Users of the School of Engineering (SOE) computing facilities must abide by the campus-wide policies for use of UCSC computing facilities as well as the policies listed here. The goal of these policies is to ensure a functional, secure environment for all SOE users, not to unnecessarily restrict research or instruction.
When situations arise where the computer user and technical staff do not agree on policy interpretation, the CIC will mediate a solution, provide clarification to existing policy and/or develop new policy. Concerns with these policies should be sent to your CIC representative for discussion and resolution.
The School of Engineering Computer Infrastructure Committee (CIC) will hold a hearing for any proposed disciplinary action more severe than a warning that results from violations of these policies. Disciplinary action recommended by the CIC will take into account the severity of the violation, history of user violations, intent (accidental or intentional), and the extent of the damage that resulted. (updated 3-6-2008)
1st Offense:
2nd Offense:
3rd Offense:
(Approved by CIC on 1/24/03)
All computer systems with any of the following characteristics shall have a SOE technical staff root account. This is to expedite rapid checking of networking problems and to ensure computer system security.
(Approved by CIC on 1/24/03)
SOE users should not run network listeners (programs that accept incoming connection requests—typically servers and peer-to-peer programs such as Kazaa and Gnutella) without first notifying the technical staff at least one business day in advance. If a user will be developing network listeners, a "blanket permission" may be appropriate, but the user should talk with the tech staff and (if appropriate) faculty advisor to ensure that he or she understands the security risks involved.
The use of individual servers for rsync, cvs, ftp, and Web is strongly discouraged. Instead, users are encouraged to use ssh as a transport for rsync and cvs (rather than running dedicated servers) and use the SOE servers for ftp (or sftp) and Web. Groups that want to run their own Web server should use the virtual hosting capabilities provided by the SOE if this meets their needs. Exceptions will be considered if these facilities are insufficient. Failure to follow these guidelines may result in penalties ranging from a warning to loss of SOE computer account privileges, and may include financial responsibility for technical staff time needed to deal with any resulting problems.
(Approved by CIC on 9/30/03)
Peer-to-Peer (P2P) file sharing programs (such as Kazaa, Gunetella, Edonkey, although there are others) are considered by SOE to be Network Listeners. Computer users who seek to install or operate these programs must notify techstaff one business day in advance.
Peer-to-Peer (P2P) programs have been popular with people who wish to share or distribute music, video and games files. Use of university equipment and/or network connections to distribute files in violation of copyright is against UC policy.
Failure to follow these guidelines may result in penalties ranging from a warning to loss of SOE computer account privileges, and may include financial responsibility as needed to deal with any resulting problems. Illegal distribution of copyrighted material may be reported to law enforcement authorities according to UCSC policies. Computing staff has a legal responsibility to report distribution of some illegal material (such as child pornography) to law enforcement authorities in accordance with the Law.
(Approved by CIC on 8/25/03)
As stated in the campus-wide policies for use of UCSC computing facilities, computer users are not allowed to attempt to gain unauthorized access to any information facility (here or off-campus), whether or not they are successful. Attempted security breaches and hacks will be dealt with harshly, particularly if they are intentional or due to carelessness, and will likely include loss of SOE computer account privileges and may include financial responsibility for technical staff time needed to repair any security breaches.
It is understood that some researchers in the School of Engineering may investigate security-related issues. If you are conducting security-related research that might be interpreted as an attack, you should do so on a computer system that is not attached to the SOE network or (if absolutely necessary) on a separate, isolated subnet. Whichever approach you take, you must ensure the SOE technical staff computer security manager is aware at least 2 days in advance if you will be doing anything that resembles an intrusion attempt on the SOE network.
(Approved by CIC on 9/30/03)
It may be necessary for users to have superuser (sudo or NT administrator) access on specific machines for research and instructional use. Users who need superuser access must fill out the Sudo/NT Administrator Form both the user and his/her faculty advisor or supervisor must agree to be responsible for any actions that may impact other users of the SOE computing environment. Misuse of a superuser account may result in a warning, loss of superuser privileges, and/or financial responsibility for technical staff time needed to correct problems caused by such misuse, whether accidental or intentional.
Accidents do happen, but users who have superuser access on a workstation need to be particularly vigilant because of the increased potential for system damage.
(Approved by CIC on 8/25/03)
Computer users should not run long-running programs on interactive computing systems (such as sundance and moondance). Instead, use either apache, a personal workstation (with permission of the person whose office it's in) or a computer owned by your research group for this purpose. Interactive systems should be used only for interactive programs such as text editors, email, document processing, and Web surfing. Please see the list of general-use servers for further information on available systems. Repeatedly ignoring this policy may result in loss of computing privileges.
(Approved by CIC on 8/25/03)
Guest accounts are available to those who are collaborating with SOE faculty, staff, and students. Anyone requesting a guest account must fill out an account application, stating that he or she has read and agreed to the computing policies, and get the signature of a faculty or staff sponsor. We encourage the use of guest accounts (with ssh or other secure remote access) for collaborators rather than the use of private servers for cvs or similar services.
Guest accounts will remain active until either the sponsor asks that the account be closed or the account has been inactive for at least 6 months. If the account has been inactive for 6 months, staff will email both the user and sponsor (if known) that the account may be closed unless the users or sponsor responds requests the account continue.
(Approved by CIC on 9/30/03)
Computing accounts for persons leaving SOE or UCSC are generally discontinued unless a faculty or staff sponsor is obtained. When an account is continued under faculty or staff sponsorship then that account falls under the guidelines and policies of a "Guest Account".
Faculty or staff accounts are typically reviewed for deactivation when they leave UCSC. Typically student accounts are reviewed annually (in July). A list of graduating students along with a list of accounts with inactivity longer than 6 months is generate. Those users are notified via email and given 30 days to respond and provide a completed guest account form. When their sponsor is not available, the user may request for extension of time to obtain a completed guest account form. When the account is closed, the username continues to be reserved for 1 year and email will be forwarded to another account when user provides the forwarding account.
Users that do not provide the guest account form or do not request a time extension will have their accounts disabled and sometime afterwards all data will be purged from SOE filesystems. Users are highly encourage to have a CDROM made of their home directories prior to account deactivation and purge. Requests for restoration from tape archives may incur a fee for the service.
(Approved by CIC on 9/30/03)
SOE personnel are expected to maintain high ethical standards and should not distribute the scientific or artistic work of others without permission. Therefore, downloading, uploading and posting of copyright material is typically not permitted on SOE computer systems unless you have permission from of the owner of the material. This policy is especially targeted towards the unauthorized distribution of music files (mp3), games, videos and movies. These activities are not often associated with instruction and research. Student or staff violators of this policy will have their faculty advisor or staff supervisor informed of their activity and in some cases their SOE computing account disabled. Repeated offenses may result in future disciplinary action including revocation of computer access.
However, sometimes there are needs to make copyrighted and/or restricted material available via the Web and it is legal to do so. For example, faculty may want to post papers or homework solutions for their classes. In those cases, copyrighted or restricted material may be made available to users who are at UCSC but typically not elsewhere. Care needs to be taken to ensure that copyrighted material (especially homework solutions) are not widely distributed and distribution is disabled when no longer needed (such as when course is over). Please ask the tech staff for help in posting material for password or restricted distribution areas on the SOE web site.
Exceptions are also made for technical society papers and other material when the author authorizes that their publications be available on the Web.
Avoid placing restricted or proprietary data on web sites or in home directories as security is typically not sufficient for nondisclosure agreements (see 2003-10).
(Approved by CIC on [CIC discussed but exact wording not yet approved]
Electronic storage and distribution of restricted access data must be done with complete control over whom has access to it. Restricted access data is typically proprietary information for which you have executed a nondisclosure agreement (NDA) in order to have access to it. For the purposes of electronic storage, please start with the assumption that SOE file systems are NOT secure storage and that, without special handling, some people outside the NDA can access these files (e.g. sudo users, faculty and techstaff). You should also assume that sometimes web search engines can find files in your directories.
Special handling and filesystem setup is required for electronic storage of restricted data. This can be done under a directory structure that is severely limited in access and properly managed. Please ask the tech staff for assistance in developing secure electronic storage for restricted access material. An alternative method is to store restricted data only on external media (such as CDROM, Zip Disks, removable hard drives) AND to secure media in a manner that is consistent with the nondisclosure agreement.
It is the responsibility of the signer of any nondisclosure agreement (NDA) to make certain that restricted material and the information contained therein is not be allowed to be viewed nor copied by persons not covered by the NDA. YOU SHOULD NOT MAKE RESTRICTED or PROPRIETARY DATA AVAILABLE VIA THE WEB. SOE has had several violations which has caused research in many UCSC departments (including several outside SOE) to come to grinding halts.