Chapter 1-SEASnet General Information 10/23/90 1.5. USER RESPONSIBILITIES AND SYSTEM SECURITY 1.5.1 General User Responsibilities When you have an account on a multi-user computer system like SEASnet, you must be especially considerate of your fellow users; on a multi-user system, unlike single-user systems, you are a member of a community, and your actions affect other people. You must not annoy people by sending things to their terminal screen or disrupting their work. And of course you may not attempt to capture or use other users' passwords or accounts, not even for fun or as a joke. * Account Privacy SEASnet accounts are issued solely for the use of the individual to whom they have been assigned. Use of any other user's account or loaning account privileges to another is prohibited and will result in loss of privileges with SEASnet. Report unauthorized use of your account immediately to a SEASnet staff member. * Illegal Copying SEASnet operates its software under various licenses and copyrights. Unless explicitly stated in the documentation (for example, see the online Kermit documentation), users are not permitted to make copies of the software for use on non-SEASnet machines. Conversely, SEASnet does not permit illegally copied software to be used on its machines. * Use of SEASnet's Computing Facilities Use of SEASnet's computing facilities, including hardware, software, and networks is restricted to the purposes for which SEASnet accounts are assigned. These uses are limited to research and educational purposes. Any personal or commercial use of SEASnet equipment is prohibited. * Password Security Guessed passwords still form the most common method by which outsiders penetrate an account. The following guidelines will help minimize the possibility of anyone discovering your password and gaining access to your account privileges. a.Do not give your password to any other individual. b.Do not type your password while someone is watching you work. c.Change your password frequently by using the command passwd. It will ask for your existing password and then the new one (Note:this command is only available when using UNIX interactively--AADU users should login to UNIX to use this and Macintosh users should use the Command Shell mentioned in the chapter called Using the SEASnet Macintoshes). Note:the password files on the Macintoshes, RTs and AIX machines are completely different files from each other. If you have accounts on all three operating systems, you will need to change your password on each of the different systems. d.Avoid passwords that reference personal data for you, your friends or your family (names, birthdates, etc). e.Avoid using words that are contained in the dictionary or that are popular in this environment (i.e., UCLA or bruins). f.Use passwords that have lower and upper case letters, as well as numbers or other special characters. h.(sic) Here are some examples of some easy to remember but hard to guess passwords [Note:do not use these because printing them in this document has made them easy to guess]: 1)asits9 (abbr. for the phrase a stitch in time saves nine) 2)girLfriend (capitalize 1 letter) 3)bi!ker (add strange punctuation to a word) * Cooperation With System Administrator Cooperate with the system administrator's request for information about computing activities (see SEASnet System Administrator Responsibilities section below). * Report Security Flaws All multi-user computer systems have security flaws. Of course you may not exploit such flaws in any way. The acceptable, ethical course of action when you notice such a flaw is to report it to the system management (by sending email to bugs). Trying to explore the flaw on your own, testing it out to see its extent or effect, is unethical and unacceptable because the system management has no way to distinguish curious exploration from malicious exploitation. If you wish to help the system management track down bugs, contact them and volunteer your services. * Game Playing Various games are available on the system. however, you must not play games when other users need a terminal for any other activity. If you are playing games, you must log out whenever users are waiting, and offer them your terminal. it is not ethical or polite to stay logged in until the person waiting asks you to log out, or to expect a waiting user to wait for you to finish playing. 1.5.2 Misuse of Computing Resources and Privileges Misuse of computing resources and privileges includes, but is not restricted to, the following: * attempting to modify or remove computer equipment, software, or peripherals without proper authorization * accessing computers, computer software, computer data or information, or networks without proper authorization, regardless of whether the computer, software, data, information, or network in question is owned by the University (That is, if you abuse the networks to which the University belongs or the computers at other sites connected to those networks, the University will treat this matter as an abuse of your SEASnet computing privileges.) * sending fraudulent computer mail or breaking into another user's electronic mailbox. * violating any software license agreement or copyright, including copying or redistributing copyrighted computer software, data, or reports without proper, recorded authorization * harassing or threatening other users or interfering with their access to the University's computing facilities * taking advantage of another user's naivete or negligence to gain access to any computer account, data, software, or file other than your own * encroaching on others' use of the University's computers (e.g., sending frivolous or excessive messages, either locally or off-campus; printing excess copies of documents, files, data, or programs; running grossly inefficient programs when efficient alternatives are available; modifying system facilities, operating systems, or disk partitions; attempting to crash or tie up a University computer; damaging or vandalizing University computing facilities, equipment, software, or computer files) * disclosing or removing proprietary information, software, printed output or magnetic media without the explicit permission of the owner * reading other users' data, information, files, or programs on a display screen, as printed output, or via electronic means, without the owner's explicit permission. In addition, some of the above actions may constitute criminal computer abuse, which is a crime in the state of California. Individuals who abuse University computing resources may be subject to prosecution under California Penal Code Section 502. Unless specifically authorized by a class instructor, all of the follwoing uses of a computer are violations of the University's guidelines for academic honesty and are punishable as acts of plagiarism: * copying a computer file that contains another student's assignement and submitting it as your own work * copying a computer file that contains another student's assignment and using it as a model for your own assignment * working together on an assignment, sharing the computer files and to submit that file, or a modification thereof, as his or her individual work. 1.5.3. SEASnet System Administrator Responsibilities A SEASnet system administrator's use of the University's computing resources is governed by the same guidelines as any other user's computing acitivty. However a system administrator has additional responsibilities ot the users of the network, site, system, or systems he or she administers: * A system administrator ensures that all users of the systems, networks, and servers that he or she administers have access to the appropriate software and hardware required for their University computing. * A system administrator is responsible for the security of a system, network, or server. * A system administrator must make sure that all hardware and software license agreements are faithfully executed on all systems, networks, and servers for which he or she has responsibility. * A system administrator must take reasonable precautions to guard against corruption of data or software or damage to hardware or facilities. * A system administrator must treat information about and information stored by the system's users as confidential. In very unusual circumstances when system response, integrity or security is threatened, as outlined above, a system administratoris authorized to access files and information necessary to find and resolve the situation. 1.5.4. Consequences of Misuse of Computing Privileges Abuse of computing privileges is subject to disciplinary action. If system administrators of SEASnet have strong evidence of misuse of computing resources, and if that evidence points to the computing activities or the computer files of an individual, they have the obligation to pursue any or all of the following steps to protect the user community: * Notify the user's instructor, department chair, or supervisor of the investigation. * Suspend or restrict the user's computing privileges during the investigation. A user may appeal such a suspension or restriction and petition for reinstatement of computing privileges through the SEAS Associate Dean of Student Affairs or the SEAS Associate Dean of Computing. * Inspect the user's files, diskettes, and/or tapes. System administrators must be certain that the trail of evidence leads to the user's computing activities or computing files before inspecting the user's files. * Refere the matter for processing through the appropriate University department. This would be the Dean of Student's Office in the case of student abuse and the UCLA personnel office in the case of staff or faculty abuse. Referring a case to the Dean of Students is the most common course of action. For one thing, it ensures that similar offenses earn similar punishments, from quarter to quarter and instructor to instructor. For another, it enables the Dean to detect repeat violators and punish second offenses more severely. Finally, it protects students from unfair actions on the part of their instructor, since an impratial third party hears the case. Disciplinary action may include the loss of computing privileges and other disciplinary actions. In some cases, an abuser of the University's computing resources may also be liable for civil or criminal prosecution (California Penal Code Section 502 makes it a crime to misuse a computer). It should be understood that these regulations do not preclude enforcement under the laws and regulations of the State of California, any municipality or county therein, and/or the United States of America. 1.5.5. Acknowledgements Many of these policies are adapted from those of the Columbia University Computer Science Department, the California Institute of Technology, the UCLA department of Computer Science Academic Honesty Policy, the University of Delaware's Guide to Responsible Computering, and comments from SUNY-Albany, University of Washington, Washington University (St. Louis), Indiana University, Michigan State University, the University of New Mexico and the Smithsonian Institue.