Computing Conduct Policies
As a member of the Indiana University computing environment, users of the School of Informatics and Computing facilities are required to abide by the policies set forth in the University Information & IT Policies as well as any other policies governing conduct at Indiana University. Many of the policies outlined below are noted in the IU policies but are included here for emphasis.
No illegal activity – Your account must not be used to engage in or assist any illegal activity including, but not limited to, harassment, abuse, fraud, theft, and vandalism.
No commercial activity – The school does not allow any commercial activity from SOIC computers without prior authorization. Some examples of things that are not permitted would include sending out email advertisements, hosting a business web page, or selling advertising space on your IU homepage. If you have any doubt about whether your activity is considered commercial, please ask.
No SPAM – In the context of email, spam can be defined as the sending of bulk quantities of unsolicited email and is prohibited. In the context of Usenet News, spamming means to send a message to a large number of newsgroups where most of the newsgroups have nothing to do with the subject of the message. Spam violates the spirit of the university community.
Account monitoring – The SOIC technology staff reserves the right to monitor all system activity in the event of any real or suspected security threat. This may include, but is not limited to, the monitoring of keyboard input, file contents, or network traffic as needed to assess, control, or stop any security-related attack on school computing systems.
No account and passphrase sharing – Your account is for your use only. You must never allow anyone to use your account for any purpose. You should protect your account passphrase and never give it to anyone. You may not configure your account (via. .rhosts, .shosts, .ssh/authorized_keys, or other similar authentication method) in such a way as to permit others to gain access to your account.
Institutional Data – You should be aware of the types of data residing on your computer or other digital storage devices. Indiana University has classified different types of data. Sensitive data will require stricter controls and tighter access than public data. If you need assistance making sure your computer is properly secured, please submit a ticket. You can find out more about institutional data by following these links: https://kb.iu.edu/d/avqg and http://datamgmt.iu.edu/classifications.shtml
No setuid/setgid programs – On a unix/linux system, a setuid or setgid program allows other users to run programs under your user identity or group. Such programs are not allowed without prior approval.
No anonymous activity – Nothing you do on SOIC systems should be identifiable as having been done by anyone else. Do not send email or newsgroup messages in such a way as to conceal or forge your identity.
Respect the privacy of others – Just because another user has left files in his or her home directory world readable, does not give you the right to use them. Some users do not understand the file protection mechanisms that are available and may inadvertently leave files readable.
Do not attempt to compromise system security – The School of Informatics and Computing is very concerned with the security of its systems and you should not engage in activity that might compromise security. For example, you should never exploit a potential security vulnerability to gain privileged access to any SOIC system even if your intent is just to experiment and not do anything malicious. In addition, you should never disable or modify firewall settings or anti-virus program.
No unauthorized persistent server processes – A persistent server process can be defined as any process that makes it possible to access system resources from a remote machine for an extended period of time (1 day or more). Some examples of servers are web, ftp, irc, and news servers. Users are not permitted to run any such server process on any SOIC machine, or non-SOIC machine using the IU network without faculty sponsorship and approval from a faculty mentor and technology staff.
Don’t overload system resources – You should engage in no activity that overloads the computing systems or support staff. Do not run CPU-intensive processes such as SETI@Home or any of the various crypto-challenges on any shared machine.
Screen-locking is required for permanent staff and permitted for those working in research labs but please make sure you save all important work before leaving. The technology staff may need to access your machine to make configuration changes in your absence. Computer policies have been applied to all faculty and staff computers to set automatic screen-locking after 20-minutes of inactivity. Exceptions to this policy will be approved by the Director of Technology Services.