Network Traffic Inspection Policy

Definition: A "computer" is any network attached device.

  1. In the Department of Computing Science we inspect all network traffic
    1. leaving the research and administrative networks and passing through the research firewalls to the external network
    2. coming from the external network through the research firewalls and destined for the research and administrative networks.
    3. when troubleshooting services using the network.
  2. Network Traffic Inspection is done
    1. to detect anomalous network content that could indicate a potential security problem with a computer or a violation of the department's Conditions of Use,
    2. to provide a record of network connections to and from computers which can be consulted for the purposes of forensics in case of a compromise of a computer or systemic failure of services (e.g. diagnosing problems with the web cluster, NFS etc),
    3. to aid in an investigation by a law enforcement agency with prior approval from the Department Chair,
    4. to aid in future capacity planning by collecting aggregate information with prior approval of the DOEC. Such inspections will be announced to the affected user population and one week will be given for users to raise and discuss any concerns. An additional week will be given in those cases where the inspections target a specific group of users (e.g., a specific lab) and/or a specific application/protocol.
  3. Inspection and data collection abides by FOIPP guidelines and University guidelines for data protection. Data collected will NOT be made public in raw or aggregate form, except under the provisions of FOIPP and with the acknowledgement of the Department Chair.

Created January 7, 2011.