|
December 16, 1999
The policies and guidelines set out in this and associated policy documents apply to all Jefferson Lab systems, whether on-site and connected directly to the Jefferson Lab network, or on- or off-site and connected to the Jefferson Lab network by the telephone system or other means. The policies and rules cover these systems no matter who is the owner or the method of connection to the network. Employees and registered users are responsible for their own actions, as well as for the actions of any person who they permit to access a Jefferson Lab system.
The goals of this Use Policy are to ensure that the Lab Computing resources are used in a manner that is appropriate for the mission of the Lab, and that all applicable mandates, directives and legal requirements are complied with.
The majority of users have a general user account. Exceptions are:
All the policies and guidelines in these documents apply equally to all types of account.
All staff and registered users are eligible to have a computer account. No account will be activated until the user's information has been entered into the administrative database (CIS). The single exception to this are the designated guest accounts which are normally captive and limited in functionality. Guest accounts are limited to certain systems and are NOT available on any central system.
Application for a user account is in person at the Computer Center or via the web (see http://cc.jlab.org). Once the account request has been processed the account will normally be available for use on the following day. At the moment of registration the user is required to sign a User Agreement stating that he/she has read and understood the relevant usage and security policies and agrees to comply with them.
Account passwords will be communicated in person, or by telephone given appropriate identification. Passwords will under no circumstances be communicated by e-mail.
Passwords must comply with a simple set of rules described in http://cc.jlab.org/policies/PasswordRules.html
Passwords must not be shared, written down or otherwise made available to any other person. They must not be stored in plain text in a computer file.
The Computer Center regularly runs a program to attempt to "crack" user passwords. The user will be notified immediately should the password be guessed. If the guessed password complies with the rules then it is sufficient for the user to change it. If the password is not changed when requested, or the guessed password does not comply with the rules then the user account may be blocked without warning. The user will have to apply in person to the Computer Center to have the password reset.
In addition, the use of secure-shell (ssh) over telnet is highly desirable. With telnet (and derivatives like softerm) passwords are sent in clear text over the network and are liable to be discovered by "sniffer" programs. Ssh encrypts the passwords and avoids the problem. The ssh and auxiliary programs (scp, slogin) are recommended replacements for rcp, rlogin etc. Similarly, for the same reason, using secure IMAP for mail retrieval is desirable over POP or insecure IMAP. The central mail servers are capable of secure IMAP – please refer to http://cc.jlab.org/services/email for instructions.
In general the computing facilities are provided for use in furthering the mission of the laboratory. There are broad categories of systems that have specific major functions. The main centrally provided clusters include:
In addition there are other work-group or application-specific clusters (e.g. experimental data acquisition, CAD, etc).
Acceptable use of the systems is a use in accord with the functions for which the system is provided. Running long resource-intensive (memory, cpu) programs on the central general purpose systems is not acceptable if it causes difficulties to other users. If you have a computing need that you feel is not being met, please contact the Computer Center for advice.
Personal use of Lab computing and networking resources is acceptable as long as that use has an insignificant impact on……
Normally accounts will be deactivated when a staff member leaves, or when a user is no longer active at the lab. This is usually indicated by the user’s status given by CIS. Account deactivation means that the user may no longer log into the account. However files will remain available for 1 year. During that time the account can be reactivated upon request if the user returns to the lab. After 1 year of the account not being used all files will be deleted.
If an account is suspected of being involved in a computer or network security incident then the immediate action will be deactivation of the account. The account owner will be notified and asked to contact the Computer Center to have the account reactivated with a new password. The account owner may of course be entirely innocent of any wrongdoing, however if that is not the case then the account will remain deactivated until the situation has been discussed with the supervisor of the account owner.
When using any of the central systems, bear in mind that they are multi-user shared resources and behave accordingly.
Using the Lab's computing resources in any communication with the outside world effectively makes you a representative of the Lab. As such you are obliged to ensure that all such communication does not conflict with any of the Lab's missions, goals, policies and standards. This covers not only direct communication, but also any form of electronic publication, including, for example, web pages.
In using the lab's computing facilities, the user is responsible for complying with all applicable laws, local, state, federal or international. Users are responsible for ensuring that the laws for copyright and trademark protection are followed. In addition to commercial products, software developed at the lab may not be distributed beyond the lab without formal release authorization.
All e-mail / Internet transmissions are considered Laboratory records and should be transmitted only to organizations or individiuals who have been authorized to receive such communications. Additionally, as Laboratory records, e-mail and Internet records are subject to law enforcement, government officials, or to third parties through the subpoena process.
The same policies apply to computer use and communication as apply to all other interactions at the Lab. Use of the computing resources for behavior that would be considered offensive, indecent, inappropriate or harassing may be subject to reporting in the same way.
When using lab resources to access other sites the user is responsible for complying with all policies of that site. Lab systems must not be used to attempt or to actually violate the security or policies of a remote site. Accounts that show evidence of suspicious behaviour (for example running password crackers, port probes, etc.) or that are reported to us as being implicated in such activity at a remote site, will be deactivated.
Any user that has no responsibility for system security are not permitted to store or use any suspicious tools (e.g. satan, crack, rootkit, etc.). System owners who perceive a need for security monitoring or assistance should contact the Computer Center for advice and permission before downloading or installing any tools. Accounts observed to be storing or running such tools will be deactivated without warning.
By connecting to any of the Lab's systems a user implicitly agrees to have any keystroke monitored……
The Computer Center is authorized to inspect user files, electronic mail, and computer usage to ensure adherence to these standards of use. Violations in the appropriate use of these resources may be reported to line management and may result in the loss of computer accounts as well as disciplinary action.
Backup policies - backups, frequency, storage times, access and security, off-site storage, restore requests.
Under no circumstances may the web be used for any illegal activities, for sexually explicit content, for running or supporting or advertising a commercial enterprise or professional service, for providing any service which might be construed to have personal commercial value, or for supporting any club, organization, or activity not officially chartered by Jefferson Lab. Links may not be made to any page used for illegal activities or to any page used for accessing sexually explicit content.
Posting content to the web is a form of publication, and shall conform to the Jefferson Lab Publications Policy. In particular, no content may be posted if it would violate U.S. copyright or Jefferson Lab's intellectual property rights.
Individual professional home pages may be used to post contact information (email address, phone and FAX numbers, pager number, etc.), work information (job related content, pointers to topic home pages), but no pictures. Personal information (resume, non-work topics) and any other content is to be done on non-DOE computers on the individual's personal time, and must conform to the prohibitions specified in the Appropriate Use section above. Any opinions expressed must contain a disclaimer to the effect that "the views expressed herein are solely the author's and not those of SURA/Jefferson Lab or the DOE" or must contain a link to a page containing such a disclaimer. Individual professional home pages are permitted at the pleasure of the laboratory and are not an employee right.
This document is maintained by {helpdesk@jlab.org}
Copyright Jefferson Lab 2007