Difference between revisions of "Acceptable Use Policy"

From PDP/Grid Wiki
Jump to navigationJump to search
m
m
Line 2: Line 2:
  
 
# <div class="NavFrame"><div class="NavHead">Use for intended purpose</div><div class="NavContent">Nikhef offers the services to enable the users (employees, students and collaborators) to do their work. The services may not be used for commercial or political purposes. A limited amount of private use is allowed as long as it does not interfere with normal duties and does not incur significant cost. When in doubt about any person use, ask first!<br>Of course, there are lots of actions that are most certainly not intended: sending spam, trolling on forums or newsgroups, forwarding chain letters or phishing attempts, cracking password, attacking other systems on the Internet, random calling or tele-marketing, stalking, etc.</div></div>
 
# <div class="NavFrame"><div class="NavHead">Use for intended purpose</div><div class="NavContent">Nikhef offers the services to enable the users (employees, students and collaborators) to do their work. The services may not be used for commercial or political purposes. A limited amount of private use is allowed as long as it does not interfere with normal duties and does not incur significant cost. When in doubt about any person use, ask first!<br>Of course, there are lots of actions that are most certainly not intended: sending spam, trolling on forums or newsgroups, forwarding chain letters or phishing attempts, cracking password, attacking other systems on the Internet, random calling or tele-marketing, stalking, etc.</div></div>
# '''Obey the law'''
+
# <div class="NavFrame"><div class="NavHead">Obey the law</div><div class="NavContent">Seems logical, isn't it? Just be sure to know and understand applicable law, regulations, and jurisprudence.</div></div>
 
# <div class="NavFrame"><div class="NavHead">Respect the authorization restrictions set by Nikhef system administrators and users</div><div class="NavContent">Trying to circumvent effective or intended restrictions is not allowed (and unlawful as well). This includes, but is not limited to, accessing data not intended for the User, logging into a service or using an account you are not expressly authorized to access, probing the security of other networks, interfering with another users access to services, or trying to disrupt services or the network. You shall also refrain from trying to intercept or sniff network traffic that is not intended for you. If you find you have access to data or services you should not have access to, inform the Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl)</div></div>
 
# <div class="NavFrame"><div class="NavHead">Respect the authorization restrictions set by Nikhef system administrators and users</div><div class="NavContent">Trying to circumvent effective or intended restrictions is not allowed (and unlawful as well). This includes, but is not limited to, accessing data not intended for the User, logging into a service or using an account you are not expressly authorized to access, probing the security of other networks, interfering with another users access to services, or trying to disrupt services or the network. You shall also refrain from trying to intercept or sniff network traffic that is not intended for you. If you find you have access to data or services you should not have access to, inform the Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl)</div></div>
# '''Respect intellectual property and confidentiality agreements'''
+
# <div class="NavFrame"><div class="NavHead">Respect intellectual property and confidentiality agreements</div><div class="NavContent">So do not publish, post, transmit or re-transmit, or put up on the web, items that violate the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for your use. Except of course as permitted by applicable Dutch law -- keeping in mind the rest of this AUP.</div></div>
 
# <div class="NavFrame"><div class="NavHead">Protect your access keys (passwords, private keys, security tokens)</div><div class="NavContent">Access keys are yours and yours only: so do not share your credentials with others. These include your single-sign-on (SSO) password, the passphrase for your certificate's key, the password that protects your SSH key pair. If you feel the need to share, there is always a proper solution. Also, any credential that grants to access to other services (at Nikhef or elsewhere) must be protected with at least a password or better.<br>If you have been given credentials for special services (such as a voip telephony roaming password, or access to a generic account) you must protect these accoring to the special instructions given to you.</div></div>
 
# <div class="NavFrame"><div class="NavHead">Protect your access keys (passwords, private keys, security tokens)</div><div class="NavContent">Access keys are yours and yours only: so do not share your credentials with others. These include your single-sign-on (SSO) password, the passphrase for your certificate's key, the password that protects your SSH key pair. If you feel the need to share, there is always a proper solution. Also, any credential that grants to access to other services (at Nikhef or elsewhere) must be protected with at least a password or better.<br>If you have been given credentials for special services (such as a voip telephony roaming password, or access to a generic account) you must protect these accoring to the special instructions given to you.</div></div>
 
# <div class="NavFrame"><div class="NavHead">Report suspected security breaches and misuse</div><div class="NavContent">When you discover vulnerabilities, witness abuse, or see other forms of non-acceptable use, you should report these incidents to the Nikhef Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl). Of course, you should not attempt to exploit such vulnerabilities to circumvent security controls or harm Nikhef, it's services, staff or reputation in any way - such attempts in itself are a violation of this Acceptable Use Policy.</div></div>
 
# <div class="NavFrame"><div class="NavHead">Report suspected security breaches and misuse</div><div class="NavContent">When you discover vulnerabilities, witness abuse, or see other forms of non-acceptable use, you should report these incidents to the Nikhef Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl). Of course, you should not attempt to exploit such vulnerabilities to circumvent security controls or harm Nikhef, it's services, staff or reputation in any way - such attempts in itself are a violation of this Acceptable Use Policy.</div></div>

Revision as of 05:51, 27 April 2011

This Acceptable Use Policy governs the use of the Nikhef networking and computer services; all users of these services are expected to understand and comply to these rules.