...
Centrally, ITS tracks what users and departments are assigned what hardware, and we also track what hardware needs replacement and when. This is done through asset management software (currently Web Help Desk), and is keyed to the unique Carleton ID (that is, the CCID) of the hardware, i.e., to the number on the barcode sticky affixed to most deployed hardware. Everyone in ITS can see this data. We need it to know exactly where to go if a particular physical asset needs attention or replacement, and to tie information to that asset, and track it, if a user (or in some cases, an automated system) notifies us of a problem.
...
Patching
Windows machines on campus take their operating system updates from a local patch update server (/wiki/spaces/itskb/pages/26116233). That patch update server tells us what machines have updated, when, and which specific updates were applied. We need this information in order to ensure that everyone's computer is up to date and not vulnerable to any obvious intrusions or attacks. It turns out that, out of all the various defenses users, and ITS, can deploy, simply keeping devices up to date is most effective. See also below on the KBox, under Software Deployment, Packaging.
Software Deployment, Packaging
The software inventory, operating system, and general configuration parameters of all computers deployed to users and computing labs are recorded in software we purchase from Dell Computing, called KBox. The KBox helps us, among other things, package up software for easy installation. Often a particular piece of software will require a special license key, or it will need to be pointed at a particular device on campus. The KBox can automate these configuration steps. It can also tell us if, for example, a piece of software needs updating and it can (usually) perform the update. This is particularly useful when a serious security issue has been discovered.
ITS staff can see KBox data. We need to see it in order to understand and diagnose software issues that users call us about. We also use it to get software installed to all the right places in the right ways, with the right license keys and settings. And we use it to find machines that are not updating their software correctly and are therefore exposing users to possible compromise, or opening the user and Carleton up to licensing violations.
...
Keyserver Logging, License Management
Data is also logged regarding what software is executed, where, and when, via keyserver software, /wiki/spaces/itskb/pages/26129581. We We do this, when needed, for audit and compliance purposes. General . Sassafras also tracks, indirectly, when a machine is in use. General information at this level is visible to a handful of people including desktop computing and software asset management specialists, the IT security officer, and the data warehouse administrator.
...
All attempts at authenticating are logged, not only by individual computers, but also by applicable enterprise applications (e.g., Colleague, OnBase, Advance, Slate, the Carleton website), domain controllers, our web-based login pages, and associated dual-factor authentication services (Duo). We These systems need to record who logged in, when, and from where in order to be sure not only for auditing and troubleshooting purposes, but also to afford us an extra measure of assurance, when the data is pooled and analyzed, that the people logging in are who they say they are, and to detect compromised passwords and general scanning and hacking attempts. Access to this data is limited to application managers and/or to a few core systems staff and the IT security officer. Alerts are generated when anomalous logins and automatic lockouts are detected.
Network-Level Logging
In general, nearly all devices through which Carleton network traffic passes log that traffic. These logs typically include the source and destination IP address, MAC address, and various other relevant details. Additional detail gets logged for WiFi via /wiki/spaces/itskb/pages/26119999. This data, collectively, allows us to locate and fix problems and bottlenecks, and it helps us diagnose problems when we (or our users) discover them. We normally don’t look at this data in detail unless there is a problem. The number of people who can do this is very limited (a few core systems staff and the IT security officer).The Firewall
...