Acceptable Use Policy
From PDP/Grid Wiki
Revision as of 19:39, 26 April 2011 by Davidg@nikhef.nl (talk | contribs)
This Acceptable Use Policy governs the use of the Nikhef networking and computer services; all users of these services are expected to understand and comply to these rules.
- Use for intended purposeNikhef offers the services to enable the users (employees, students and collaborators) to do their work. The services may not be used for commercial or political purposes. A limited amount of private use is allowed as long as it does not interfere with normal duties and does not incur significant cost. When in doubt about any person use, ask first!
Of course, there are lots of actions that are most certainly not intended: sending spam, trolling on forums or newsgroups, forwarding chain letters or phishing attempts, cracking password, attacking other systems on the Internet, random calling or tele-marketing, stalking, etc. - Obey the law
- Respect the authorization restrictions set by Nikhef system administrators
- Respect intellectual property and confidentiality agreements
- Protect your access keys (passwords and certificates)
- Report suspected security breaches and misuseWhen you discover vulnerabilities, witness abuse, or see other forms of non-acceptable use, you should report these incidents to the Nikhef Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl). Of course, you should not attempt to exploit such vulnerabilities to circumvent security controls or harm Nikhef, it's services, staff or reputation in any way - such attempts in itself are a violation of this Acceptable Use Policy.
- Do no harm to Nikhef, it's services, staff or reputationHarm is more easily done than repaired! Data is easily deleted or modified but hard or impossible to recover. A rash document (as well as of course offensive material) put up on your home page is quickly indexed by search engines and will never disappear from the web again. Confidential data accidentally disclosed will never be a secret again. A defamatory remark will live forever in cyberspace. An infected home laptop or smartphone will quickly poison other systems at Nikhef and many person months will be wasted to recover from the incident. So do no harm.
- Comply with the policies of Nikhef's service providersNikhef provides access to to brokers services of third parties for its users, such as connectivity to the public Internet through SURFnet, access to Federated Services, or other hosted services like backup and calendering. You should at all times also comply with the policies, terms and conditions of use of these service providers.
- You share resources with others - be nice
- Even when staying within the intended use, it is possible to strain resources to such an extent that other users can no longer make use them. In such cases users should work together with system administrators to find less disruptive alternatives.
- Monitoring and logging of network traffic and e-mailSystems and network are monitored in order to detect trouble in an early stage and rapidly mitigate potential damage, for administrative, operational, accounting, monitoring and security purposes only. In order to trace problems on the network to the source, logs of network traffic are kept for a limited time period. E-mail transactions (its source and destinations) are also logged, in a secured system, and retained for a maximum of 90 days. Obviously, user data, including e-mail, will only be inspected if there is a strong and substantiated suspicion of misuse of services or illegal activities. If you want to know what kind of logs are kept about your use of ICT services, you can always contact the CT!
- EnforcementAccess to services may at any times be suspended or terminated discretionarily for administrative, operational or security purposes. It is common for access to be suspended as part of an incident investigation, even when a violation is merely suspected. As a general matter, Nikhef will attempt to work with the User to cure violations and to ensure that there is no re-occurrence of the violation prior to terminating service.