UC Merced Office of Information Technology Routine Monitoring Practices

UC Merced Office of Information Technology Routine Monitoring Practices

I Routine System Monitoring Activities

Authorized UC Merced OIT employees and contracted service providers who operate and support UC Merced electronic communications resources routinely monitor those resources for the purpose of ensuring their integrity, reliability, and security. Monitoring at UC Merced is carried out in compliance with applicable laws and the UC Electronic Communications Policy. Routine monitoring at UC Merced includes, but is not limited to, the following manual or automated activities:

Intrusion Detection

The OIT Information Security team uses a combination of automated technology and manual review to identify systems that are attacking campus information resources, may be infected with malware, or fail to meet the minimum security requirements.  These automated systems use a combination of pre-determined signatures and traffic analysis.  These systems may capture and store a relevant portion of electronic communications for systems or user accounts potentially being used to threaten the campus network.  Security staff may manually review these stored captures, in accordance with privacy policies and law, to validate the findings or tune the automated systems.

Connection and Application Logs

The OIT Information Security Team stores and utilizes a variety of logs.  These logs may be reviewed by automated systems or manually reviewed, as allowed by policy and law, to verify incident reports.

Network Logs

Connection logs are created and stored for all network traffic to and from the Internet.  Connection logs may include source and destination IP addresses, source and destination ports, packet counts, and byte counts.

User Logs

Authentication logs are created and stored for access to campus resources, such as the My UCMerced Portal, email, VPN, or wireless network. Campus system owners may also create and store their own logs.

 

Vulnerability and PII Scanning

The OIT Information Security Team utilizes automated and manual scanning techniques to ensure the confidentiality, integrity, and availability of UC Merced information and electronic communications resources.

Network Scanning

The UC Merced network is regularly scanned for vulnerable systems and applications. These scans may search for viruses, malware, insecure configurations that do not meet UC Merced’s Minimum Security Standards for Networked Devices, missing patches, default passwords or open ports/proxies/relays.

Storage Scanning

UC Merced storage environments, including cloud services such as Box, are scanned using automated technologies for the presence of files infected with viruses or malware. Files are also scanned for the presence of Personally Identifiable Information (PII) including Social Security Numbers, banking data, dates of birth, etc. Files containing suspected PII that also have insecure permissions (shared externally or publicly) generate an automated alert to be reviewed by the file owner and Information Security staff.

Blocking

Users or systems that threaten the UC Merced network or other electronic resources may have network access revoked until the issue is resolved. OIT Security Staff will make best efforts to directly contact the account or system owner by email, but this is not always possible.  If a system or account owner cannot be identified, OIT Security Staff will make best efforts to contact computer support staff in the affected area.

If you believe your system has been blocked from the network, please contact the OIT Service Desk at (209) 228-4357 or helpdesk@ucmerced.edu.

II. Related Policies and Principles

The Electronic Communications Policy establishes conditions under which personnel who perform routine monitoring, as described above, may observe or inspect the contents of network traffic, electronic communications, or transactional information during this monitoring. In all cases, individuals must adhere to the following principles:

  1. Only authorized personnel who have a need to access this data and who understand the restrictions on its use shall have access to it.
  2. Routine monitoring activities shall be limited to the least perusal and retention required to ensure the reliability and security of systems.
  3. Except as provided in the UC ECP or by law, individuals will not seek out the contents of network traffic, electronic communications, or transactional information where not germane to the foregoing purposes, or disclose or otherwise use what they have observed. If in the course of their duties, authorized personnel inadvertently discover or suspect improper activity in violation of law or policy, such violations should be reported to management or the Office of Campus Climate and Compliance.

 

Other relevant policies include:

IS-3 Electronic Information Security

Minimum Security Standards for Networked Devices

Acceptable Use Policy