The use of ResNet is subject to:
ICT Usage Code of Practice (Regulations) Additional Regulations for the use of ResNet Facilities Conditions of Service for the use of ResNet Facilities Explanation of the Regulations Statement on copyright and Internet filesharing Guidelines for the responsible use of file sharing Server Regulations University policy on wireless LAN equipment Users must agree to these regulations and conditions when they sign the application form and apply to use the service.
ICT USAGE: CODE OF PRACTICE
Information Technology and Computing at Marjon
The University provides IT and computing facilities for use by all its members. Almost all students are likely to use Information Technology as part of their taught course or project work. To help you get started we have produced this guide showing what resources we have, how you can access them, what your responsibilities are and what to do if you have a problem.
Remember, we are here to help you and we welcome any and all feedback to help us improve our service to you.
What IT resources are there? Most of the PCs are connected to the University network and from any networked PC you can access a range of application software (Word, Excel, Access, Email and a variety of graphics, statistics and other programs) and all networked PCs have access to the Internet.
How do I access these resources? To gain access to these resources you will need to logon to the network. Your username is your unique 8 digit student ref number which is printed on your ENROLMENT FORM, your initial password will be Marjon-ddmmyyyy (where ddmmyyyy is your birth date in number format only) and you should change that password for one of your own choosing once you have logged on.
You will be provided with an area of network space where you can save your work, this workspace is limited and you will need to regularly delete old files. If you find this space is too little for the demands of your course please with your course tutor who will request an increase from Computing Services (please remember that network disc space is a finite resource and it is not possible for us to simply give every student unlimited space).
Whilst the University makes every effort to maintain secure backups of all data stored on the network it cannot guarantee the availability of that data under any and all circumstances. It is ultimately the student’s responsibility to ensure that they have secure copies of their own data.
What about printing? You can print to any of the network-connected Multi Function Devices (MFD) around the campus by sending your print jobs to the cloud printing system and releasing them at an MFD of your choosing. Each print request will be debited from your printer credits account. You can top up your printer credits at the Marjon Shop and Library.
What are my responsibilities when using IT at Marjon? Code of Practice Throughout this document, reference to any computing equipment, facilities or resources means any computing facilities: controlled by the University or owned by the University; or situated on University premises. It also covers information stored on the campus network, the campus management and administrative computing facilities, networked and standalone personal computers on campus, and any facilities used for processing such information off campus (including laptop machines and home-based facilities).
The University of St Mark & St John has a dynamic IT environment, characterised by the free sharing of information. The purpose of this Code of Practice is not to restrict the general openness experienced in a creative institution, but merely to safeguard certain essential activities of the University.
Access to facilities The use of computing facilities requires authorisation, prior permission must be obtained from Computing Services before any machine (PC, printer, etc.) can be connected to the network. No-one should use any Wi-Fi transmitting devices within the Campus grounds without express prior permission of the Network Manager.
Storage and publication of information Users must recognise that the resources of the University's network are limited and take due account of this in any use of the system. This consideration is relevant to the volume and nature of electronic mail, to individuals, news groups, and mailing lists; the size and location (particularly in other countries) of any files to be transferred; the use of programs that check for new files or logins every few seconds; and the storage of large amounts of data on central file servers.
Data protection Where personal data is to be stored, a user must comply with the Data Protection Act 1998.
The Data Protection Act 1998 concerns information about living, identifiable individuals that is processed automatically, or held in structured manual files. The Act gives individuals the right to have access to information stored about them and requires that this information is maintained and is correct. Organisations holding personal data must be registered with the Data Protection Registrar (an independent officer who reports directly to Parliament).
In addition, data users must comply with eight Data Protection Principles established by the Act. The Data Protection Principles are intended to protect the rights of the individuals about whom personal data is recorded. Guidance as to compliance with the principles may be obtained from the University's Data Protection Officer.
A user must ensure that the use of University-related personal data is restricted to the minimum consistent with the achievement of academic purposes; and contact the University's Data Protection Officer before conducting any activity that involves any form of processing of personal data.
Publication of information
The dissemination of information through the University's network or the Internet is in law the 'publication' of that information, and all legal rules governing publication (for example as to defamation) apply. Similarly, publication may have other legal effects; it may, for example, bar a subsequent application for a patent.
No user may create, store, exchange, display, print, publicise or circulate offensive or illegal material in any form, this includes:
any material that is pornographic, excessively violent or which comes with the provisions of the Obscene Publications Act 1959 or the Protection of Children Act 1978 (Any such publication will be regarded as a very serious matter, which will be reported to the police);
any material which may encourage discrimination on grounds of sex, gender, sexual orientation, race or ethnic origin, or which would contravene the Sex Discrimination Act 1975 or the Race Relations Act 1976; particular care is needed in the advertising of posts;
any material in the form of an advertisement (even in specific Usenet newsgroups) which does not comply with the Code of Practice issued by the Advertising Standards Authority, requiring that all advertisements should be "legal, decent, truthful and honest".
Users must not use the computing facilities to originate or forward chain letters, "for-profit" messages, or for the purposes of a pyramid selling scheme.
A user must not copy any copyright material without the written permission of the owner of the copyright, unless copying is covered by some other provision such as that in a software licence. The University reserves its rights to the crest and logos which are its property; they, and departmental addresses, may be used only for official purposes.
A user is responsible for all electronic mail sent from his or her account. Care should be taken to ensure that e-mail is sent only to the intended recipients and the content of messages should be checked before sending. It should be considered that e-mail may not be the best medium for sensitive information. A user must avoid careless or excessive use of e-mail as this may slow or restrict network access. It is prohibited to forge (or attempt to forge) e-mail messages, or to read, delete, copy, or modify the electronic mail of other users.
Electronic mail can be forged. A user who suspects that a message may not have been sent by the apparent originator should reply (or telephone) and ask for confirmation. Any misuse of electronic mail should be reported to Computing Services and will be investigated.
Misuse of facilities The University prohibits the misuse of computing facilities. No user may seek to or secure unauthorised access to any program or data held in any computer wherever located; a user must not attempt to decrypt system or user passwords or copy system files.
No user may use computing facilities so as to cause any unauthorised modification of the contents of any computer, wherever located, or in any way which jeopardises the work of others, or the integrity of the equipment or of any programs or data. This prohibits, inter alia, unsolicited or unauthorised "security tests" or "recovery tests", and the introduction of any viruses, worms, Trojan horses, logic bombs or any other harmful, disruptive, destructive or nuisance program or file on to any of the computing equipment, nor take action to bypass any security precautions installed by an appropriate authority to prevent this. (Further information on viruses is given in Appendix 1).
Careful consideration should be given to the content of any published material (eg e-mail, newsgroup contribution, Web page, images displayed on a screen, computer printout). Material that is unacceptable to the recipient and which creates an intimidating, hostile or offensive environment may constitute harassment under the University's guidelines. Publication of such material outside the University may harm the University's good name.
Users of University IT facilities must conform to all applicable rules of English law, for example the laws on pornography, blasphemy, and financial services advice.
The Computer Misuse Act 1990 creates a number of criminal offences:
Unauthorised access to computer material ('hacking') including the illicit copying of software held in any computer. This carries a penalty of up to six months imprisonment or up to a £5000 fine.
Unauthorised access with intent to commit or facilitate commission of further offences, which covers more serious cases of hacking, with a penalty of up to five years imprisonment and an unlimited fine.
Unauthorised modification of computer material, which includes the intentional and unauthorised destruction of software or data; the circulation of "infected" materials on-line; and the unauthorised addition of a password to a data file.
This offence also carries a penalty of up to five years imprisonment and an unlimited fine.
Discipline Breach of the Regulations is dealt with under the University’s disciplinary procedures. In addition, use of computing facilities in breach of this Code of Practice may lead to the restriction of access to or the withdrawal of computing facilities.
Any use or attempted use of facilities by a person debarred from access or by another person acting on that person's behalf constitutes unauthorised use is therefore a breach of the Code.
Use of Open Access Areas University open access computing facilities must be used solely for study related purposes between the hours of 9:00 a.m. and 5:00 p.m., or at other times if there are no machines free for academic work. Social e-mail, Internet chat and Web access for leisure are unacceptable when others are waiting to work. Misuse should be brought to the attention of Computing Services , with details of the machine used, the date and time. Disciplinary action will be taken where appropriate.
Logged in machines should not be left unattended in open access areas. Only one machine can be used by any individual at a given time. It is not permitted to reserve machines, either physically or by any other means (for example, running a password protected screen saver). Any other individuals who require the use of such a machine are within their rights to reboot and use that machine.
Food and drink is not permitted in any open access facility, and smoking, as within any other part of the University buildings, is prohibited. Noise should be kept to a minimum to encourage a good working environment. Threatening, harassing or abusive behaviour directed towards staff or fellow users is unacceptable.
Offensive material (abusive, sexist, racist, or pornographic) may not be displayed or printed in an open access area.
Passwords The password to a user's account is the key to the security of information, and more generally the integrity of the network system. A user is responsible for all activities and possible misuse originating from his or her account, and it is important that the password is not disclosed to anyone, whether intentionally or accidentally. It should not be written down or permanently stored on a machine or in a database. If a problem arises with a user's account, the password may be disclosed to a recognised member of Computing Services ; the password should be changed immediately after any such disclosure. (Advice on passwords is given in Appendix 1.)
Software Licences Users must comply with the terms of software licence agreements, copyright and contracts. A user is responsible for ensuring that his or her use of software is covered by a current licence or contract. Software provided on servers and central systems, including site licensed and Microsoft licensed software, must not be copied to hard disk or anywhere else. Software with non-transferrable licences must be removed when machines are decommissioned.
Similarly, use of facilities provided through JANET and CHEST and similar organisations or networks must comply with the relevant conditions and policies (see Appendices 2 and 3).
University liability The University can accept no responsibility for the malfunctioning of any computing facility, loss of data, or the failure of any computer security system, or any losses while using University systems. The University does not guarantee the continued availability of any IT facilities and accepts no liability for any loss or damage caused by the temporary or permanent withdrawal thereof.
Appendix 1 Additional advice Viruses A computer virus is a malicious parasite program written to alter the way your system operates without your permission or knowledge. It may destroy data, display messages or destroy functionality. A virus spreads by copying itself to other disks as they are loaded on an infected system. They are primarily a problem when floppy disks are exchanged by users. The virus is propagated to new systems if it is booted from, or runs a program from, an infected disk. However, they are becoming more and more sophisticated. It is not only floppy disks that can be infected, fixed disks and network disks can also be compromised.
The basis of protection is awareness of the dangers of using external disks that may be infected and the use of appropriate virus detection software. Users are advised not to run or load any files into a system unless they come from a recognised and reliable source, which does not necessarily include all software providers. System software running across the network is regularly checked for viruses and is highly secure.
Virus check all floppy disks of uncertain or external origin before use. Public domain (freeware) and shareware software, probably obtained from the Internet, and any demonstration software from manufacturers should also be virus checked before use.
The University currently uses Sophos anti-virus software which is regularly updated to take account of the ever increasing number of viruses
The choice of a password Some passwords (names or words in the dictionary) can easily be broken using public domain software, others (car registration or telephone numbers) are easily guessed. Hence, never use a password that originates from your name, your partner's name, the name of your pet, etc.
Other techniques that are commonly thought to be secure but are not are the use of reversal and appending. Memorable words (or names) are just reversed by the individual or repeated. Again password cracking software can easily check for such ruses. So for example, do not use "egroeg" (the reversal of george) or "georgegeorge" (the appending of george to itself) or "georgeegroeg" (a reversal appending combination).
Similarly it is not secure to simply use your username (or the reversal) also as your password.
Passwords should be alphanumeric (i.e. combinations of both letters and numbers). However, it is not a case of just appending or prepending a number onto an otherwise easily guessed password. Hence, for example do not use "john3" or "7susan". Also do not convert standard letters into numbers, for example replacing the letter "l" with the number "1" or the letter "o" with the number "0". So do not use something like "he110". Adding punctuation also makes a password more complex to guess.
A password should consist of 14 characters or greater and must have letters (CAPITAL and lowercase), numbers and a symbol.
A good system to use when choosing a password is to think of a phrase that is memorable to you, then break this down to the first character of each word, and finally intersperse this with a few numbers and punctuation. So for example, using the phrase "the geese fly backwards over University of St Mark & St John " you would break this down to "tgfbocosmasj" and then mix in some numbers and punctuation to result in a password of "t3gf4b£5ocosm&sj". Be wary, however, of using well-known phases like quotations from Shakespeare ("tbontbtitq"). In addition, you should also think about how fast you can type a more difficult letter combination password, particularly in the presence of others who may be able to observe and remember a slowly typed password.
Backups and Storage It is recommended that, in the majority of cases, information be copied regularly to backup media (e.g. USB drive, external hard drive, CDRW, external email account etc.). It is also recommended that backup media are stored away from the equipment they protect, in case of machine failure, fire or catastrophe. Computers are machines and all machines will fail at some point.
In addition, you are advised to abide by the following:
Save your work regularly as you are working;
Always save into your network account;
Periodically close down the software and COPY important saved files onto a floppy disk, zip disk or CDRW.
Use of Display Screen Equipment No matter how good your typing skills (or lack of them), you can suffer serious ill effects if you use display screen equipment without a few sensible precautions.
1. Make sure that your equipment is properly adjusted
Ensure that your lower back is well-supported by adjusting the seat back height.
Adjust your chair seat height so that your forearms are level when using the keyboard.
Make sure that the leading edge of the keyboard is at least 8-10 cm away from the edge of then desk.
If you use a mouse, have it far enough away from the edge of the desk so that your wrist is supported whilst you use it. If you can learn to use the mouse with either hand, so much the better.
2. Do not have your screen positioned in such a way that there is glare from the windows or room lights.
3. Maintain good posture - do not lean to one side or the other.
4. Take regular breaks away from display screen work. The experts recommend that you should take at least 10 minutes off every hour.
Most departments will have a Display Screen Trainer and/or Assessor who will be able to offer you specific advice if you use a display screen on a regular basis.
More information on working with VDU's can be found at the Health and Safety Executive Web site.
Appendix 2 JANET Acceptable Use Policy JANET is the network that links Universities, Colleges and research organisations throughout Great Britain and Northern Ireland . There are direct links to networks in Europe and the USA , by which JANET forms part of the global Internet. JANET is maintained to support teaching, learning and research. If a user sends or receives e-mail off-campus, use the World Wide Web, or any other Internet facilities this involves utilising the JANET network.
The following are extracts from the JANET acceptable use policy (Version 4, April 1995) available for fuller consultation on the Web at http://www.ja.net/documents/use.html
Subject to the following paragraphs, JANET may be used for any legal activity that is in furtherance of the aims and policies of the User Organisation.
JANET may not be used for any of the following.
The creation or transmission (other than for properly supervised and lawful research purposes) of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material;
The creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety;
The creation or transmission of defamatory material;
The transmission of material such that this infringes the copyright of another person;
The transmission of unsolicited commercial or advertising material either to other User Organisations, or to organisations connected to other networks;
Deliberate unauthorised access to facilities or services accessible via JANET;
Deliberate activities with any of the following characteristics:
Wasting staff effort or networked resources, including time on end systems accessible via JANET and the effort of staff involved in the support of those systems;
Corrupting or destroying other users' data;
Violating the privacy of other users;
Disrupting the work of other users;
Using JANET in a way that denies service to other users (for example, deliberate or reckless overloading of access links or of switching equipment);
Continuing to use an item of networking software or hardware after UKERNA has requested that use cease because it is causing disruption to the correct functioning of JANET;
Other misuse of JANET or networked resources, such as the introduction of "viruses".
Where JANET is being used to access another network, any abuse of the acceptable use policy of that network will be regarded as unacceptable use of JANET.
Where violation of these conditions is illegal or unlawful, or results in loss or damage to UKERNA or JANET resources or the resources of third parties accessible via JANET, the matter may be referred for legal action.
It is preferable for misuse to be prevented by a combination of responsible attitudes to the use of JANET resources on the part of users and appropriate disciplinary measures taken by their Organisations.
Appendix 3 CHEST Code of Conduct for the Use of Software or Datasets The operation of software obtained from/via CHEST (Combined Higher Education Software Team) must conform to the CHEST terms and conditions; such software is licensed for University use only. Because CHEST negotiated software originates from many different sources, the licensing associated with the software will vary. The CHEST Code of Conduct for the use of Software or Datasets, set out below and to which University users must conform, has been endorsed by FAST (Federation Against Software Theft) and is available for viewing on the Web at http://www.chest.ac.uk/conduct.html
This Code of Conduct should be observed by all users of software and/or computer readable datasets, hereafter referred to as "Product", that has been issued or made available to them by the "Institution". This Code does not constitute a licence and, in all cases, users of Product should acquaint themselves with the provisions of the relevant licence when they obtain a copy and before putting the same to use.
The Code of Conduct is in three parts :
Definition of Educational Use
Unless advised to the contrary it is to be assumed that Product is subject to Copyright Law and is provided for Educational Use, see "Definition of Educational Use".
The Institution will maintain a record, or require any Department which is in receipt of Product to maintain such a record, of each Product that is available for use in the Institution or, in the case of devolved responsibility, within the Department. In either case the record shall contain details of the licensing arrangements for each Product together with the names of any persons to whom a copy has been issued.
All employees and students of the Institution will be informed of this Code of Conduct and all users of Product will be advised of the conditions under which it may be used and will sign that they have been so advised. In the event that users, who are neither employees or students of the Institution, are authorised access to Product they will be similarly advised and shall be required to sign that they have been so advised and will further sign that they will abide by the Code before being given access to Product. The responsibility for ensuring that such users are so informed may be devolved to the "home" Institution by prior agreement between the Institutions.
All employees and students of the Institution will be issued with a copy of the Copyright Acknowledgement.
The Institution will organise arrangements for back-up, copying and distribution of Product and Documentation subject to the conditions of the licence. Users shall not copy or distribute copies of the software unless permitted to do so under the terms of the licence.
Where it is a condition of supply of Product the Institution will organise a single point of contact for dealing with queries and support of Product. It is recommended that, unless special conditions pertain, this point of contact should be within the Computer Centre.
In the event of termination of the licence for a Product, the Institution will instruct the single point of contact to call in all copies of Product and, where appropriate, make arrangements for the safeguarding of the authorised archival copy.
The Institution shall not permit users to reverse engineer or decompile Products unless permitted so to do under the terms of the Copyright, Designs and Patents Act 1988 and associated Statutory Instruments, or under the terms the licence.
The Institution will use its best endeavours to apply, administer and ensure compliance with this Code of Conduct.
The following are the ground rules and any variation should be a matter for discussion either centrally, by the body negotiating the licence terms, or, where there is no community-wide negotiation, by an Institution BEFORE the form of licence is signed.
The following is a full quotation from the "General Licence Conditions" which apply in CHEST centrally negotiated agreements and in the recommended "Form of Licence" for non-centrally negotiated offers.
Product may be used by any employee, student, or other persons authorised by the Licensee for the purposes of the normal business of the Licensee's organisation, whether or not they are located on the Licensee's premises. Such use of Product includes the following:
Personal educational development
Administration and management of the business of the Licensee's organisation.
Development work associated with any of the above.
Consultancy or services leading to commercial exploitation of Product
Work of direct benefit to the employer of students on industrial placement or part-time courses paid for by the student's employer.
In (i) and (ii) above the Licensor may allow such use in return for acknowledgement of use of Product and/or for an agreed fee.
Note "Commercial Exploitation" in the context of this Code is the use of Product for monetary gain either by the Institution or an individual. Where Product is so used this must be a matter for discussion between the Supplier and the Licensee.
No persons shall be excluded from use of Product for reasons of nationality or citizenship.
All persons who are provided by the licensee with copies of Product must have signed a declaration incorporating the Copyright Acknowledgement.
I agree that my usage of any Software or Computer Readable Datasets, hereafter referred to as "Product", issued or otherwise made available to me by a School or Department of an Institution is subject to the following conditions:
I will ensure that all the requirements of the agreements or contracts under which Product is held by the Institution will be maintained. (Copies of the relevant agreements or contracts may be seen by application to the School or Department which made Product available.)
I will not remove or alter the Copyright Statement on any copies of Product used by me.
I will ensure the Security and Confidentiality of any copy released to me, and will not make any further copies from it or knowingly permit others to do so.
I will use Product only for purposes defined in the Agreement, and only on computer systems covered by the Agreement.
I will not incorporate a modified version of Product in any program written by me without express permission of the Licensor.
I will not reverse engineer or decompile Product or attempt so to do other than as provided for by the terms of the Copyright, Designs and Patents Act 1988 and associated Statutory Instruments, and after confirmation of such permission from my Institution.
I will return all copies of Product at the end of the course/year/period of employment or when requested to do so.
In signing this Copyright Acknowledgement, I realise that the Institution reserves its right to take legal action against individuals who cause it to be involved in legal proceedings, as a result of violation of its licensing agreements.
Computing and Media Services
Phone: ext 4333
Student IT support (SITS)
Open Access computer rooms - open 24 hours
Additional Regulations for the use of ResNet Facilities
1.1 Rights in software.
ResNet users may be permitted to use software specifically licensed to the University; users must remove such software from their computers when they leave the University or are instructed to do so.
1.2 Use of University Resources.
Users must not operate a service that redistributes ResNet access or any other University resource to others.
No device attached to the University ResNet network may be configured with any addresses other than those issued to it or authorised for it.
1.4 Equipment connected to ResNet data networks.
Each user may connect a single computer to the ResNet data network point in his or her room. Connection of any other device will usually cause the point to become inoperative. The following uses of a computer connected to the ResNet data networks are contraventions of these regulations:
provision of access to the ResNet data networks by any person other than the one registered as the user of this connection; use as a server, unless registered with and authorised by Computing Services ; computers registered as servers must comply with all ResNet server regulations. If the user is in any doubt as to whether his or her computer should be categorised as a server the user must consult Computing Services .
1.5 Generation of chargeable data network traffic.
The University incurs charges for network traffic transferred across certain networks. Users are expected to generate such traffic only where necessary, and to minimise it as much as possible. Any user who persists in generating excessive chargeable data network traffic after having been requested not to do so by Computing Services is in contravention of these regulations and action will be taken to recover the charges incurred.
1.6 Computer Misuse.
It is a breach of these regulations, and it may also be a criminal offence under the Computer Misuse Act 1990, to:
attempt to damage or disrupt the hardware, software or data of computer systems. attempt to crash another computer, deny access to a service or disrupt a service in any other way. attempt to gain unauthorised access to any computer system. Unauthorised access includes, but is not limited to: gain access to password protected drives or directories without the owners expressed permission use password cracking programs, or attempt to gather passwords by intercepting traffic or other means, gain access or attempt to gain access to another computer without the owners permission. port scan any system without the owners expressed permission. distribute or attempt to install back-door trojan horse programs on computer systems Any reports received by Computing Services that computer misuse has occurred will result in the ResNet connection being disabled and the matter dealt with by University disciplinary procedures or reported to the police where appropriate.
1.7 Computer Security.
Users are responsible for the security and integrity of their system and must ensure that their computer and ResNet connection are secure and not open to misuse by others. Users must follow advice from Computing Services to install, reconfigure or upgrade software where necessary to ensure security. In cases where a users system has been breached it is recommended that the system is removed from the network in order to prevent the attack from spreading. If the system owner cannot be contacted in reasonable time, Computing Services reserve the right to disable their network connection. Only when the system owner has taken reasonable steps to ensure that the computer is not compromised, will network privileges be restored.
2.1 Withdrawal of facilities.
If a user is in breach of any of these regulations, Computing Services may withdraw or restrict access to ResNet facilities.
2.2 Disciplinary action.
Any breach of University regulations may be reported to the Director of Information Services to be dealt with under the University's disciplinary procedures. Computing Services may request that a user be charged for extra work that has arisen as the result of computer misuse.
Conditions of Service for the use of ResNet Facilities
1.1 Acceptance of Responsibility.
A user will be held responsible for any breach of regulations carried out by others with the use of his or her ResNet connection.
1.2 Service during vacations.
Service will be available during the Christmas and Easter vacations for users resident in their own room, and for users who move room temporarily within each of these vacations. ResNet access will be available during the summer vacation. Due to work on infrastructure upgrades the service may be subject to interruption without notice and only limited support will be available.
1.3 Interruption of service.
The service may be unavailable for brief periods due to normal scheduled maintenance, of which users will be notified in advance wherever possible. The ability to offer a service may be affected by failure of equipment on ResNet or connected networks, including those outside the control of the University. Users should be aware that problems which occur out of term time or when the University is closed, may take longer than normal to resolve.
1.4 Network security.
To ensure the security of ResNet, the University reserves the right to conduct scans of the network in order to determine what computers are connected to it and what services they are operating. If there is reasonable ground to believe that a computer connected to the network may present a security risk or contravenes the acceptable use policy, Computing Services may request full access to the system in order to assess and resolve the problem.
Explanation of ResNet Regulations
Why are there so many regulations?
ResNet has its own regulations to ensure that it can deliver its services to its users, protecting them from other, badly-behaved, users who could have a detrimental effect on the network. ResNet is connected to other networks, and each is governed by its own regulations. ResNet is a part of the University network, and so the University's Regulations, code of conduct and guidelines for the use of computing facilities apply to ResNet. ResNet's Internet access is provided through the national academic network, JANET, and so its Acceptable Use Policy applies. (www.ja.net)
What happens if I break the Regulations?
The possible penalties are explained clearly in the regulations for the use of Computing facilities and the additional regulations for the use of ResNet facilities.
I think someone else is breaking the Regulations, what do I do?
You should report this to Computing Services , as soon as possible, who will take appropriate action.
Why should I care about computer security?
Your computer and its data may be very important. For example, you could have a real problem if a computer virus destroyed your only copy of an essay you have been working on. Under ResNet's regulations, you can be held responsible for any abuse of the network that occurs using your computer or ResNet connection - even if someone else carried it out. For example, if anyone uses your computer to send abusive email you could be blamed. This could happen if they sit down and use your computer directly or break into it from anywhere else on ResNet or the Internet. Reading the document Information about viruses and computer security and following the advice will avoid these sorts of problems.
Can I run a Web server on my computer connected to ResNet?
The ResNet service is designed to offer Internet access to the majority of its users, who are interested in client access to basic services such as web and email. However we realise that some users have other needs and so try to accommodate them where we can.
What about other servers, like Mail, News, FTP and Telnet?
There is a set of regulations for the use of servers which specify what services you may offer. These are designed to ensure that servers operate without disrupting the network. If you are not sure whether your intended use of your computer counts as a server, ask for advice. Anyone found running a non registered server will be in breach of the ResNet Regulations.
If you want to offer a server, first check with the server regulations on the ResNet web site to see if it is allowed, or allowed with certain restrictions. You will then need to contact Computing Services to register your server by telling us what services you plan to offer. Only after you have registered your server and received permission will you be allowed to operate a server.
Can I connect more than one computer to ResNet?
To ensure the security of the ResNet network we need to know which computers are connected to the network and who is responsible for them. This is why you need to register your computer on ResNet when you first connect.
When you fill in the registration form the MAC address (also known as an ethernet address - nothing to do with Apple Macs) of your ethernet card is recorded and your ResNet socket will only work with this address in future. Connecting a different computer or ethernet card will disable the socket.
If you replace your computer or ethernet card during the year you will need to call Computing Services who can reset the socket to work with your new card.
You can't connect several computers to your ResNet socket through a hub as this will send multiple MAC addresses to the socket which will cause it to be disabled.
Sharing a ResNet connection by extending the network to someone else in another room who has not subscribed to ResNet is a theft of the ResNet service and is a breach of the Regulations.
Unless otherwise stated, all software and other information found on computers is protected by copyright. Do not attempt to copy software or any other files unless it is specifically stated that they are in the public domain or the copyright notice specifies that they may be copied. Often copyright notices specify the conditions under which the software or on-line information may be copied - for example that it may be copied for use free of charge in educational institutions only, or that it is 'shareware', that is, you may use it for a short evaluation period but you must then pay a fee to the copyright holder if you want to continue using it.
Some of the software supplied by ResNet is site-licensed to the University. Obtaining this software through the University by or for anyone who is not a member of the University is in breach of copyright law and may be liable to prosecution. You must remove this software from your computer when you leave the University.
Software is not the only copyrighted material you may come across. Music found on the Internet (normally as mp3 files) is often in breach of copyright rules. Making copies of, or receiving and distributing copyrighted materials to other people (eg by putting up a server or shared folder containing them) is also an offence and may be treated very seriously.
Many computers on the Internet offer public services such as World Wide Web and anonymous ftp servers. However, the fact that you can connect to a computer does not automatically give you a right to use it. If you use or attempt to use a computer that you are not authorised to use, you are committing an offence under the Computer Misuse Act 1990. If you are in any doubt as to whether you are entitled to use a computer or not, assume that you are not.
Computer misuse is not limited to the traditional image of breaking into computers used by banks or the military. Example of computer misuse include:
Distributing viruses to other computer users. Use of trojans or back-door programs to gain access to the computer of another ResNet user. Sending a 'mail-bomb' or other denial of service attack intended to disrupt a computer system. Accessing password protected drives without the owners expressed permission. Port scanning any system without the owners expressed permission. What you may think of as a joke or prank may be viewed more seriously by the recipient or the University authorities. In most cases the offender will be barred from using ResNet. If you suspect you have been a victim of such an attack please report the incident to Computing Services .
What is port-scanning and why is it against the regulations?
Port scanning is a method of connecting to other networked computers to see what services (shared folders, web servers, etc) they are operating. For example, port scanning could be systematically scanning every computer on a network to see if it has shared folders, or scanning one individual computer to check for every possible service.
Unless you have been given permission by the owner of the computer you must not port scan or otherwise attempt to access any services provided by that computer. Testing which services a computer offers is the first step an intruder uses as part of an attempt to break into a computer and gain control of it. Security-aware users, such as those with personal firewall software, will notice connection attempts and be suspicious because without their permission in advance you should have no reason to connect to their systems.
Therefore you must never port scan a computer unless you have been given permission to do so. Under no circumstances are you permitted to scan an entire network of ResNet users. Software is available (one popular example is called Essential NetTools) that will scan whole networks looking for shared folders or other services. You must not use that feature of it, and should now understand why.
Statement on copyright and Internet file sharing
Music found on the Internet (typically as MP3 files) is normally subject to copyright and reproduced illegally without a licence from the copyright holder. Although some MP3 files found on the Internet are distributed legally, it is fair to say that the vast majority are distributed without permission. Anyone distributing, accessing or storing such material is breaking the law. Copyright applies to software, music, video and other forms of information stored on computer. There are a number of Internet filesharing networks used to distribute files. The original and best known of these is Napster.
If you use an Internet filesharing program you need to know that as well as letting you download files from other people it will also (unless you specifically tell it not to) share files you have so that anyone else can access them, turning your computer into a server. Industry organisations responsible for copyright enforcement can trace who is serving the files and take action (including legal action) accordingly. The University has been contacted on several occasions by copyright holders alerting us to a user breaching copyright. We then had to take action to prevent the offence continuing, including immediately disconnecting the user's network connection.
If you use Internet filesharing to download or make available copyrighted files via the University's network then you are:
breaking University regulations. putting yourself at risk of legal action. putting the University at risk of legal action. University computing regulations state that failure to comply with the terms of copyright legislation will render the user personally liable for any fines. ResNet regulations state that you cannot run a server (i.e. a computer that makes files or services available remotely) on your ResNet connection without permission from Computing Services . Breaches of the regulations can be dealt with by University disciplinary procedures.
In addition to legal problems, there are other problems with filesharing programs:
They are massive bandwidth hogs, generating disproportionate amounts of Internet traffic and so swamping other uses of the network, including academic use. We have guidelines on the responsible use of filesharing to reduce network congestion. By following the guidelines you can reduce congestion by stopping other people accessing your computer but still be able to access files from other computers yourself. They are a risk to your security and privacy on the Internet - by their nature they make files on your computer available to other people. An additional problem is the third-party programs that are bundled with filesharing clients in order to finance them. These extra programs are generally installed on your computer without you realising, and can then take various actions such as collecting personal information about you, tracking web sites you visit, and targetting you with additional advertising. See this information on Adware and Spyware. They can break your network connection and stop your Internet access working. For example, when Kazaa is installed on many computers, Netscape & Internet Explorer crash every time you type in a web address. Uninstalling Kazaa solves that problem, but some similar problems are much more difficult to resolve. We recommend that you don't use Internet filesharing programs. However if you do use them you need to follow our guidelines on responsible use of filesharing. There is also a file and printer sharing feature built into Windows (Network Neighbourhood/My Network Places). This is limited so that it is contained within the University network and may be useful (for example when collaborating on a group project with other students). However it also has its own security risks and so if you use it you need to read our Instructions on Windows File & Printer Sharing.
Guidelines for the responsible use of Internet file sharing
· Turn off the server portion of the program - tell it not to make files on your hard disk available to other users, or restrict it to only share files from a single (empty) folder.
· After using filesharing programs, make sure you shut them down correctly by choosing File, Exit or File, Quit. If you can see an icon for it in the system tray at the bottom right it is still running and you need to close it. Click the right-hand mouse button on the icon and choose Quit, Exit or Close.
· Assume any file is subject to copyright unless you know otherwise and get the written permission of the copyright holder before receiving or distributing it.
· Limit your usage of filesharing as much as possible so that filesharing doesn't swamp other usages and other people can still access the network for academic purposes. Remember that the network is a shared resource and the primary purpose of providing network access is for educational use.
· Don't use a 'start this program when I start the computer' option if provided.
· Turn off the computer when not using it.
Most users of ResNet use the network for client applications such as web and email and this is what the network is intended for. However we are aware that some users have broader needs to run servers as well as clients. We allow this as much as possible, as long as it does not cause problems with security, bandwidth or disruption of other services.
Before running any server software you must read and agree to this document. Then email Computing Services and ask for permission, detailing what services you wish to offer and the OS and software you will use to do so. There are certain services that you won't be permitted to run as they could interfere with the correct operation of the network. Other servers are fine, or allowed providing they are configured in a certain way.
If in any doubt about the regulations on servers, always contact Computing Services for advice.
Restrictions on all servers
You must be aware and agree that:
You must ensure that your computer is secure and cannot be broken into by someone else. Keeping a server secure can be a difficult task as new vulnerabilities are continually reported. You need to subscribe to relevant mailing lists and apply patches as soon as they are available. Note that under the ResNet regulations if someone else takes over your computer system and breaks the regulations you will also be held responsible for those actions due to your negligence in not securing the system. ResNet is intended for educational and personal use only - we can't permit commercial use as this would break agreements under which the University receives its network access. Commercial use, for example would include hosting a web site for a company external to the University. You must abide by the ResNet regulations and the law on copyright. You must not make copyrighted materials available to other people without permission from the copyright holder. Logs must be made of all service access and kept for a minimum of 6 weeks. If any non-anonymous services are offered to people other than the registered ResNet user are offered then accounts on the machine must conform to the University common username scheme. Only people who are members of the University with an email address @student.marjon.ac.uk or @marjon.ac.uk may be registered on any system. A number of services are firewalled out so that connections on certain ports from outside the University will never reach servers on ResNet. This is done to protect vulnerable systems from automated attacks and notably includes web, ftp and telnet servers. We cannot make exceptions to these restrictions on a case by case basis, and may add further restrictions at any time it becomes necessary. There are no guarantees that your network connection will stay up permanently. There will be interruptions due to scheduled maintainance or unexpected problems. Bandwidth is limited collectively in incoming and outgoing directions. If your server generates very large amounts of traffic to the detriment of other users you will be required to stop it. Your IP address is likely to stay the same for very long periods but may change. In any case your dns registration will remain constant. The University may port-scan the network including your system for security reasons to see what services are operating. You are responsible for ensuring that your server is correctly licensed. For example, if you are using Windows NT or Windows 2000 you must have necessary connector licenses for the services you offer. Proscribed Services
These may not be offered under any circumstances:
DHCP/BOOTP (ports 67 and 68) Any routing protocols PCNFSD (this is an rpc based services, so ports vary) NNTP (port 119) (i.e. must not operate a Usenet News server) Any "reflector" type services (eg as used by an Mbone aware node to redistribute mulicast traffic) Any dial in services Authentication type services (eg kerberos) Any proxy services that redistribute network access
University policy on wireless LAN equipment
Notice of prohibition of wireless LAN equipment that is not centrally administered
No wireless LAN equipment (access points, bridges, etc) that is not under the direct supervision of Computing Services may be attached to the University's network.
Basis of prohibition
1. Security: wireless LAN is inherently insecure. Please refer to the following document published by the UK government for an excellent summary of the risks: http://www.uniras.gov.uk/l1/l2/l3/tech_reports/NISCCTechnicalNote04.htm.
2. Radio spectrum: the efficient operation of wireless LAN depends on a planned approach to the allocation of the spectrum available in the 2.4Ghz band available to wireless LAN. Rogue wireless hardware will interfere with other wireless hardware, resulting in degradation of performance on both networks.
Revised June 2004
Approved by: The Director of Information Services
Date: 26th July 2004