Users of Baskin Engineering computing facilities must abide by the campus-wide policies for use of UCSC computing facilities as well as the policies listed here. The goal of these policies is to ensure a functional, secure environment for all users, and not to unnecessarily restrict research or instruction.
When situations arise where the user and Baskin Engineering IT staff do not agree on policy interpretation, the Computing Infrastructure Committee (CIC) will mediate a solution, provide clarification to existing policy and/or develop new policy. Concerns with these policies should be sent to your CIC representative for discussion and resolution.
Penalties For Violation Of UCSC And/Or Baskin Engineering IT Services Policies
The Baskin Engineering CIC will hold a hearing for any proposed disciplinary action more severe than a warning that results from violations of these policies. Disciplinary action recommended by the CIC will take into account the severity of the violation, history of user violations, intent (accidental or intentional), and the extent of the damage that resulted.
Should CIC find that an individual or group's actions represent willful negligence or misconduct, the committee may direct that the user or group's access to Baskin Engineering IT services be restricted or terminated, and will notify the user's supervisor/adviser, Student Judicial Affairs and/or law enforcement, if appropriate.
Policy On IT Staff Root/Administrator Access To Devices
Only Baskin Engineering IT staff shall have "root" or "administrator" access on all devices connected to the Baskin Engineering network that have any of the following characteristics:
Any device that is directly supported by the Baskin Engineering IT staff
Any device with the ability to mount Baskin Engineering file systems via NFS
Policy On Network Listeners
Baskin Engineering users should not run network listeners (programs that accept incoming connection requests; typically servers and peer-to-peer programs) without first notifying the Baskin Engineering IT staff at least one business day in advance. If a user will be developing network listeners, a blanket permission may be appropriate, but the user should talk with BSOE IT staff and a faculty advisor to ensure that he/she understands the security risks involved.
The use of self-supported servers (for example rsync, CVS, HTTP, MySQL or FTP/SFTP) is strongly discouraged. Instead, users are encouraged to use SSH as a transport for rsync and CVS (rather than running dedicated servers) and use BSOE's supported services for HTTP, MySQL and FTP/SFTP. Groups that want to run their own servers for these or other protocols must speak with BSOE IT staff to request an exception.
Peer-to-Peer (P2P) file sharing programs are considered to be network listeners. Users who seek to install or operate these programs must notify techstaff one business day in advance.
Policy On Attempted Unauthorized Access
Users are not allowed to attempt to gain unauthorized access to any system, whether on-campus or off-campus, whether or not they are successful. Attempted security breaches will be dealt with harshly, particularly if they are intentional or due to carelessness.
It is understood that some researchers in Baskin Engineering may investigate security-related issues. Users conducting security-related research that might be interpreted as an attack should do so on a device that is not attached to the campus network or, if absolutely necessary, on a separate, isolated subnet. Whichever approach is taken, users must ensure the Baskin Engineering IT is aware at least two days in advance of anything that might resemble an intrusion attempt on the campusnetwork.
Policy On Users With Elevated Privileges
It may be necessary for some users to have elevated privileges on specific devices for research and instructional use. Users who need elevated privileges must fill out the Administrative Access Request Form. Both the user and their faculty advisor or supervisor must agree to be responsible for any actions that may impact other users. When granted, elevated privileges must be used only for the purpose authorized. Use of elevated privileges for any purpose other than that which was authorized on the Administrative Access Request Form will constitute a violation of this policy.
Policy On Guest Accounts
Guest accounts are available to those who are collaborating with Baskin Engineering faculty, staff, and students. Anyone requesting a guest account must fill out the account application and agree to the terms and conditions referenced therein. The account sponsor will then approve the account electronically. Guest accounts must be renewed at least annually by the account sponsor.
Policy On Access After Graduation Or Separation
Students who graduate from a Baskin Engineering major may apply to have their account converted into an Alumni account to continue accessing their account indefinitely through the Baskin Engineering Alumni server in order to maintain a small personal home page. Additionally, Baskin Engineering students who obtained their Baskin Engineering account before Summer 2014 will continue to be allowed to use their @soe.ucsc.edu Google Apps account until further notice. No new @soe.ucsc.edu Google Apps accounts will be created. No other Baskin Engineering services will be provided to Alumni accounts.
Non-students who separate from Baskin Engineering may request to have their account switched to a "Guest Account", which allows the user to continue accessing resources in a limited fashion. Guests must have a sponsor who is an active Baskin Engineering staff or faculty member. Guest accounts must be renewed by the sponsor each year.
Policy On Distribution Of Copyrighted Material
Baskin Engineering users may not distribute copyrighted materials without specific written permission from the copyright holder, except as permitted by the "Fair Use" clause of the US Copyright law. This policy is especially targeted towards the unauthorized distribution of music files, games, videos and movies.
In cases where a fair use exemption is exercised, it is the responsibility of the person distributing the materials to ensure that they are distributed only to those users who are covered by fair use. For example, an instructor may have permission to reproduce some materials for students enrolled in a particular class. In this example, it is the responsibility of the instructor to make sure that only students enrolled in that class have access to the materials.
Storage And Distribution Of NDA-Covered Software And Data
Storage and distribution of NDA-covered software and/or data must be done with complete control over who has access to it. Baskin Engineering file systems are not sufficiently secure to store NDA-controlled software and/or data. In order to set up a secure storage area, please contact the Baskin Engineering IT staff.
It is the responsibility of the signer of any NDA to make certain that NDA-controlled software and/or data is accessible to only those users who are covered by the NDA. Under no circumstances should you publish NDA-covered material on the web.
Policy On Devices With Known Security Vulnerabilities
The Baskin Engineering IT staff receives regular reports of potential system vulnerabilities from multiple sources. The threats posed by a system need not be actively compromised, but rather only identified as a likely source of a future compromise. For Baskin Engineering supported systems, it is the responsibility of the Baskin Engineering IT staff to remediate the vulnerability. For self-supported systems, the Baskin Engineering IT staff will make a reasonable effort to contact the system owner to alert them to the vulnerability and offer pointers to remediation procedures. In the event that a system owner is unresponsive or unable to remediate the threat, the Baskin Engineering IT staff will remove the device from the network seven calendar days after the initial attempt to contact to the system owner.
Devices that pose an active threat to Baskin Engineering or UCSC networks may be summarily removed from the network by Baskin Engineering IT staff. Once removed, regardless of the cause, the device may not be reintroduced to the network until Baskin Engineering IT staff have worked with the system owner and successfully remediated the threat. Attempting to circumvent the network removal itself is a violation of these terms and conditions.