Privacy on ResNet

This page describes the network monitoring that takes place on ResNet. We don't believe that this activity is a threat to the privacy of ResNet users. We do believe being upfront about what we are doing and why is the best way to encourage trust between ResNet users and IT Services staff. All monitoring is performed under the University policy for the investigation of computers (PDF) designed to protect the privacy of staff and students.

What do you do?

Compliance checking

All systems connected to the University's network must meet a minimum security standard - they must have certain service packs, security patches and have anti-virus software installed. We may check this both when users first connect to the network and during the time they are connected. We only performs checks to ensure that the system is secure, up to date and free of viruses. We do not look at other files such as personal documents, photos, etc.

Monitor network traffic

We monitor network traffic flows (eg volume of data, source, destination, and tcp/udp port number). We look at general trends and then may investigate particularly large flows or otherwise anomalous traffic, as this can or overwhelm network links reducing the service for other users. In this context we don't look at the content of the data.

However, the most common cause of high traffic levels is peer-to-peer filesharing software, and most material on peer-to-peer networks is illegally reproduced copyright material. We may warn individual network users that they are using too much traffic and ask them to reduce their usage to benefit other users.

Intrusion Detection System

We operate an Intrusion Detection System (IDS) on our network. This inspects data sent over the network looking for particular patterns that match viruses or other attacks on computer systems. For example, the text

"Croot|0d0a|Mprog, P=/bin/"

appearing in a packet of data might indicate a malicious user or virus trying to attack a particular piece of software. The IDS would log this. We could then block that attack entering our network (if the attack was coming from outside) or isolate the system from the network (if the attack was coming from a computer within our network). These attacks may be automated (performed by a worm or virus) or specific (performed by a malicious user, either a member of the University or an outsider).

Back to top

What don't you do?

We do not routinely look for content that may be illegal or breach University regulations (eg pornography or copyright material). The only routine monitoring is to the extent necessary to ensure the security and correct operation of the network.

Back to top

Do you ever do more?

Yes. We may do in exceptional circumstances (e.g. if we are required to monitor data by the police as part of a criminal investigation). University computing facilities display this notice to users:

"In order to protect the security and working of University network and computer systems, it may be necessary to monitor or log the use of these systems. If there are indications of abuse of systems or that individuals may be using systems in excess of their authority, files, messages and any or all uses of the systems may be intercepted, monitored, recorded, copied, audited, inspected and disclosed to authorised University and law enforcement personnel."

A policy is in place to protect the privacy of members of the University and ensure this provision is not abused. See the Policy for the Investigation of Computers (PDF) for details of this.

Back to top

What do other organisations do?

Other organisations may monitor Internet traffic. Once data leaves our network we have no control over it and no knowledge of what happens to it. For example, record labels and movie studios routinely monitor the use of peer-to-peer filesharing networks to look for people uploading and downloading their copyright material. They contact us if they find a University of Bristol user doing so, and we then act on the information received according to the University regulations.

Back to top

What about malicious Internet users?

Unauthorised malicious users, including organised criminals, may intercept data you send over the network and the Internet, unless it is securely encrypted. Most Internet traffic, in particular email, is unencrypted and can be read by others. Never put your credit card number, password, bank account details or other confidential information in an email.

It is very easy to forge the sender information in an email. Be aware of ID theft - fraudulent emails and websites which look like the real thing but are designed to trick you into disclosing your details. If you receive an email supposedly from your bank asking for financial details or personal information do not click links, reply or respond to it in any way via email or a website.

Back to top

Any more questions?

If you have any questions or concerns about security or privacy on our network please email the ResNet Team.

Back to top