What All Is ITS Logging/Monitoring?
What Information Is ITS Logging and Monitoring, To Keep the Campus Safe?
2017 was a watershed year for cybersecurity. In the wake of highly publicized breaches like the Equifax hack, new vulnerabilities like Spectre and Meltdown, and widespread ransomware attacks, many Carleton users have asked what all ITS is doing--in particular how we stay aware of what is happening on our network and help keep users as safe as reasonably possible.
The purpose of this page is to summarize the basics of what we are doing and give users, and internal ITS staff, a clearer sense of what we do (and don't) know about the security status of our network, and what we can and can't find out. Not all of the links provided here lead to user-visible pages. Some contain sensitive information. If you have questions, call the Helpdesk (x5999) or talk to the campus IT security officer.
Please note: In general, ITS does not track intimate details of what individual users are doing. Rather, we log and track normal activity in aggregate, and respond to things like exceptional activity spikes, indications of compromise, and malware. We look in detail at individual activity only to the extent needed to respond appropriately. (For example, ITS may respond to an alert that a user has logged in simultaneously from two different countries.) We may also take actions like notifying a user if it appears that their account has been compromised and, rarely, locking their account temporarily, to try to limit damage to the user's information and resources.