Access policies for the use of the computing and network resources of the Department of Mathematics

Introduction

Computing resources are defined to be the computing facilities of the Department and the remote ones, available directly or indirectly from the departmental network (dm.unipi.it or 131.114.6).

Network resources are defined to be the set of services supplied locally or remotely -via Internet- servers , regarding various information: Web, electronic mail, etc.

The technicians of the Computing Center are defined to be system administrators: they have the responsibility to install and to manage the computing systems of the departmental network to guarantee the best possible operation.

Access to the resources

The use of the computing and network resources of the Department and the connection of a new computer to the departmental network are subject to authorization of the Director of the Computing Center , with a delegation from the Director of the Department.

The authorizations are strictly individual and not transferable. Such authorizations have an expiration date and terminate with cessation of the activity that justified them or upon the expiration date in the absence of a renewal.

The use of the computing and network resources is authorized exclusively for aims relating to the professional activity of the users; in particular, for research activity, instruction, study, technological developments, scientific, technical and cultural information , experimentation with new services having an innovation character , for administrative services, and for management that comes with such activities.

Moreover,the Department will be able to establish restrictions for access specific to its own organization (identification or access documents, filters for access from the outside, etc).

Security

Every user must contribute to the total security of the system. In particular, every user:

must apply the rules for security adopted by the Department.
must guarantee the protection of his own account and his own files.
must notify the system administrators of attempts at violation of his account and the eventual resulting anomalies.
is responsible for using a non-trivial password and keeping it secret; moreover, he is responsible for changing itwhen deemed necessary by the system administrators.
must not give unauthorized users access to the systems or the network, through the resources available to him.
must not take advantage of eventual holes of security or of anomalies that regard the working of the computing resources; such vulnerabilities must be transmitted to the system administrators in a timely and secure manner.

Proper use

Every user is responsible for the correct use of the computing and network resources avalaible to him.The use of the resources must be rational and legal, and must avoid saturation or improper use of the resources. In particular the individual user:

cannot use or try to use an account different from the his own, or try to mask his own identity.
cannot modify, copy or destroy data not his own.
cannot leave a workplace without having closed the connection.

Moreover, every user is responsible for the correct use of the avalaible resources and for contributing to the proper working of the system. In particular, he commits himself:

to periodically delete useless data and to compress data of infrequent use;
not to transfer via the network large volumes of data in the busiest periods;
not to print many copies of the same document, using instead a photocopier;
not to occupy a work place for aims that are not related to study, research, or the development of his duties.

The use of the computing resources outside of the previous rules, when necessary, should be agreed upon with the system administrators.

Data confidentiality and security

The computing and network resources, managed by the system administrators , are dedicated to research and to scientific computation and therefore are not configured so as to offer standards of security appropriate to the treatment of particularly confidential data.

With the exception of explicitly public or shared documents, access to the information and documents on the computing systems must be limited to those belonging to the individual user. This rule obviously applies also to private communications such as electronic mail, in the case in which the user is not the adressee either directly or via copy.

The violation of privacy constitutes a penal crime.

Intellectual property

Moreover the law does not allow the installation and use of commercial programs without a licence for use.

The programs installed on the departmental computers must be used respecting the terms of the use licences.

For the use of programs in the public domain and for the reproduction of all the source material (books, articles, images, sounds), it is necessary to follow the author's copyrights.

The violation of the copyrights constitutes a penal crime.

Integrity and mantainance of the system

The user commits himself not to voluntarily interfere with the proper working of the computing and network systems . In particular:

It is forbidden to the users of the departmental network to modify, in whatever way, the relative structure or the topology.In particular it is forbidden to add and to remove computers and/or equipment from the network without the explicit consent of the system administrators.
He commits himself not to use or to develop programs that put in danger the integrity or the security of the computing resources of the Department.
The user commits himself not to reboot the public computing systems even in an apparent case of malfunctioning or block of the system; in such case he should contact the system administrator s.
The user cannot switch off a computing resource of the department , except in case of emergency (fires, danger of electrical shock , etc).
In case of an emergency, when the system administrators are absent, the user can call one of the members of the 'emergency contact group' elected yearly by the department council.

Use of the network services

The user can use the network services exclusively for activities for which authorization has been granted and in respect of the general principles, of the rules that the sites propose, and of the legislation in vigor.

In particular:

He cannot carry out activities that put in danger the security or the proper working of the computers avalaible to him;
he cannot use the network services in order to propose or to make available to third parties, data or information which is confidential, or contrary to the legislation in vigor;
beyond the present rules, the use of the computing resources of the department is, in addition, subject to the rules of law in vigor.

Analysis and control of the use of the resources

The system administrators have all powers needed in order to monitor the correct use of the departmental computer science system; to such end, they can analyze without warning the data on the public computing resources and the data exchanges via network. The system administrators can, moreover, consult system logs and register extracts.

In case of hacker attacks or in those cases in which the proper working and security of the system demand it, the system administrators will be able to investigate the user's documents and, in case of an infraction, to transmit the results to the Director of the Department and to the director of the computing center.

The system administrators, apart from the case cited, cannot divulge the information acquired in the exercise of their functions.

Application and endorsements

The present norms must be accepted and respected in every part by all persons who, even temporarily, use the computing resources of the Department and those to which it is possible to connect remotely, directly or in directly, via the network resources of the Department.

The act of signing the module of acceptance of responsibility. implies the acceptance of the rules stated above

The lack of conformity to the rules presented may lead to the withdrawal of the authorization for the use of the computing and network resources of the Department and the suspension of the account.

Modality for the exclusive use of a computing system connected to the departmental network

The exclusive use of computers or notebooks in one's own office, laboratory or group, connected to the departmental network, is subject to authorization of the Director of the Departmentcan and can be authorized with two different modalities:

Pure Client.: The user can access the machine only to use its computational capacity and in order to have access to the departmental network resources .
Full access.: The user is also the administrator of the machine and therefore has full access and full responsibility. A machine can have a single individual responsible.

In both cases the user must sign the module of assumption of responsibility; for each computer connected to the departmental network he is responsible of.

In the modality "full access" the user must also observe the following additional conditions.

The exclusive use of a computing system connected to the network involves full responsibility for the administration of the machine.
The user commits himself, as administrator of his machine, not to carry out operations that can compromise the integrity and the security of the departmental network (for example: change of IP the number, interception of network traffic, activation of services as DHCP, etc.).
He is responsible for the services that his machine furnishes on the departmental network and, through this, on the Internet.
He is responsible for seeing that the present rules are respected by the local users to whom, through his machine, he gives access to the departmental computing resources. To such end he can require the local users to sign the module of assumption of responsibility, as delegated .
He commits himself to eventually transmit to the system administrators (in a closed envelope) the system password of the machines for which he is responsible, declaring in this way his assent to the participation of the system administrators in case of emergency.

The individual responsible for a computer will be notified of any participation by the system administrators.

Italian laws on the topic

Legge n. 547 of the 23-12-1993 modifications and integrations to the norms of the criminal and civile code on the topic of computer science crime
(http://www.interlex.it/testi/l547_93.htm)
Legge n.676 of the 31-12-1996 violation of the personal data
(http://www.interlex.com/testi/l676_96.htm)
Law on the copyrights n.518 of 29-12-1992
(http://www.interlex.it/testi/dl518_92.htm)
Law on press n. 47 of the 8-2-1948 Art.13-15
(http://www.odg.mi.it/legstamp.htm)

(Thanks to prof. Robert Turner for his kind help in the translation into English)