Personal tools
You are here: Home Technology computers Policies and Standards
 
Document Actions

Policies and Standards

Use of University computing facilities and networks implies your consent to the following policies.

Other Policies


Acceptable Use Policy

ITS's computing and network facilities support the University of Maine System's instruction, research and service missions and administrative needs. As part of the service missions, the use of the facilities is extended to certain Maine education, research and government institutions and projects. This statement represents a guide to the acceptable use of ITS's facilities.

  1. All use of ITS's facilities must be consistent with the missions of the University of Maine System: teaching, research, and public service for the people of Maine and the larger society. The intent of the use policy is to make clear certain cases which are consistent with the mission, not to exhaustively enumerate all such possible uses.
  2. If a use is consistent with the purposes of the University System, then activities in direct support of that use will be considered consistent with the purposes. For example, administrative communications for the support of infrastructure needed for research and instruction are acceptable.
  3. Use in support of research, instruction, and public service at not-for- profit institutions of research, instruction, or public service in Maine is acceptable.
  4. Use by a project which is part of or supports a research, instruction or public service activity for a not- for-profit institution of research or instruction in Maine is acceptable, even if any or all parties to the use are located or employed elsewhere. For example, communications directly between industrial affiliates engaged in support of a project for such an institution is acceptable.
  5. Use for commercial activities by for-profit institutions is generally not acceptable unless it can be justified under number 3 above. These will be reviewed on a case by case basis by ITS.
  6. Use for research, instruction, or public service at for-profit institutions may or may not be consistent with the mission of the University and will be reviewed by ITS on a case-by-case basis.
  7. The University strives to provide fair and distributed access to computing and network facilities for a large number of users. Proper use: follows the same standards of common sense, courtesy and restraint in the consumption of shared resources that govern use of other public facilities; respects intellectual property rights, including the right to acknowledgement, the right to privacy, and the right to determine the form, manner and terms of publication and distribution; respects all University regulations, contracts with University suppliers, and all local, state, and federal laws.



Network Security Scanning Policy

The reports of network break-ins, denial of service attacks and other security breaches are frequently in the news. As part of our stewardship of the state-wide network, ITS performs occasional security scans to identify compromised machines and machines with known vulnerabilities. This allows us to proactively address these problems rather than wait for them to be reported to us after the fact when damage has already been done.

This is not a theoretical issue, we have had quite a few machines within the university network compromised, used in denial of service attacks, as spam relays and to compromise other machines.

In a recent scan, we found 90 open mail relays within the university's network, and earlier scan had found around 200. We ask the owners to close the relays to avoid their being abused as spam relays.

We found 30 machines with back doors installed (we had found many more in the past and had gotten the owners to close them)

We found hundreds of machines with potential vulnerabilities and known vulnerabilities that could allow them to be compromised.

Often compromised machines have back doors installed that operate on specific ports or respond with known signatures. When one of these is detected or we are made aware of their existence, a scan can quickly identify other similarly compromised machines.

It is our intent to continue to do periodic unannounced scans as a matter of policy for the purpose of identifying and correcting security exposures

ITS does these scans from a machine called security-scanner.its.maine.edu or a similar name so it is clear that the scan is being done by ITS and not some attacker. We will also do scans on request and provide the results to those responsible for campus or departmental networks.




Student UserIDs


University of Maine System Information Technology Services (ITS) will provide University students with a CMS, mail or remote access account on a ITS system. This userid will remain valid for as long as the student is enrolled within the University. This privilege is subject to but not limited to the following conditions:

  1. This userid is provided for academic use only. This includes actual course work and also responsible independent efforts at developing computer skills. It does not include any work done for organizations within the University such as clubs and fraternities, nor for individuals or organizations outside of the University, nor for any work that is income producing including grants or contracts.

  2. A student is limited to one ITS userid regardless of the number of courses taken which use ITS facilities. Duplicates will be removed from the system. Each ITS CMS or mail userid is allocated a fixed amount of disk space. Additional space can be acquired through ITS on a pay for use basis, or through the student's department.

  3. This userid is for the use of the specific student to whom it has been assigned; it may not be loaned or given to anyone else.

  4. To retain this userid the student must be enrolled in at least one degree-credit course within the University of Maine System.

  5. Students must conduct themselves responsibly and with discretion while using this userid. Computer system resources are scarce and expensive. Interfering with other users by sending unsolicited messages, needless consumption of system resources or other offensive behavior will result in the removal of this userid.

  6. It is the responsibility of the student to maintain the security of their password. Passwords for CMS IDs must be changed on a regular basis (currently 150 days) or they will be de-activated. We strongly suggest passwords for other types of ids also be changed periodically and may enforce this at some future date.

    Failure to use the system in accordance with these conditions may lead to loss of privileges and further disciplinary action.





 
Powered by Plone, the Open Source Content Management System