The University of Melbourne has reported an unexpected side benefit from deploying network security -- saving money.
That's because data collected by the Splunk network security offering, which observes external and internal network traffic, has been used by the University's Environmental department during 2012 to determine which PCs have been left on throughout the campus.
Mobility, data harvesting biggest threats to security: IDC
University of Melbourne investigates unified storage
How to prepare for a hacktivist attack
University of Melbourne IT security administrator Tim Arneaud told Computerworld Australia that the Environmental team became "very excited" about using the data as they had been trying to identify which workstations were been left on overnight.
"Given the current economic environment the University is looking at various ways of saving money and this is one of the ones that came up in discussion. It's a very obvious concept-- turn off the PC and save money/power," he said.
He explained that because the security team performs network scans using a product called Nmap, and certain ports are left open for the standard operating environment, these systems are rolled out with a specific network fingerprint.
"We can determine that these are workstations and that they are left on at particular times," he said.
"We scan during the morning and night. During work hours there are a lot more systems online, whilst at night the systems are not so we can feed that information back and start to give the [Environmental] team some numbers."
Spotting the bad guys
According to Arneaud, the security team observes a variety of attackers ranging from "script kiddies" through to more skilled and malicious attackers with criminal intentions.
"Universities are quite attractive targets [for attackers] because of the bandwidth and storage capabilities," he said.
He added that the University chose Splunk's network security as it can be used by both technical security staff and university managers to generate reports based on what activity the security team is seeing on the network.
"It allows us to see over time the source of things that are happening on the network whereas previously as a team, we'd not had a lot of visibility," he said.
"This has allowed us to enumerate what is going on in the network and see the type of devices and how many there are."
Follow Hamish Barwick on Twitter: @HamishBarwick Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia