Networking – What kind of information can the University gather regarding the internet use on the University’s network

networkingSecuritywireless-networking

I attend a large University and use their network for just about everything. Although I realize security measures probably differ from campus to campus, on a typical University-wide network, how secure is the information I send and receive on the University's network? Is it safe to shop on-line using the wireless? (Note: I do need a username and password to login to the network.)

Secondly, how am I tracked? My surfing behavior? My bandwidth use? I have friends who have received e-mails asking them to stop file-sharing. What rights does the University have to access the information about my personal internet use, and to what extent can they track my behavior? What is the standard technology behind this security and tracking, and what are best-practices standards that I can expect and/or trust?

Best Answer

They can track when you're on the network, and every place you connect to from that network. They can also track what sort of connections you are making - like is it web browsing, internet radio streaming, games, bittorrent, etc.

For unencrypted traffic - for example normal web browsing, where address begins with "http" - they can also track the contents of that traffic. That means they can read everything you send or get from the net. They may not be allowed to do this sort of deep tracking, though, but it certainly is possible. As a sidenote, on a wireless network pretty much anyone else on the same network can do this too, without being detected... there's something to think about. :)

For encrypted traffic - for example web banking, or shopping where address begins with "https" - they can still track where you are connecting to, for how long, and what sort of traffic it is. But they can't ever read the contents, even if they would be allowed to. There's just no way to do it.

As for their rights to track, that's a mess I don't want to step into.(*) However from a technical standpoint, it is quite reasonable to limit heavy traffic uses, such as file-sharing, high-quality TV streaming, and such, so the network that is meant for everyone doesn't get overburdened because of few users hoarding the bandwidth.

(*) Sorry, in fact I do want to step into it. If you ask me, the university has no right whatsoever to sniff what people are doing, other than for maintenance purposes. The one exception is when they have a reason to suspect someone of serious crime. Alas, not everyone agrees with me, though, most notably the law and practices in many countries...