Network Monitoring Policy

The purpose of network monitoring is to identify and block malicious activity in order to protect the College’s data, systems, and reputation.

The scope includes all computing systems and network infrastructure owned or managed by Middlebury.

In order to protect data, designated ITS staff may use network monitoring technologies to log network activity and to scan data moving across the network. These technologies may include anti-virus software, firewalls, intrusion protection and intrusion detection systems, vulnerability management systems, and database and application monitoring systems. This information may be centrally correlated for analysis.

Server logs may be monitored for malicious activity on a routine schedule. Other network traffic may be logged as necessary for troubleshooting and resolution of network issues. Automated scans for unencrypted sensitive data are conducted on a regular basis with findings logged for appropriate management or removal. Only malicious or extraordinary activity is to be logged. These measures are not to be used for tracking and/or monitoring an individual’s network activity.

Confidentiality of all information gathered as a result of network monitoring will be maintained at all times.  Access to information obtained through network monitoring will be limited to designated staff and in the event of an investigation, College officials, legal counsel, or law enforcement. This information will be kept in a protected storage area. Events and incidents identified through network security monitoring will be managed in the spirit of the Technology Incident Response Policy.

Any substantive changes to the network monitoring methodology or scope must be approved by the College’s senior management.

Any employee who is found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Violation of this policy may also be a violation of the Federal Computer Fraud and Abuse Act.