Introduction

The following rules, made by the Department, apply to all users of systems connected to the Department’s network and to all network services (for example including electronic mail, file transfer and remote login).

Use of the Network

• Use of the Department’s network is normally restricted to activities connected with the work of the Department: its research, teaching and administration. All other use, apart from appropriate light use by staff and students of the Department, must have explicit prior approval from the Department.
• All users of the network must be registered on the central Departmental computer system so that, in the case of problems, the network administrators can identify and contact them rapidly. Please email the Helpdesk (helpdesk) to arrange this.
• The national (e.g. JANET) and International Networks are for academic use only though limited recreational use is tolerated. Excessive use for non-academic purposes would constitute a breach of the rules. Commercial use is strictly forbidden.

 

In addition to these Departmental rules, the following also apply:

• The University Policies on the use of the CUDN
• National Network and other rules listed in the main rules index.
• The rules governing the use of Email and the provision of Web pages and running a web server.

 

Anyone with special network requirements should contact the Helpdesk (helpdesk) in the first instance.

Terms and Conditions of Network Usage

The following rules, made by the Department, apply to all systems connected to the Department’s network:

• All systems attached to the network must be registered by completing a network connection request form  before being connected. A name and IP address (like a user id) must be used only for the purpose for which it is allocated (typically this means on a specified piece of hardware). Any changes must have the approval of ip-register.
• Since the security of the network as a whole may be compromised by a single system with poor security:

• • The system must be adequately maintained and secured. This includes ensuring that: Security patches are kept up to date; anti-virus software is installed where available (this is absolutely mandatory in the case of Windows and macOS) and kept up-to-date; all accounts have secure passwords; and care is taken with the configuration of any services provided (e.g. remote login to the system) so that these cannot be abused.
  • The Department’s Computer Officers must be allowed access to all systems on the network to investigate and if possible resolve security weaknesses, using, wherever possible, automatic procedures.
  • A system with unresolvable security problems may have to be removed from the network without warning. Any reconnection of such a machine without authorisation from one of the Department’s Computer Officers will be treated as a serious disciplinary matter since it risks compromising the security of the network as a whole.
• A specific but especially important aspect of security is that any external login to the system over the network or via remote access must be adequately controlled (e.g. by a password) and a record kept in system logs.
• Machines, e.g. laptops, which are sometimes connected to other networks pose a particular security risk since they can become infected by malware which would normally be blocked by the Department’s network firewall and email filtering (in the case of email, this also applies to machines using external email servers). It is therefore important that anti-virus software is installed and scanning on a regular basis.
• For the purposes of security scanning and other network administration it is important that all systems attached to the Department’s network implement an ICMP Echo server (ping) function which on receiving an Echo Request sends a corresponding Echo Reply. Note that this will normally be the case except where systems have firewall software which prevents it.
• Machines connected to our network must not listen on port 25 (SMTP). Most people will not need to worry about this (only programs that are designed to accept incoming email for a site should do this; ordinary email-reading programs don’t). As a general security principle, machines should be configured so that they only listen on ports specific to services that the machine is intended to offer.

 

Appeals over judgements of inadequate security may be referred in the first instance to the Head of the IT Services Division and then, if still unresolved, to the Computer Strategy Committee.