Main Nav


We have started using NAT'ed IP's over the last few months and now we are having problems tracking down the person who should be confronted concerning copyright violation notifications.

We need a simple appliance to log all network IP's (both NAT'ed and real) and then allow for detailed accurate reports such that when I approach a student or employee with a violation complaint, I know I have the right person.

If you can recommend one, it will be much appreciated.

Thank you,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from dsmith@oakarts.org

<?xml version="1.0" encoding="ISO-8859-1"?>
I am sure other solutions might serve this purpose but we have implemented a Barracuda web filter on the LAN side of the router/firewall.  This not only allows for enforcing web access policies but logs the IP or AD user to the machine.  Now in our environment I have static./reserved IP's (because I only have 160 assigned machines) to correlate to the user.  Now this device can tie into AD and then you can correlate it to that login.

David

____________________
David Smith
Director of Technology
Oakland School for the Arts
(im) @osaradio
(p) 510.873.8800
(f) 510.873-8816

Please send all technical support requests to techsupport@oakarts.org

The contents of this email message and any attachments are confidential and are intended solely for addressee. The information may also be legally privileged. This transmission is sent in trust, for the sole purpose of delivery to the intended recipient. If you have received this transmission in error, any use, reproduction or dissemination of this transmission is strictly prohibited. If you are not the intended recipient, please immediately notify the sender by reply email or by phone and delete this message and its attachments, if any.

The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU> on October 5, 2012 at 7:32 AM -0700 wrote:

We have started using NAT'ed IP's over the last few months and now we are having problems tracking down the person who should be confronted concerning copyright violation notifications.

We need a simple appliance to log all network IP's (both NAT'ed and real) and then allow for detailed accurate reports such that when I approach a student or employee with a violation complaint, I know I have the right person.

If you can recommend one, it will be much appreciated.

Thank you,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

John,

 

We have an appliance from Cisco called the Monitoring, Analysis and Response System (MARS) that we use for this purpose.  One of the functions we have this box perform is pull information in real time from our Cisco ASA, which NATs our private internal IPs to  the routable external IP it is translated to.  We also have it pull our DHCP logs so that if the internal IP address changes, we can see then associate an internal IP to a MAC address..  We  then use the MAC address to lookup who a specific computer is registered to in our Network Access Control system.

 

The only real weakness is where we have public access stations that aren’t registered to a specific end user.  We’ve contemplated trying to capture on logins/logouts… but this wouldn’t do anything for the handful of machines that aren’t in AD and are public access (generally Macintosh). 

 

It’s a pretty good solution to the problem… but not perfect.  We are able to resolve ~95% of issues requiring us to track NAT’ed to an internal user.  We have a few PAT’ed addresses… and the port information on Copyright, MPAA, … requests never include IP port information, so we’ve been unable to do anything with those requests, other than narrow it down to the computers using the PAT translation.  We have about 3200 computer and mobile devices on the networks monitored by this setup.

 

Best,

 

Steve

 

We use netflows to do exactly that; One set of netflow sensors generate flow data from our external routers and one sensor generates flow data on our internal network. The first one is used to identify the peer involved on the internet (IP + port + time) and we match that up with flows from the inside. 99%+ of all DMCA notices can be investigated, identified and referred in 5-10 minutes. Most (if not all) enterprise Cisco gear can generate flow data and the flow collection and analysis software is free open source software by Peter Haag over at SWITCH. More info can be found at http://nfsen.sourceforge.net/

Dr. Kees Leune
Information Security Officer
Adelphi University
Garden City, NY
+1 (516) 877-3936



Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.