Difference between revisions of "Acceptable Use Policy"
From PDP/Grid Wiki
Jump to navigationJump to search (→Acceptable Use: collapsed navFrames by default) |
|||
| Line 4: | Line 4: | ||
# <div class="NavFrame collapsed"><div class="NavHead">Use for intended purpose</div><div class="NavContent">Nikhef offers the services to enable the users (employees, students and collaborators) to do their work. The services may not be used for commercial or political purposes. A limited amount of private use is allowed as long as it does not interfere with normal duties and does not incur significant cost. When in doubt about any form of personal use, ask first!<br>Of course, there are lots of actions that are most certainly not intended: sending spam, trolling on forums or newsgroups, forwarding chain letters or phishing attempts, cracking passwords, attacking other systems on the Internet, random calling or tele-marketing, stalking, etc.</div></div> | # <div class="NavFrame collapsed"><div class="NavHead">Use for intended purpose</div><div class="NavContent">Nikhef offers the services to enable the users (employees, students and collaborators) to do their work. The services may not be used for commercial or political purposes. A limited amount of private use is allowed as long as it does not interfere with normal duties and does not incur significant cost. When in doubt about any form of personal use, ask first!<br>Of course, there are lots of actions that are most certainly not intended: sending spam, trolling on forums or newsgroups, forwarding chain letters or phishing attempts, cracking passwords, attacking other systems on the Internet, random calling or tele-marketing, stalking, etc.</div></div> | ||
| − | # <div class="NavFrame collapsed"><div class="NavHead">Obey the law</div><div class="NavContent">Seems logical, doesn't it? | + | # <div class="NavFrame collapsed"><div class="NavHead">Obey the law</div><div class="NavContent">Seems logical, doesn't it? </div></div> |
# <div class="NavFrame collapsed"><div class="NavHead">Respect the authorization restrictions set by Nikhef system administrators and users</div><div class="NavContent">Trying to circumvent effective or intended restrictions is not allowed (and unlawful as well). This includes, but is not limited to, accessing data not intended for the User, logging into a service or using an account you are not expressly authorized to access, probing the security of other networks, interfering with another users access to services, or trying to disrupt services or the network. You shall also refrain from trying to intercept or sniff network traffic that is not intended for you. If you find you have access to data or services you should not have access to, inform the Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl)</div></div> | # <div class="NavFrame collapsed"><div class="NavHead">Respect the authorization restrictions set by Nikhef system administrators and users</div><div class="NavContent">Trying to circumvent effective or intended restrictions is not allowed (and unlawful as well). This includes, but is not limited to, accessing data not intended for the User, logging into a service or using an account you are not expressly authorized to access, probing the security of other networks, interfering with another users access to services, or trying to disrupt services or the network. You shall also refrain from trying to intercept or sniff network traffic that is not intended for you. If you find you have access to data or services you should not have access to, inform the Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl)</div></div> | ||
# <div class="NavFrame collapsed"><div class="NavHead">Respect intellectual property and confidentiality agreements</div><div class="NavContent">So do not publish, post, transmit or re-transmit, or put up on the web, items that violate the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for your use. Except of course as permitted by applicable Dutch law -- keeping in mind the rest of this AUP.</div></div> | # <div class="NavFrame collapsed"><div class="NavHead">Respect intellectual property and confidentiality agreements</div><div class="NavContent">So do not publish, post, transmit or re-transmit, or put up on the web, items that violate the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for your use. Except of course as permitted by applicable Dutch law -- keeping in mind the rest of this AUP.</div></div> | ||
| Line 12: | Line 12: | ||
# <div class="NavFrame collapsed"><div class="NavHead">Comply with the policies of Nikhef's service providers</div><div class="NavContent">Nikhef provides access to and brokers services of third parties for its users, such as connectivity to the public Internet through SURFnet, access to Federated Services, or other hosted services like backup and calendering. You should at all times comply with the policies, terms and conditions of use of these service providers. </div></div> | # <div class="NavFrame collapsed"><div class="NavHead">Comply with the policies of Nikhef's service providers</div><div class="NavContent">Nikhef provides access to and brokers services of third parties for its users, such as connectivity to the public Internet through SURFnet, access to Federated Services, or other hosted services like backup and calendering. You should at all times comply with the policies, terms and conditions of use of these service providers. </div></div> | ||
# <div class="NavFrame collapsed"><div class="NavHead">You share resources with others - be nice</div><div class="NavContent">Even when staying within the intended use, it is quite possible to strain resources to such an extent that other users can no longer make use of them. Running CPU intensive applications on the general login server, or using this service for bulk data transport are some examples. Making an outbound telephone call for a phone conference and then put it on hold, but subsequently forget about it - exhausting our telephone lines as well as incurring a high bill. When such incidents are detected, the program or call in question will be terminated by Nikhef CT staff to preserve operational integrity. Users should subsequently refrain for such actions (so do not just try it again) and may work together with system administrators to see if a less disruptive alternative exists.</div></div> | # <div class="NavFrame collapsed"><div class="NavHead">You share resources with others - be nice</div><div class="NavContent">Even when staying within the intended use, it is quite possible to strain resources to such an extent that other users can no longer make use of them. Running CPU intensive applications on the general login server, or using this service for bulk data transport are some examples. Making an outbound telephone call for a phone conference and then put it on hold, but subsequently forget about it - exhausting our telephone lines as well as incurring a high bill. When such incidents are detected, the program or call in question will be terminated by Nikhef CT staff to preserve operational integrity. Users should subsequently refrain for such actions (so do not just try it again) and may work together with system administrators to see if a less disruptive alternative exists.</div></div> | ||
| − | # <div class="NavFrame collapsed"><div class="NavHead">Monitoring and logging of network traffic and e-mail</div><div class="NavContent">Systems and network are monitored in order to detect trouble in an early stage and rapidly mitigate potential damage, for administrative, operational, accounting, monitoring and security purposes only. In order to trace problems on the network to the source, logs of network traffic | + | # <div class="NavFrame collapsed"><div class="NavHead">Monitoring and logging of network traffic and e-mail</div><div class="NavContent">Systems and network are monitored in order to detect trouble in an early stage and rapidly mitigate potential damage, for administrative, operational, accounting, monitoring and security purposes only. In order to trace problems on the network to the source, logs of all network traffic flows (but not their content) may be kept for a period of up to 14 days. E-mail transactions (its source and destinations, but again not its content) are also logged, in a secured system, and retained for a maximum of 90 days. Access, authentication and authorization (collectively "security") logs are kept for a period of up to 400 days. Both email and security logs are also backed-up for an additional period of 100 days. Obviously, user data, including stored e-mail, will only be inspected if there is a strong and substantiated suspicion of misuse of services or illegal activities. If you want to know what kind of logs are kept about your use of ICT services, you can always contact the CT department. We follow [http://www.cbpweb.nl/downloads_av/av21.pdf CBP guidance on working in networks].</div></div> |
# <div class="NavFrame collapsed"><div class="NavHead">Enforcement</div><div class="NavContent">Access to services may at any times be suspended or terminated discretionarily for administrative, operational or security purposes. It is common for access to be suspended as part of an incident investigation, even when a violation is merely suspected. As a general matter prior to terminating service, Nikhef will attempt to work with the User to cure violations and to ensure that there is no re-occurrence of the violation. </div></div> | # <div class="NavFrame collapsed"><div class="NavHead">Enforcement</div><div class="NavContent">Access to services may at any times be suspended or terminated discretionarily for administrative, operational or security purposes. It is common for access to be suspended as part of an incident investigation, even when a violation is merely suspected. As a general matter prior to terminating service, Nikhef will attempt to work with the User to cure violations and to ensure that there is no re-occurrence of the violation. </div></div> | ||
Revision as of 11:13, 3 April 2012
Acceptable Use
This Acceptable Use Policy governs the use of the Nikhef networking and computer services; all users of these services are expected to understand and comply to these rules.
- Use for intended purposeNikhef offers the services to enable the users (employees, students and collaborators) to do their work. The services may not be used for commercial or political purposes. A limited amount of private use is allowed as long as it does not interfere with normal duties and does not incur significant cost. When in doubt about any form of personal use, ask first!
Of course, there are lots of actions that are most certainly not intended: sending spam, trolling on forums or newsgroups, forwarding chain letters or phishing attempts, cracking passwords, attacking other systems on the Internet, random calling or tele-marketing, stalking, etc. - Obey the lawSeems logical, doesn't it?
- Respect the authorization restrictions set by Nikhef system administrators and usersTrying to circumvent effective or intended restrictions is not allowed (and unlawful as well). This includes, but is not limited to, accessing data not intended for the User, logging into a service or using an account you are not expressly authorized to access, probing the security of other networks, interfering with another users access to services, or trying to disrupt services or the network. You shall also refrain from trying to intercept or sniff network traffic that is not intended for you. If you find you have access to data or services you should not have access to, inform the Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl)
- Respect intellectual property and confidentiality agreementsSo do not publish, post, transmit or re-transmit, or put up on the web, items that violate the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for your use. Except of course as permitted by applicable Dutch law -- keeping in mind the rest of this AUP.
- Protect your access keys (passwords, private keys, security tokens)You are responsible for anything that is done under your account, so by sharing credentials you become responsible for the other persons behaviour. You can and should not be. Access keys are yours and yours only: so do not share your credentials with others. These include your single-sign-on (SSO) password, the pass phrase for your certificate's key, the password that protects your SSH key pair. If you feel the need to share, there is always a proper solution. Also, any credential that grants to access to other services (at Nikhef or elsewhere) must be protected with at least a password or better.
If you think your credentials have been stolen of sniffed, inform the help desk immediately and - if possible - change them from a trusted computer and location.
If you have been given credentials for special services (such as a VoIP telephony roaming password, or access to a generic account) you must protect these according to the specific instructions given to you. - Report suspected security breaches and misuseWhen you discover vulnerabilities, witness abuse, or see other forms of non-acceptable use, you should report these incidents to the Nikhef Computer Security Incident Response Team through the help desk (helpdesk@nikhef.nl). Of course, you should not attempt to exploit such vulnerabilities to circumvent security controls or harm Nikhef, it's services, staff or reputation in any way - such attempts in itself are a violation of this Acceptable Use Policy.
- Do no harm to Nikhef, it's services, staff or reputationHarm is more easily done than repaired! Data is easily deleted or modified but hard or impossible to recover. A rash document (as well as of course offensive material) put up on your home page is quickly indexed by search engines and will never disappear from the web. Confidential data accidentally disclosed will never be secret again. A defamatory remark will live forever in cyberspace. An infected home laptop or smart phone will quickly poison other systems at Nikhef and many person months will be wasted to recover from the incident. So do no harm.
- Comply with the policies of Nikhef's service providersNikhef provides access to and brokers services of third parties for its users, such as connectivity to the public Internet through SURFnet, access to Federated Services, or other hosted services like backup and calendering. You should at all times comply with the policies, terms and conditions of use of these service providers.
- You share resources with others - be niceEven when staying within the intended use, it is quite possible to strain resources to such an extent that other users can no longer make use of them. Running CPU intensive applications on the general login server, or using this service for bulk data transport are some examples. Making an outbound telephone call for a phone conference and then put it on hold, but subsequently forget about it - exhausting our telephone lines as well as incurring a high bill. When such incidents are detected, the program or call in question will be terminated by Nikhef CT staff to preserve operational integrity. Users should subsequently refrain for such actions (so do not just try it again) and may work together with system administrators to see if a less disruptive alternative exists.
- Monitoring and logging of network traffic and e-mailSystems and network are monitored in order to detect trouble in an early stage and rapidly mitigate potential damage, for administrative, operational, accounting, monitoring and security purposes only. In order to trace problems on the network to the source, logs of all network traffic flows (but not their content) may be kept for a period of up to 14 days. E-mail transactions (its source and destinations, but again not its content) are also logged, in a secured system, and retained for a maximum of 90 days. Access, authentication and authorization (collectively "security") logs are kept for a period of up to 400 days. Both email and security logs are also backed-up for an additional period of 100 days. Obviously, user data, including stored e-mail, will only be inspected if there is a strong and substantiated suspicion of misuse of services or illegal activities. If you want to know what kind of logs are kept about your use of ICT services, you can always contact the CT department. We follow CBP guidance on working in networks.
- EnforcementAccess to services may at any times be suspended or terminated discretionarily for administrative, operational or security purposes. It is common for access to be suspended as part of an incident investigation, even when a violation is merely suspected. As a general matter prior to terminating service, Nikhef will attempt to work with the User to cure violations and to ensure that there is no re-occurrence of the violation.
Legalese
Liability
In no event will Nikhef be liable to any user or third party for any direct, indirect, special or other consequential damages for actions taken pursuant to this AUP, including, but not limited to, any lost profits, business interruption, loss of programs or other data, or otherwise, even if Nikhef was advised of the possibility of such damages.
Complaints
Complaints regarding violations of this AUP, as well as concerns regarding objectionable material sent from or distributed via Nikhef, will be accepted via e-mail at abuse@nikhef.nl, so long as a valid return address is included. Nikhef must be able to independently verify each instance of abuse: for objectionable email each complaint must include the COMPLETE TEXT OF THE OBJECTIONAL MESSAGE, INCLUDING ALL HEADERS. Please do NOT send excerpted parts of a message; sending a copy of the entire message, including headers, helps to prevent misunderstandings based on incomplete information, or information used out of context. Full headers demonstrate which path the message has taken, and enable us to determine whether any part of the message has been forged. This information is vital to our investigation. If you consider material located on Nikhef resources (e.g. published via its web site) to infringe on your rights, provide the complete URL, the time you visited this URL, and complete and sufficient evidence as to why you consider such a publication to infringe on your rights under Dutch Law.
Responsibility
Nikhef is not responsible for the content of email communications sent by its users, not for information published on user personal home pages. This responsibility rests with the user. At its sole discretion, Nikhef reserves the right to remove materials from its servers and to terminate access to services for the user that Nikhef determines has violated this AUP.
Modifications
Nikhef retains the right to modify the AUP at any time. Such modifications shall become effective at the moment they are adopted by Nikhef and will apply to all users, current and future.
