Systems and Network Monitoring - Illinois Mathematics and Science Academy

Systems and Network Monitoring

ITS does not, as a matter of policy, monitor network traffic for content or destination. However, as stated in Section III (Privacy) of the IMSA Information Technology System Policy, all data created, transmitted or stored on Academy-owned systems is subject to monitoring and audit by authorized IMSA personnel. This monitoring can be conducted when there is reasonable belief that laws or IMSA policies have been violated. When such monitoring and audit are required, the following guidelines will be followed.

ITS does not, as a matter of policy, monitor network traffic for content or destination. However, as stated in Section III (Privacy) of the IMSA Information Technology System Policy, all data created, transmitted or stored on Academy-owned systems is subject to monitoring and audit by authorized IMSA personnel. This monitoring can be conducted when there is reasonable belief that laws or IMSA policies have been violated. When such monitoring and audit are required, the following guidelines will be followed.

  • The decision to conduct monitoring or audit of data should be made by at least two of: the Director of ITS, Network Security Officer, or any ITS system administrator currently entrusted with root privileges. Only the Director of ITS or the Network Security Officer will be allowed to decide to monitor without consultation with at least one other system administrator.
  • In emergencies, authorized IT personnel can conduct monitoring and audit of data when ordered to do so by IMSA senior administrators, or by the IMSA Chief of Security.
  • If possible, monitoring and audit should be conducted with two system adminstrators present.
  • Sessions should be recorded via logging, screenshots, ‘script’ files, etc. Every effort should be made to preserve data during the session.
  • All data gathered during audit and monitoring sessions should be preserved in a secure location for a period of time long enough to ensure it will be included in a regular monthly tape archive.

As standard operating procedure, all traffic on the IMSA connection to the Illinois Century Network is monitored for individual machine bandwidth use and statistical breakdown of protocol types. Any machine that appears to be using excessive amounts of bandwidth, will be identified and the registered owner of that connection will be asked to provide an explanation for the high network utilization. In the case of student-owned computers, failure to provide a reasonable explanation in a timely manner will result in the informal disciplinary action of disabling the IRN connection. Before a decision is made to re-enable the IRN connection, the individual must discuss the situation with ITS staff. Further disciplinary action (either formal or informal) may be imposed if appropriate.

A variety of tools and techniques are used in day-to-day operation including, but not limited to, SNMP, sniffers, protocol analyzers, watchdog programs and logging. In general, these tools are used to notify network managers of down conditions or conditions requiring immediate attention.