Users of the Baskin School of Engineering (BSOE) computing facilities must abide by the campus-wide policies for use of UCSC computing facilities as well as the policies listed here. The goal of these policies is to ensure a functional, secure environment for all BSOE users, and not to unnecessarily restrict research or instruction.
When situations arise where the user and BSOE IT staff do not agree on policy interpretation, the Computing Infrastructure Committee (CIC) will mediate a solution, provide clarification to existing policy and/or develop new policy. Concerns with these policies should be sent to your CIC representative for discussion and resolution.
Penalties For Violation Of UCSC And/Or BSOE IT Services Policies
The BSOE CIC will hold a hearing for any proposed disciplinary action more severe than a warning that results from violations of these policies. Disciplinary action recommended by the CIC will take into account the severity of the violation, history of user violations, intent (accidental or intentional), and the extent of the damage that resulted.
Should the CIC find that individual users or groups are to be held responsible for a violation, those users or groups will be billed for all time spent cleaning up after the event. As of the 2016/2017 academic year, the rate for this is $84 per hour.
Should CIC find that an individual or group's actions represent willful negligence or misconduct, the committee may direct that the user or group's access to BSOE IT services be restricted or terminated, and will notify the user's supervisor/adviser, Student Judicial Affairs and/or law enforcement, if appropriate.
Policy On IT Staff Root/Administrator Access To Devices
Only BSOE IT staff shall have "root" or "administrator" access on all devices connected to the BSOE network that have any of the following characteristics:
Any device that is directly supported by the BSOE IT staff
Any device with the ability to mount BSOE file systems via NFS
Policy On Network Listeners
BSOE users should not run network listeners (programs that accept incoming connection requests; typically servers and peer-to-peer programs) without first notifying the BSOE IT staff at least one business day in advance. If a user will be developing network listeners, a blanket permission may be appropriate, but the user should talk with BSOE IT staff and a faculty advisor to ensure that he/she understands the security risks involved.
The use of self-supported servers (for example rsync, CVS, HTTP, MySQL or FTP/SFTP) is strongly discouraged. Instead, users are encouraged to use SSH as a transport for rsync and CVS (rather than running dedicated servers) and use BSOE's supported services for HTTP, MySQL and FTP/SFTP. Groups that want to run their own servers for these or other protocols must speak with BSOE IT staff to request an exception.
Peer-to-Peer (P2P) file sharing programs are considered by BSOE to be network listeners. Users who seek to install or operate these programs must notify techstaff one business day in advance.
Policy On Attempted Unauthorized Access
Users are not allowed to attempt to gain unauthorized access to any system, whether on-campus or off-campus, whether or not they are successful. Attempted security breaches will be dealt with harshly, particularly if they are intentional or due to carelessness.
It is understood that some researchers in the BSOE may investigate security-related issues. Users conducting security-related research that might be interpreted as an attack should do so on a device that is not attached to the BSOE network or, if absolutely necessary, on a separate, isolated subnet. Whichever approach is taken, users must ensure the BSOE IT staff is aware at least two days in advance of anything that might resemble an intrusion attempt on the BSOE network.
Policy On Users With Elevated Privileges
It may be necessary for some users to have elevated privileges on specific devices for research and instructional use. Users who need elevated privileges must fill out the Administrative Access Request Form. Both the user and their faculty advisor or supervisor must agree to be responsible for any actions that may impact other users. When granted, elevated privileges must be used only for the purpose authorized. Use of elevated privileges for any purpose other than that which was authorized on the Administrative Access Request Form will constitute a violation of this policy.
Policy On Guest Accounts
Guest accounts are available to those who are collaborating with BSOE faculty, staff, and students. Anyone requesting a guest account must fill out the account application and agree to the terms and conditions referenced therein. The account sponsor will then approve the account electronically. Guest accounts must be renewed at least annually by the account sponsor.
Policy On Access After Graduation Or Separation
Students who graduate from a BSOE major may apply to have their account converted into an Alumni account to continue accessing their account indefinitely through the BSOE Alumni server in order to maintain a small personal home page. Additionally, BSOE students who obtained their BSOE account before Summer 2014 will continue to be allowed to use their @soe.ucsc.edu Google Apps account indefinitely. No new @soe.ucsc.edu Google Apps accounts will be created. No other BSOE services will be provided to Alumni accounts.
Non-students who separate from the BSOE may request to have their account switched to a "Guest Account", which allows the user to continue accessing BSOE resources in a limited fashion. Guests must have a sponsor who is an active BSOE staff or faculty member. Guest accounts must be renewed by the sponsor each year. Accounts that were originally created before Summer 2014 will continue to be permitted to use their @soe.ucsc.edu e-mail address indefinitely. No new @soe.ucsc.edu Google Apps accounts will be created.
Policy On Distribution Of Copyrighted Material
BSOE users may not distribute copyrighted materials without specific written permission from the copyright holder, except as permitted by the "Fair Use" clause of the US Copyright law. This policy is especially targeted towards the unauthorized distribution of music files, games, videos and movies.
In cases where a fair use exemption is exercised, it is the responsibility of the person distributing the materials to ensure that they are distributed only to those users who are covered by fair use. For example, an instructor may have permission to reproduce some materials for students enrolled in a particular class. In this example, it is the responsibility of the instructor to make sure that only students enrolled in that class have access to the materials.
Storage And Distribution Of NDA-Covered Software And Data
Storage and distribution of NDA-covered software and/or data must be done with complete control over who has access to it. Normal BSOE file systems are not sufficiently secure to store NDA-controlled software and/or data. In order to set up a secure storage area, please contact the BSOE IT staff.
It is the responsibility of the signer of any NDA to make certain that NDA-controlled software and/or data is accessible to only those users who are covered by the NDA. Under no circumstances should you publish NDA-covered material on the web.
Policy On Devices With Known Security Vulnerabilities
The BSOE IT staff receives regular reports of potential system vulnerabilities from multiple sources. The threats posed by a system need not be actively compromised, but rather only identified as a likely source of a future compromise. For BSOE-supported systems, it is the responsibility of the BSOE IT staff to remediate the vulnerability. For self-supported systems, the BSOE IT staff will make a reasonable effort to contact the system owner to alert them to the vulnerability and offer pointers to remediation procedures. In the event that a system owner is unresponsive or unable to remediate the threat, the BSOE IT staff will remove the device from the network seven calendar days after the initial attempt to contact to the system owner.
Devices that pose an active threat to the BSOE or UCSC networks may be summarily removed from the network by BSOE IT staff. Once removed, regardless of the cause, the device may not be reintroduced to the network until BSOE IT staff have worked with the system owner and successfully remediated the threat. Attempting to circumvent the network removal itself is a violation of these terms and conditions.