Software analyzes SUNY network data during RIAA crackdown

Located in the historic village of Geneseo in the upstate Finger Lakes region, the State University of New York at Geneseo is a premier public liberal arts college with a rich tradition of academic excellence. Established in 1871, SUNY Geneseo educates around 4,950 undergraduates. More than 50 computer labs on campus house upwards of 900 PC and Macintosh computers, and the residential network helps power internet for the 3,100+ students living in residence halls.

In higher education, budgeting for a department is based on how well it justifies the use of that money. For SUNY Geneseo Network Manager Rick Coloccia, managing design, deployment and maintenance of the entire campus network meant understanding the flow of data running through that network. By improving his understanding of how the network ran and collecting pertinent metrics, Coloccia could justify buying more bandwidth and other network upgrades to the university.

Coloccia had been aware of NetFlow, a network protocol developed by Cisco Systems for collecting IP traffic information, but leveraging that data was problematic. “While I was aware of NetFlow, we just couldn’t analyze the data without a supplemental technology. Budgets were simply too tight to spend money on a program we could use to get the most out of our NetFlow data.”

He searched for a free open-source tool for analyzing network behavior, but there didn’t seem to be anything powerful enough on the market.

In 2007, Coloccia attended a Cisco networker’s conference. While exploring, Coloccia stumbled upon the Plixer International booth, where the company offered a free trial license for its Scrutinizer NetFlow Analyzer product to higher education customers. “No other vendors were doing anything remotely close; it just seemed like a perfect fit,” said Coloccia. “By getting my hands dirty with the software before we made a commitment to it, it would be easier for me to justify spending budget money on it.”

With the new software collecting, archiving and reporting data, Coloccia found that it was much easier to monitor and understand data flows to and from student computers located in dorm rooms.Benefits
Soon after implementing the software, Coloccia found an unexpected use for the platform. “Just after we got started with Plixer, the RIAA [Recording Industry Association of America] began aggressively pursuing college students that shared or downloaded music. Prior to implementing Scrutinizer, we did not have the ability go back in time to see how a certain student on the network was behaving.”

Scrutinizer’s unlimited automatic archiving allowed Coloccia and his team to double-check illegal downloading claims by the RIAA. By leveraging forensic data, Coloccia could confirm or deny allegations. Then, he could hand out severe warnings to students illegally downloading music - or clear the name of a student mistakenly accused.

“The RIAA situation is an example of Plixer’s incredibly responsive support team, who helped us build a module for an even more direct and effective way of monitoring data streams,” added Coloccia.

The software has also helped to identify malicious viruses or overactive applications that create a large number of inbound or outbound connections. “When the number of inbound or outbound connections is too high, IPS or bandwidth management systems can become overwhelmed and fail—causing significant network downtime. Since Scrutinizer reveals the number of connections going to and from the network, it’s simple for us to find computers with enormous numbers of connections and shut down whatever is creating the problem.”

Coloccia says another benefit has been the daily report emails that include data on the systems that have downloaded the most from the internet. Based on reading these reports, he can take whatever action is necessary if a system showing odd behavior. This allows him to be more proactive in addressing abnormal behaviors on the network before they spiral into larger problems.

Coloccia believes that the product has become integral to his daily network duties.

“With upwards of 3,100 students calling the residence halls ‘home,’ it’s our job to make sure the data flow is running efficiently,” he concluded. “Scrutinizer NetFlow Analyzer allows us to accomplish this with powerful reporting, dynamic traffic analysis, automated features and convenient archiving.”