...
How long will Information Security keep these logs?
Services We Provide
Contact us for these services
UIT and ITS Services | For | Getting Help |
|---|---|---|
Faculty, Staff, Students, Affiliates | ||
Security Incident Response | Faculty, Staff | information_security@tufts.edu |
Forensic Investigation (with approvals) | Faculty, Staff | information_security@tufts.edu |
Identity Finder/ Information Security | Faculty, Staff, Students, Affiliates | |
Secure Destruction | Faculty, Staff | |
Information Security Training | Service Owners |
|
Log Aggregation and Monitoring | Service Owners | information_security@tufts.edu |
Sensitive Information Business Practices Review | Staff | information_security@tufts.edu |
Additional Services (self-provided)
UIT and ITS Services | For | Getting Help |
|---|---|---|
Mobile Device Security | Faculty, Staff, Students, Affiliates | information_security@tufts.edu |
Information Security Training | Service Owners |
|
Application Security Self Scanning | Service Owners | information_security@tufts.edu |
Network Security Self Scanning | Service Owners | information_security@tufts.edu |
...
Information Security will keep different information for different lengths of time.
Data Element | Brief Description | Business Value | Retention Period |
DHCP Lease Information | A record of IP addresses, the computers (MAC addr.), and individuals they were assigned to. | IP Address Ownership. Allows determination of the individual using a particular IP address at a given point in time. | 1 Year |
DNS Requests | A record of DNS name lookups that were requested by a given IP address. | Internet Sites (potentially) visited. Allows determination of which internet sites have been looked up. | 30 Days |
DNS Responses | A record of the IP address associated with a DNS name at a point in time. | Associate Links to IP addresses. Allows investigations to determine which URLs and links were associated with which IP flows. Does not allow us to identify individual user behavior. | 1 Year |
Net flow Records | A record of network traffic connections in and out. | Internet connections by IP. Allows partial reconstruction of traffic across our borders. | 1 Year |
Server Log Messages | A record of logins, logouts, and other key messages from participating operating systems. | Allows determination of the UTLN that logged into a specific server at a given time, such as Web or FTP servers. | 60 Days |
Application Log Messages | A record of software use, updates and error messages from participating applications. | Allows determination of application access and use, such as Mail, Web servers and databases, by UTLN. | 60 Days |
Firewall Log Messages | A record of inbound and outbound connections and error messages by participating firewalls. | Allows determination of failed attempts to connect on computers protected by a participating firewall. | 60 Days |
VPN Authentication Messages | A record of logins made to the Tufts VPN. | Allows determination of access to (and perhaps through) the VPN. | 1 Year |
VPN Log Messages | A record of user activity on the VPN. | Allows determination of which systems were accessed and when by already-logged in users. | 60 Days |
Anti-virus Log Messages | A record of virus activity for participating AV systems. | Allows reconstruction of viruses detected on computers and web sites blocked for individuals. | 60 Days |
Intrusion Detection Log Messages | A record of suspicious traffic matching a given pattern. | Allows us to detect certain types of network based attacks from outside the University, and soon, from within Tufts as well. | 60 Days |
Other Log Messages | PVS, Active Scanning, Correlation, DMCA, REN-ISAC, Shadow server, Spam Cop, etc. | Additional detective controls to be rolled into our ticketing system. | 60 Days |
Forensic Disk Images | Duplicate copies of computer files for deep inspection, including deleted files if available. | Supports the investigation of misconduct involving a Tufts-owned device. | As directed by University Counsel. |