Department of Astronomy Acceptable Use Policy

1. Purpose

Since the university holds the department IT staff and management responsible for all machines connected to the department's networks, it is necessary to define minimum standards for the use of machines regardless of the owner or administration of the equipment. The purpose of this document is to define the minimum standards for all equipment currently or intending to be connected to the different networks for which the department bears responsibility. Compliance with these standards is mandatory. It is not the purpose of this policy to impose restrictions on the established culture of openness, trust, and integrity, but to protect the students, staff, faculty, and department from illegal or damaging actions by individuals, whether knowingly or unknowingly. Inappropriate use exposes the department to risks including virus attacks, compromise of network systems and services, and legal issues.

2. Scope

All users of any equipment currently connected, or intended to be connected, to the department network at any time are subject to this policy. This includes users of any machines, whether owned by the department, an individual, a visitor, or any other entity, including machines and equipment connected or intending to be connected both indirectly (e.g. behind a NAT device, hub/router, or wireless) and directly (e.g. to the network jack).

3. Policy

Additionally, the department has other policies with which machines must be in compliance. It is the responsibility of the user to ensure that their machines are in compliance with all applicable department and university policies.

3.1. General

3.1.1. All users are expected to understand and abide by official University policy regarding appropriate use, and follow all local, State, and Federal laws. In particular, all Federal laws concerning intellectual property and software licensing must be followed at all times.

3.1.2. While the department IT staff desires to provide a reasonable level of privacy, users should be aware that the confidentiality of information residing on department systems or machines which rely on department networks cannot be guaranteed.

3.1.3. Any information for which a user feels may be sensitive or vulnerable should be encrypted. The university has existing policy defining High Risk and Confidential information, and the department recommends the encryption of all such information.

3.1.4. The department reserves the right to audit networks and systems on a periodic basis to ensure compliance with this and other department policies.

3.2. Unacceptable Use

The following activities are, in general, prohibited. Users may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g. IT staff may have a need to disable the network access of a host if that host is disrupting production services). Under no circumstances is any user authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing department resources.

The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

3.2.1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by the user.

3.2.2. Unauthorized copying or storage of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music or videos, and the installation of any copyrighted software for which the department or the end user does not have an active license is strictly prohibited.

3.2.3. The use of peer-to-peer file sharing networks such as bittorrent, kazaa, edonkey, and IRC file transfer is strictly prohibited. Exceptions are granted by IT staff on a case by case basis for those uses which further the mission of the department.

3.2.4. Introduction of malicious programs into any host or network (e.g., viruses, worms, Trojan horses, email bombs, etc.).

3.2.5. Revealing your account password to others or allowing use of your account by others.

3.2.6. Engaging in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws.

3.2.7. Facilitating security breaches or disruptions of network communication in any way. Security breaches include, but are not limited to, accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access, unless these duties are within the scope of regular duties.

3.2.8. Port scanning or vulnerability scanning a computer other than your own or one you manage is expressly prohibited unless prior approval is given by IT staff.

3.2.9. Executing any form of network monitoring which will intercept data not intended for the user, unless this activity is a part of the employee's normal job/duty.

3.2.10. Circumventing, or attempting to circumvent, user authentication or security of any host, network or account.

3.2.11. Interfering with or denying service to any user (e.g. a denial of service attack).

3.2.12. Sending or facilitating the sending of unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (i.e. spam).

3.2.13. Unauthorized use, or forging, of email header information.

4. Enforcement

Anyone found to have violated this policy may be subject to disciplinary action, including complete and permanent termination of access to the department network. In addition, the department and university also retain disciplinary authority in certain cases, including in the event of the infringement of intellectual property rights.