action under your housing rules. Regards, Tom On Feb 20, 2008, at 12:00 AM, SECURITY automatic digest system wrote:
From: The EDUCAUSE Security Constituent Group Listserv on behalf of Bob = Henry Sent: Tue 2/19/2008 5:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] consequences for student hacking Boise State has a policy restricting the use of network scanners, host scanners, sniffers, etc. to those approved by the Network Engineer. The consequences for violating the policy are described with these words:=20 Depending on the seriousness of an offense, violation of this policy can result in penalties ranging from reprimand, to loss of use, to referral to University authorities for disciplinary action, to criminal prosecution. That's the theory. I'm looking for a reality check. What do your institutions do when you catch a student sniffing the wired or wireless network for userID's and passwords? Thanks,
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ||| Tom Siu Chief Information Security Officer Case Western Reserve University thomas.siu () case edu www.case.edu/its/security my pgp key can be found at pgpkeys.mit.edu 216-368-6959 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ||| * Make sure you sign up for CaseWARN notifications at https://its-services.case.edu/my-case-notifications/
Current thread:
- consequences for student hacking Bob Henry (Feb 19)
- <Possible follow-ups>
- Re: consequences for student hacking Valdis Kletnieks (Feb 19)
- Re: consequences for student hacking Halliday,Paul (Feb 19)
- Re: consequences for student hacking Halliday,Paul (Feb 19)
- Re: consequences for student hacking Eric Case (Feb 19)
- Re: consequences for student hacking Bob Mahoney (Feb 19)
- Re: consequences for student hacking Valdis Kletnieks (Feb 19)
- Re: consequences for student hacking Bill Brinkley (Feb 20)
- Re: consequences for student hacking Doug Markiewicz (Feb 20)
- Re: consequences for student hacking Schley Andrew Kutz (Feb 20)
- consequences for student hacking Tom Siu (Feb 20)