Acceptable Use Policy for the HEP Group Computing Facilities
This should be considered to be the definitive version for the rules governing use of the HEP Group's computing facilities.
Use of the HEP Group computing facilities is governed by rules issued by the funding and regulatory bodies: in particular the
Rules and
Guidelines of the University Information Strategy and
Services Syndicate, the
Authorization for Use of the Cambridge University Data Network (CUDN), and the
JANET Acceptable Use Policy.
In addition, there are Departmental Policies laid down in the appropriate section of the
AUP document
which you have to sign before getting access to group facilities.
All users and system administrators also have responsibilities under relevant legislation, including the
Human Rights Act 1998,
the Data Protection Act 1998, the
Regulation of Investigatory Powers Act 2000, the
Telecommunications Regulations 2000 and the
Privacy and Electronic Communications Regulations 2003
(including the 2011 Amendment).
In addition to all of these rules, there are Guidelines agreed within the HEP Group which are about the good management of these
shared resources for the benefit of the users. Users of the HEP Group computing facilities must agree to be bound by these rules
and to follow the guidelines. This statement of the Acceptable Use Policy is a digest of what they contain, but please follow the
links to the original documents and read them also. This is intended both as a reminder of the rules that apply, and also as a
statement of the way in which the management is being carried out within the HEP Group.
The systems are managed by the Group's computing support team, under the authority of the Cavendish IT Committee and the Head of Group.
In the following, "we" means the Computing Support Team (Steve Wotton), and "you" means the User of HEP Group
computing facilities.
Use of centrally managed facilities (Linux desktops and servers, Windows domain)
User account
- Your account is provided for you to carry out your work in the HEP Group, and should not be used unreasonably for personal use,
or at all for commercial use or for private financial gain. You must not use your account for illegal purposes (eg fraud,
hacking).
- You must properly secure your account by using a non-trivial password. We run password-checking programs from time to time and
will inform you if we are able to guess your password: in that case you must change it to something more secure.
- Your account is for you and you alone. You must not let anyone else use it for any purpose. Do not tell anyone else your
password. We will not let other people have access to your personal account without your explicit permission.
Disk usage
- You will be provided with an allocation of space on a shared disk which should be sufficient for your work;
please ask for more if you need it. Disk quotas are not in use at present, and if disks become full you may be asked to reduce
your usage; in this case, please do so as soon as possible.
- We maintain a rolling backup of the main shared disks but cannot guarantee a permanent archive unless you request a special backup. Backups are normally to tape and we cannot make a guarantee that any tape will be readable indefinitely.
- Local disks on desktops as well as designated shared scratch areas are not backed-up. You are responsible for ensuring that
files which need archiving are stored in the appropriate location. You should also make reasonable efforts to remove obsolete
files from these locations. We reserve the right to delete files from these areas if it is necessary to ensure the smooth
running of the facilities for all users.
- Please note that the default file protection may allow others to read your files. You may change the access permissions
and use encryption techniques if you wish to protect sensitive information.
- We will not allow others to access protected files without your permission, but reserve the right to access your account
when responding to security issues or matters of legal investigation.
- Please do not install large software items in your personal disk space. These should be installed on one of the
system disks, especially if they are being made available to other users.
- You must not download or run any unlicensed software. Software that incorporates network services should not be run from
user accounts on the centrally managed systems.
- You must not download or store copyright material without the copyright holder's permission (this applies to audio and
video material as well as software). You must not download or store any illegal material.
- Please be aware when you leave the HEP Group that we do not have a general policy for archiving departed users' filespace,
other than via the normal backup procedures mentioned above.
Desktops
- Please do not switch off or disconnect any of the centrally managed Linux desktops, or move any equipment without consulting
us. Remote users often login to the Linux desktops and we also run a batch system on them. Hence shutting down or rebooting any
of these machines could seriously disrupt the work of other users
E-mail
- You may make reasonable use of your account for personal e-mail, provided that this does not have more than a minimal impact
on resources and does not adversely affect your work or the work of others.
- You must not spam. You must not use e-mail for illegal purposes or to abuse others. You must not issue spoof e-mails with
disguised header information.
- We will not let other people look at your personal e-mail, and we will not look at it ourselves without explicit permission
from you or the Head of Department.
- In line with University policy, external users may not send e-mail from their HEP account.
Personal Web space
- Material placed in your personal web space must be considered to be published material, and the author should be clearly
identified on each page. It must not contain anything that brings the HEP Group, the Department or the University into
disrepute.
- You may not use your web space to distribute illegal or offensive material, or copyright material without the copyright
holder's consent. We may ask you to remove material from your personal web space if we receive a complaint about it from a
third party.
- You may not publish web pages on behalf of a third party or for profit making purposes.
- Although the Group web pages include a list of current Group members, we will not publish your personal information or contact
details without an explicit request from you to do so.
- External users must not make use of the personal web space.
Use of non-centrally managed systems (desktops, laptops)
We do not generally allow personally managed systems on the HEP Group local network. The exceptions are laptops, and systems that
are used for instrument development and other project work, and which are managed for projects by a designated research worker.
The following guidelines arise from the rules imposed by the ISS Syndicate and other bodies, concerning systems attached to the
University networks.
Network Authorisation
- You must not attach a machine to the network without our consent. Please consult us if possible before making plans to
acquire new equipment. Please note that all new equipment should be electrically tested (PAT tested) before being brought into
use.
- You must not attach a machine to the network until you have received its IP details from us and configured the machine to use
them. IP addresses are not transferable to other machines.
- You must not install any networking equipment such as hubs or repeaters on the network except by arrangement with us. This
includes installing a second network adapter into your machine and using it as a gateway for further computers.
- You must not give access to your machine to non-University personnel, unless they are collaborating with your research within
the Group. Exceptions may be considered, but only by prior arrangement.
- Your machine must not be used for commercial purposes (this is against the ISS Syndicate Rules).
- You must inform us if you change the operating system or significantly change the hardware of a machine that you manage.
Please let us know also if you change its location.
Network Security
- We are responsible for the security of the local network. You must take responsibility for the security of any machine you
manage. If you don't wish to do this, we will manage your system for you and you will relinquish administrative control.
- Your machine must be kept secure by applying operating system patches on a regular basis, and by keeping Anti-Virus software
up to date where appropriate. We will try to alert you to major security vulnerabilities in the operating systems you are
using.
- You must not run unlicensed commercial software. We maintain a register of licences for commonly used packages and can advise
on availability.
- You should not run any unnecessary network services on your machine, and in particular you must not run the following:
DHCP, NIS, SMTP, anonymous FTP or file sharing software such as KaZaA and Gnutella.
- You must not run an HTTP (web) server on your machine except by arrangement with us.
- If you intend to run a firewall, you must allow and respond to incoming ICMP (ping) requests from the University network.
- The Network Division of the University Computing Service collects statistics of network traffic throughout the University,
and will inform us of any cases of apparent excessive or illegal usage. Similarly, the local Computer Emergency Reponse Team
(CERT) will inform us if their logs show evidence of irregular traffic or network insecurities, and may ask us to take action.
- If a security problem is found on your machine, we reserve the right to disconnect it from the network with little or no
warning. You must not reconnect the machine without making it secure. We may also disconnect your machine if it is found to be
causing problems to other users of the HEP Group network.
- You must not use your machine to store or distribute illegal material, or copyright material without the copyright holder's
consent. We will disconnect your machine from the network if it is found to be distributing such material.
- We may request the administrative passwords for any machine permanently attached to the network, and reserve the right to
use this access to perform security checks and deal with breaches of network security.
- Unless specifically agreed, we take no responsiblity for files stored on your machine. You must arrange suitable backup
yourself.
Visitors to the Group (including their laptops)
- Please inform us of the computing facilities a visitor will need (e.g. a guest account) before they arrive, and in particular
if they will be bringing their own machine and will require a network connection.
- We will issue a guest IP address for the visitor's use if the Lapwing or eduroam wireless networks do not meet their needs.
Their equipment must be configured to use this IP address before it
is connected to the network. It is recommended that DHCP is used unless there is an overriding reason to set the address
manually.
- Laptops must be secure, and initial security checks may be required before a network connection is permitted. We reserve the
right to refuse network access to equipment we consider to be insecure. We will be happy to advise visitors on any potential
vulnerabilities, and to assist them in protecting their machine if requested, but we will take no responsibility for the
integrity of the visitor's machine.
- Guest IP details should be removed before the equipment leaves the Laboratory.