1. It is my opinion that if a user (staff or student) wishes to use a machine connected to a university or other network then they should expect to be subject to security checks which will include, for example, port scanning for listening trojans, smtp servers, ftp servers, web servers, cards in promiscuous mode, etc.
2. It is common knowledge that e-mail is an open form of communication and is about as secure as a postcard. Use encryption software such as PGP or a digital certificate if you wish to guard your privacy (remember to keep a copies of all the passwords you have ever used!) 3. Log-ins are (or should be) monitored for security purposes: Sys Admins are supposed to be there, amongst other things, to provide a stable, secure environment for all network users. There is a need to ensure that users are not abusing privileges which could adversely affect the experience of other users. So, the purpose of the Sys Admin is not to spoil fun, but to provide an environment which is functional and safe for all users. Michael Powell Barry College UK -----Original Message----- From: Chris Payne [mailto:[EMAIL PROTECTED]] Sent: 21 November 2001 16:33 To: [EMAIL PROTECTED] Subject: Re: University policies re: portscanning At the univeristy where I work, (NO I AM NOT in the computing services department) they have a pretty strict AUP as far as what IP services can or cannot be run on the campus backbone, and also that no-user shall profit from the availability of the campus backbone (don't put your home business web site on the campus or department servers). Portscanning is not allowed by employees or students, unless you are part of computing services. Of course the employees in computing services are pretty useless as it is; overpaid, and unknowledgeable and no backbone when enforcing risky matters. - Chris On Tue, 20 Nov 2001 09:30:53 -0500 (EST), vertigo wrote: >Tohru, > >Frankly, I would say it is a gross invasion of privacy. I was harrassed at college by the sysadmins >after two of them asked me to do a panetration test on an NT4 box. They read my email, all of my >schoolwork, monitored when I logged in and what I did, the whole 9 yards. Guess what? I told the dean >and almost got one of the pricks fired. (Of course having a friend who just happened to be an attorney >helped a bit too.) F*!k the AUL, and f*!k all the university sysadmins who think they can bully students >around because they've frightened the adminsitration into accepting some paranoid delusion of computer >geeks. Get a bunch of people together and complain. Remember, you're paying them, not the other way >round. > ><grrr> > >vertigo > > > >On Mon, 19 Nov 2001, Tohru Watanabe wrote: > >> Hello, >> >> I am a graduate student living on-campus at a University. I recently >> noticed that Snort has been detecting portscans of my computer from the >> Academic Computing folks. I've seen Syn scans, Xmas scans, UDP scans, and >> Fin Scans. I told my friends living on-campus and was told that they've >> been portscanned by the AC people several times as well. >> We abide by the AUP so I'm wondering whether this is a general practice to >> locate those running servers or who not abide by the AUP. I've seen >> several threads from University Computing staff at other Universities and >> was wondering what their policies regarding running portscans on student >> computers were. Thanks in advance. >> >> Tohru Watanabe, CCNA >> >> >