Acceptable Use Policy for the HEP Group Computing Facilities

This should be considered to be the definitive version for the rules governing use of the HEP Group's computing facilities.

Use of the HEP Group computing facilities is governed by rules issued by the funding and regulatory bodies: in particular the Rules and Guidelines of the University Information Strategy and Services Syndicate, the Authorization for Use of the Cambridge University Data Network (CUDN), and the JANET Acceptable Use Policy.

In addition, there are Departmental Policies laid down in the appropriate section of the AUP document which you have to sign before getting access to group facilities.

All users and system administrators also have responsibilities under relevant legislation, including the Human Rights Act 1998, the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000, the Telecommunications Regulations 2000 and the Privacy and Electronic Communications Regulations 2003 (including the 2011 Amendment).

In addition to all of these rules, there are Guidelines agreed within the HEP Group which are about the good management of these shared resources for the benefit of the users. Users of the HEP Group computing facilities must agree to be bound by these rules and to follow the guidelines. This statement of the Acceptable Use Policy is a digest of what they contain, but please follow the links to the original documents and read them also. This is intended both as a reminder of the rules that apply, and also as a statement of the way in which the management is being carried out within the HEP Group.

The systems are managed by the Group's computing support team, under the authority of the Cavendish IT Committee and the Head of Group.

In the following, "we" means the Computing Support Team (Steve Wotton), and "you" means the User of HEP Group computing facilities.

Use of centrally managed facilities (Linux desktops and servers, Windows domain)

User account

• Your account is provided for you to carry out your work in the HEP Group, and should not be used unreasonably for personal use, or at all for commercial use or for private financial gain. You must not use your account for illegal purposes (eg fraud, hacking).
• You must properly secure your account by using a non-trivial password. We run password-checking programs from time to time and will inform you if we are able to guess your password: in that case you must change it to something more secure.
• Your account is for you and you alone. You must not let anyone else use it for any purpose. Do not tell anyone else your password. We will not let other people have access to your personal account without your explicit permission.

Disk usage

• You will be provided with an allocation of space on a shared disk which should be sufficient for your work; please ask for more if you need it. Disk quotas are not in use at present, and if disks become full you may be asked to reduce your usage; in this case, please do so as soon as possible.
• We maintain a rolling backup of the main shared disks but cannot guarantee a permanent archive unless you request a special backup. Backups are normally to tape and we cannot make a guarantee that any tape will be readable indefinitely.
• Local disks on desktops as well as designated shared scratch areas are not backed-up. You are responsible for ensuring that files which need archiving are stored in the appropriate location. You should also make reasonable efforts to remove obsolete files from these locations. We reserve the right to delete files from these areas if it is necessary to ensure the smooth running of the facilities for all users.
• Please note that the default file protection may allow others to read your files. You may change the access permissions and use encryption techniques if you wish to protect sensitive information.
• We will not allow others to access protected files without your permission, but reserve the right to access your account when responding to security issues or matters of legal investigation.
• Please do not install large software items in your personal disk space. These should be installed on one of the system disks, especially if they are being made available to other users.
• You must not download or run any unlicensed software. Software that incorporates network services should not be run from user accounts on the centrally managed systems.
• You must not download or store copyright material without the copyright holder's permission (this applies to audio and video material as well as software). You must not download or store any illegal material.
• Please be aware when you leave the HEP Group that we do not have a general policy for archiving departed users' filespace, other than via the normal backup procedures mentioned above.

Desktops

• Please do not switch off or disconnect any of the centrally managed Linux desktops, or move any equipment without consulting us. Remote users often login to the Linux desktops and we also run a batch system on them. Hence shutting down or rebooting any of these machines could seriously disrupt the work of other users

E-mail

• You may make reasonable use of your account for personal e-mail, provided that this does not have more than a minimal impact on resources and does not adversely affect your work or the work of others.
• You must not spam. You must not use e-mail for illegal purposes or to abuse others. You must not issue spoof e-mails with disguised header information.
• We will not let other people look at your personal e-mail, and we will not look at it ourselves without explicit permission from you or the Head of Department.
• In line with University policy, external users may not send e-mail from their HEP account.

Personal Web space

• Material placed in your personal web space must be considered to be published material, and the author should be clearly identified on each page. It must not contain anything that brings the HEP Group, the Department or the University into disrepute.
• You may not use your web space to distribute illegal or offensive material, or copyright material without the copyright holder's consent. We may ask you to remove material from your personal web space if we receive a complaint about it from a third party.
• You may not publish web pages on behalf of a third party or for profit making purposes.
• Although the Group web pages include a list of current Group members, we will not publish your personal information or contact details without an explicit request from you to do so.
• External users must not make use of the personal web space.

Use of non-centrally managed systems (desktops, laptops)

We do not generally allow personally managed systems on the HEP Group local network. The exceptions are laptops, and systems that are used for instrument development and other project work, and which are managed for projects by a designated research worker. The following guidelines arise from the rules imposed by the ISS Syndicate and other bodies, concerning systems attached to the University networks.

Network Authorisation

• You must not attach a machine to the network without our consent. Please consult us if possible before making plans to acquire new equipment. Please note that all new equipment should be electrically tested (PAT tested) before being brought into use.
• You must not attach a machine to the network until you have received its IP details from us and configured the machine to use them. IP addresses are not transferable to other machines.
• You must not install any networking equipment such as hubs or repeaters on the network except by arrangement with us. This includes installing a second network adapter into your machine and using it as a gateway for further computers.
• You must not give access to your machine to non-University personnel, unless they are collaborating with your research within the Group. Exceptions may be considered, but only by prior arrangement.
• Your machine must not be used for commercial purposes (this is against the ISS Syndicate Rules).
• You must inform us if you change the operating system or significantly change the hardware of a machine that you manage. Please let us know also if you change its location.

Network Security

• We are responsible for the security of the local network. You must take responsibility for the security of any machine you manage. If you don't wish to do this, we will manage your system for you and you will relinquish administrative control.
• Your machine must be kept secure by applying operating system patches on a regular basis, and by keeping Anti-Virus software up to date where appropriate. We will try to alert you to major security vulnerabilities in the operating systems you are using.
• You must not run unlicensed commercial software. We maintain a register of licences for commonly used packages and can advise on availability.
• You should not run any unnecessary network services on your machine, and in particular you must not run the following: DHCP, NIS, SMTP, anonymous FTP or file sharing software such as KaZaA and Gnutella.
• You must not run an HTTP (web) server on your machine except by arrangement with us.
• If you intend to run a firewall, you must allow and respond to incoming ICMP (ping) requests from the University network.
• The Network Division of the University Computing Service collects statistics of network traffic throughout the University, and will inform us of any cases of apparent excessive or illegal usage. Similarly, the local Computer Emergency Reponse Team (CERT) will inform us if their logs show evidence of irregular traffic or network insecurities, and may ask us to take action.
• If a security problem is found on your machine, we reserve the right to disconnect it from the network with little or no warning. You must not reconnect the machine without making it secure. We may also disconnect your machine if it is found to be causing problems to other users of the HEP Group network.
• You must not use your machine to store or distribute illegal material, or copyright material without the copyright holder's consent. We will disconnect your machine from the network if it is found to be distributing such material.
• We may request the administrative passwords for any machine permanently attached to the network, and reserve the right to use this access to perform security checks and deal with breaches of network security.
• Unless specifically agreed, we take no responsiblity for files stored on your machine. You must arrange suitable backup yourself.

Visitors to the Group (including their laptops)

• Please inform us of the computing facilities a visitor will need (e.g. a guest account) before they arrive, and in particular if they will be bringing their own machine and will require a network connection.
• We will issue a guest IP address for the visitor's use if the Lapwing or eduroam wireless networks do not meet their needs. Their equipment must be configured to use this IP address before it is connected to the network. It is recommended that DHCP is used unless there is an overriding reason to set the address manually.
• Laptops must be secure, and initial security checks may be required before a network connection is permitted. We reserve the right to refuse network access to equipment we consider to be insecure. We will be happy to advise visitors on any potential vulnerabilities, and to assist them in protecting their machine if requested, but we will take no responsibility for the integrity of the visitor's machine.
• Guest IP details should be removed before the equipment leaves the Laboratory.