Waisman Computing Services

Policies

Adopted for use at the WCS User Committee meeting on March 9, 2005.

Rationale: Certain policies are necessary to insure the reliable operation of any shared resource such as a computer network. Today's hostile global internet climate harbors a never ending supply of those who would willingly damage or hinder the operations of others for sport, fame or to promote a personal ideology. Every organization needs to take certain precautions to protect their infrastructure and clients from the risks of being connected to the internet. The following policies should be thought of as protections for you and your colleagues rather than restrictions on your actions.
Network Connections (to building wall jacks)

The Waisman Center's network is an extension of the University owned campus network which is a shared resource and must have certain safeguards to ensure reliable operation. Unlike the power or telephone networks which are protected by numerous codes, regulations and standards, the improper configuration of a single computer can adversely affect the functionality of the network and have an immediate impact on other computers or services. There are numerous past cases where this has actually occurred. To minimize these risks and potential disruptions, the following requirements have been established for all devices physically attached to the Waisman Center's network (defined as everything on the internal side of our firewall):

Safeguards on the use of computing resources must be established to mitigate the risk of damage and/or disruption to Waisman Center services, research, business activities or funding as a result of litigation. Please remember that while the particular computer you are using might be thought of as "your computer", it is the property of the University and expected to cooperatively participate as a "good citizen" on the University's campus wide network.

Example (from an actual occurrence in 1/2005): A staff member from your lab requests assistance in installing a statistical package on a computer. It's found that the installation fails due to infestation and damage caused by the spyware programs NetPumper and Cydoor that were installed by a previous employee who left 2 months prior. It takes 4 hours to clean and remove the effects of these spyware programs before the statistical software can be successfully installed (which takes 15 minutes). Your grant is billed for 4 hours of labor for what should have been a free software installation.

Account security

The protection of Waisman network resources depends on each user's responsible handling of their account(s), since any account can serve as an entry point for theft, damage, or unauthorized use to the entire network. You must take reasonable steps to secure your username and password(s) to prevent others from using your computing identity. Sharing of usernames and passwords by more than one person is not permitted.

Administrator accounts have elevated privileges for the purposes of changing the configuration of both hardware and software on a computer. Using an administrator account significantly increases the risk of damage to critical settings or installed software. Malicious software such as a virus or other exploit typically depends on the victim using an administrator level account for maximum destructive effect - i.e. your computer is then owned by the hacker community and completely under the control of others to use for whatever purpose (usually malicious) they wish. Responsible use of administrator accounts (only to install trusted software or make configuration changes) goes a long way in limiting or thwarting the effects of a virus or other attack. Ignoring this distinction essentially defeats many of the security features added to personal computers since the days of Windows 98. Please note some software (typically open source) can be installed for a specific user without an administrator account.

Since improper use of an administrator account can potentially hinder the operation and destroy data on the computers of your colleagues, additional safegaurds must be followed in order to protect everyone else that uses the network. These safeguards primarily involve educating potential candidates about the security risks and proper use of administrator accounts.

Account expiration and removal. In the absence of information from the account holder, the owner (supervisor or investigator), Waisman Center administration or higher authorities, if an account has not been used (a logon detected) for a period of six months, it will be considered abandoned and removed. All associated files will be archived and then deleted. The archived files will be retained for 90 days and then destroyed unless we receive other disposition instructions. We will maintain an email forwarding address for up to one year after account removal.

Damage Liability.The funding source of your computing activity is responsible for any damage or clean up costs that result from the irresponsible or careless use of computing resources under your control.

Periodic Auditing. Use of computing and network resources may be periodically audited to ensure that the above policies are adhered to.

University Baseline Password Standard

A UW-Madison Policy adopted in February 2006 provides mimimum password standards that states passwords must be a minimum of eight (8) characters in length, contain mixed case letters, a digit and special characters. The policy can be viewed at:

http://www.cio.wisc.edu/policies/password.aspx

University Policy on Electronic Devices

A UW-Madison Policy adopted in March 2004 pertains to network security and anything attached to the campus network. It's known as the "Electronic Devices Policy" and basically says you must run up-to-date anti-virus software (available at no cost) and ensure all other software has current security updates. It can be viewed at:

http://www.cio.wisc.edu/policies/devices.aspx

University Responsible Use Policy

The UW-Madison Information Technology Committee (ITC) and the Provost's Office have approved guidelines for responsible use of campus information technology resources. The policy includes nine guidelines in areas like computer security, hacking, impersonation and anonymity.

The Responsible use policy has been incorporated into the student non-academic misconduct rules for UW-Madison. According to the Dean of Students office, violation of the code by students may result in disciplinary action including probation, suspension, and expulsion. Violation of the policy by faculty and staff may result in loss of access privileges, University disciplinary action, and/or criminal prosecution.

While the Department of Information Technology (DoIT) does not monitor people's use of the network, the web or e-mail, complaints will be investigated.

References

Both the University and/or the Waisman Center reserve the right to suspend network access to preserve the integrity of the network.

© 2018 Waisman Computing Services   |   Contact us   |   October 03, 2014