Software Helps Track Computer Use at Northwestern
By Linda L. Briggs
When a student inadvertently triggers a computer virus or is illegally downloading music, campus IT staff can generally trace the source to an IP address, but that takes time. And finding the actual perpetrator who was using that IP address at the time of the infraction isn’t easy at all.
Similarly, when the Recording Industry Association of America (RIAA) issues a citation to a college alleging illegal downloading occurring on their networks, they provide only an IP address and time stamp. It’s up to the school to track down who was using that IP address. That can require searching through network switch logs, and even walking from room to room, to find the music pirate or infected PC.
At Northwestern College in Orange City, Iowa, IT administrators are addressing those issues using a product called Locate from eTelemetry Inc., a company that provides products that collect useable data about network traffic.
“The main thing we use it for is [detecting] malicious programs that students have that are using a lot of Internet bandwidth,” according to Harlan Jorgensen, director of computing services at the college.
Northwestern is a small, private, nondenominational Christian college with about 1,300 undergraduate students. The school has been using eTelemetry for several months, Jorgensen says, and is pleased with the results. While it’s too soon to have return on investment figures, Northwestern is realizing significant time savings for IT personnel in tracking down errant computers and users.
“We’ve used Locate to identify and disable users downloading MP3s, and students with virus-infected computers,” says Jorgensen. “In the past, it would have taken several hours to locate the person behind the IP address.” The school purchased and tested the product during the summer, then implemented it in mid-September under a campus-wide license. Locate works at the network level and thus isn’t operating-system dependent; Northwestern is running “a little bit of everything,” Jorgensen says, including Windows, Macintosh, and Unix operating systems.
The product, which is sold as an appliance that plugs into the network backbone, works by passively analyzing network traffic to map users, in real time, to an IP address, PC (based on MAC address) and switch port. Locate also archives that information, so IT administrators have an historic record linking users to IP addresses, PCs, and switch ports. When an RIAA citation letter comes in, the college can use Locate’s archive to look up the IP address at the time cited in the letter, and identify the student.
Recently, according to Paul Smith, Northwestern’s associate director of computing services, the college received an RIAA notice that provided an IP address and user name. “But that user name wasn’t one of ours,” Smith explains. “It was used to log in to a downloading program, so it really wasn’t of any use.” Plugging the IP address into Locate “gave us the port that they were on, and the dorm, and the user name that they use on our campus, along with full name and contact information.” Armed with that, he says, “it took us about a minute to locate that user and shut down the port.”
Linda L. Briggs is a freelance writer based in San Diego, Calif.