Educause Security Discussion mailing list archives
Re: RIAA Notices
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Mon, 26 Jan 2009 13:36:17 -0600
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Sana Sent: Monday, January 26, 2009 1:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] RIAA Notices Aloha, Not trying to hijack this thread but I think its relative...
[snip]
2. For those who block P2P, how do you deal with distinguishing between legitimate P2P transfers such as an ISO Linux download versus copyrighted material.
We only block by default. In fact, this is one of the reasons we have the automated tool for enabling P2P. Our disabling by default has as much to do with the inordinate load it puts on the network as anything else. Another factor is things that are "P2P-like" -- which includes (for example) matching services used by some online games. Oh, and to quibble ;), the ISO Linux download *is* a download of copyrighted material. A lot (most?) of the data going across the network is copyrighted thanks to that being automatic for qualifying works. The question really is one of license to distribute -- and I defy anyone to come up with a technical solution that can determine whether or not the source has a license (or is otherwise permitted) to distribute to the recipient(s) of the transfer. Occasionally the argument is made that P2P is "faster" but that is really only a specialty case, and even then it is *always* less efficient. Our current infrastructure can handle P2P, but we had to upgrade it because of the routing load P2P imposes. I'll take HTTP or FTP over P2P any day...
We are currently using a packet shaper to identify/throttle/block P2P in conjunction with a CS MARS box to readily flag/identify if it believes a P2P transaction is occurring. From there, we can cross reference the internal IP with Bradford to identify who the laptop is registered to (not always necessarily the owner). And because we NAT, I can also use CS MARS to do a query on reverse NAT translations when the dreaded letters come in. This process is still currently in refinement...
Sounds like a lot of work to me. The Cisco SCE handles this transparently for us... Tim Doty
mike.sana. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade Sent: Monday, January 26, 2009 5:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] RIAA Notices All, I was wondering how other Universities deal with RIAA notices ? Do you really invest the time and effort to track down ? what methodology and tools do you use for investigation ? Do you block all peer-peer traffic ? Thanks, Anand Anand Malwade Information Security Officer, Seton Hall University malwadan () shu edu
Attachment:
smime.p7s
Description:
Current thread:
- Re: RIAA Notices, (continued)
- Re: RIAA Notices John Kaftan (Jan 26)
- Re: RIAA Notices Sweeny, Jonny (Jan 26)
- Re: RIAA Notices Bob Bayn (Jan 26)
- Re: RIAA Notices Anand S Malwade (Jan 26)
- Re: RIAA Notices Stanclift, Michael (Jan 26)
- Re: RIAA Notices John Lerchey (Jan 26)
- Re: RIAA Notices John Kaftan (Jan 26)
- Re: RIAA Notices Anthony Maszeroski (Jan 26)
- Re: RIAA Notices Michael Sana (Jan 26)
- Re: RIAA Notices Stanclift, Michael (Jan 26)
- Re: RIAA Notices Doty, Timothy T. (Jan 26)
- Re: RIAA Notices Tim Cline (Jan 27)
- Re: RIAA Notices Brenda B Gombosky (Jan 27)
- Re: RIAA Notices Joel Rosenblatt (Jan 27)
- Re: RIAA Notices Scholz, Greg (Jan 27)
- Re: RIAA Notices Ken Connelly (Jan 27)
- Re: RIAA Notices Stanclift, Michael (Jan 27)
- Re: RIAA Notices Peter Charbonneau (Jan 27)
- Re: RIAA Notices Bob Bayn (Jan 27)
- Re: RIAA Notices Cal Frye (Jan 27)
- Re: RIAA Notices Valdis Kletnieks (Jan 27)
(Thread continues...)