Policies

NC State Policies

Contents

  1. Computer Use Policy
  2. Copyright Infringement Policy
  3. ITD Rules and Regulations
  4. Wall Port Activations
  5. Nomad Wireless Usage
  6. Non-Nomad Access Points
  7. Online Safety and Security Policy
  8. Unity Accounts
  9. Violations of Policy
  10. Web Accessibility
  11. Network Scanning
  12. External Web Services Policy

Computer Use Policy

NC State University has revised its Computer Use Regulation. The revised version, which consolidates the Computer Use Regulation and the now-repealed Software License Requirements Regulation, further defines and clarifies acceptable use of campus information technology (IT) resources — such as computer equipment, software, networks, computer system accounts, and other digital assets and resources — for administrative, academic and personal use.

A summary of recent changes to the regulation includes the following:

  • Section 2.4 clarifies who may request a review of data residing on or passing over university IT resources, as well as the circumstances under which a review may occur.
  • Section 2.5 clarifies that employees should have no expectation of privacy, subject to Section 2.4, with regard to any personal material stored on, archived on, or passing over university IT resources.
  • Section 2.16 clarifies that employees using either university or personally-owned mobile devices must ensure the protection of sensitive data stored on or passing over the devices.
  • Section 3 clarifies that employees may still use university IT resources for limited personal use, but not for private enterprise.
  • Section 7 incorporates the former Software License Requirements Regulation in to the Computer Use Regulation.

A new Summary and Use Guidelines document is available under the “Additional References” section of the Computer Use Regulation and contains specific use cases to help students, faculty and staff determine acceptable use of university computing resources. All members of the campus community are expected to understand and abide not only by university IT policies, rules and regulations, but also by state and federal laws that may apply to use of these resources.

For more information, view the Computer Use Regulation on the Policies, Regulations and Rules website.

Copyright Infringement Policy

Copyrights are a touchy issue which seem to show up a lot of places today. Anything created with any bit of creativity is automatically copyrighted upon completion of the work. The copyright protects against copying, distributing, modifying, displaying, and performing material. It is important not to infringe upon the copyrights of others.

Copyright violations are serious matters which typically end up in court with one side losing considerable capital and credibility. Should the University be contacted about a copyright violation, they will inform the alleged violator and there is a series of steps which must be completed in order to finish the matter. The full explaination can be found at NC State’s Copyright Procedure page.

Once the University has discovered there is a copyright violation on one of its pages, an attempt to establish the copyright owner will occur. Next, possible legal defenses are considered. After this, the University will try to mediate a solution to the problem. If no agreement can be reached, the material will be removed. Finally, whatever disciplinary action that needs to be taken will occur.

Copyright can be summed up as follows:

  • It is a protection of the expression of an idea, but not the idea itself.
  • Facts, words, and databases typically do not qualify for copyright.
  • Copyright begins immediately after creation of document.
  • Ownership of media does not imply ownership of copyright.
  • Most e-mails, webpages, and computer files are copyrighted.

Remember, just because something is not stated as copyrighted, does not mean that it is not copyrighted.

File Sharing

File sharing has become a huge part of the high-tech world of college campuses. Many students download music, movies, and even academic work through peer-to-peer networks. While this has become widespread, it is not necessarily legal or even an action that demonstrates integrity.

As part of ongoing efforts to educate the campus community on issues related to peer-to-peer file sharing, Chancellor Fox, Provost Oblinger and Vice Chancellor Worsley issued an open letter entitled “Liability for illegal file sharing ” earlier this month. The letter is intended to alert faculty and staff as well as students “of the personal risk involved with unauthorized file sharing of copyrighted material.”

The letter was published in the online official Bulletin and as a full-page ad in Technician on February 13. Harry Nicholos, university agent for Digital Millenium Copyright Act (DMCA) infringement notification, will be giving presentations on the topic to the Staff and Faculty senates in March. For more information about DMCA issues, visit the newly revised Copyright Infringement site: http://www.ncsu.edu/copyright/ For more information about national efforts to curb illegal filesharing on college campuses, see http://www.educause.edu/issues/rfi/pr090203.asp

ITD Rules and Regulations

The Information and Technology Division at NC State helps create and enforce policies, rules, and regulations concerning computer usage, systems, and services. They govern campus-wide academic computing resources. This includes everything from Eos/Unity accounts to education programs to personal webpages. The details of the individual policies are listed below.

  • Eos/Unity Accounts
    • Use of the account by anyone other than the owner is prohibited.
    • Account holders are responsible for all activites on the the account.
    • Account holders are responsible for keeping passwords secure.
    • Only one RealmID will be issued per student.
  • Computing Labs
    • Those using University facilites will take proper care of equipment, including making no repairs or configuration changes to systems.
    • Recreational use during periods of light usage is permitted, but when resources are needed for academic purposed, gamers should yield the equipment.
    • Refrain from noise, sound effects, violent motion, etc. because it may distract others
  • Education Programs
    • ITD provides free education workshops to faculty, staff, and graduate students on a host of technologies each semester.
    • The Avent Ferry Convention Center may be reserved by groups in order to have access to resources.
    • There are also three labs located in D H Hill Library for usage of the Education Programs.

Wall Port Activations

Nomad Wireless Usage

Wireless Network users should understand the following:

  • Running remote services (web server, ftp server, nfs server, any person-to-person file sharing services, etc) are PROHIBITED. However, users will be able to connect to such services provided elsewhere.
  • All users will be automatically logged out if they are network idle for 2 hours or are off of the network for 10 minutes.
  • All traffic to and from the Nomad System is logged and associated with the user, as permitted by the NC State Administrative Regulations, section II, G.
  • NOMAD Wireless transmissions are not encrypted–wireless network users are responsible for the security of the data transmissions they send over the wireless network. Users are strongly encouraged to use secure application-level protocols when sensitive information traverses the wireless network; otherwise, they should move to the wired network. Example secure application-level protocols are: https, ssh, scp, vpn.

https://nomad.ncsu.edu/local/wireless-aup.html

Non-Nomad Access Points

Regarding wireless access points that are not on the NOMAD network.

While NC State does allow Non-NOMAD wireless on campus (http://www.ncsu.edu/it/rulesregs/wireless/implementation-rules.html), it does place this at the discretion of the academic unit (ie, college or department).

Frankly, this is not something we want to encourage. Outside of specific wireless research projects, all wireless at NC State should be on the NOMAD network. We’d end up with countless overlapping networks that just confuse both the IT people (who inevitably end up having to fix it) and the students who *see* the network. Add the fact that most people have no clue what they’re doing, especially when it comes to SECURING a wireless network (which by the way, generally doesn’t happen)… Cheap wireless APs also have a tendency to get hacked…

Should the private wireless network in ANY WAY affect a nearby/overlapping NOMAD network, it will be removed by central IT.

Online Safety and Security Policy

On any group of unsecured networked computers, it is possible for any one computer on the network to gain access to any or all of the other other computers on the network. This can be done via a direct attack by a cracker, a malicious hacker, or an indirect attack from a virus. This is why it is of the utmost importance for you to take the necessary security precautions. Some steps that can be taken to help ensure your online safety are: keeping all passwords unique and secret, keep current antivirus software installed, and run a firewall whenever you are on the Internet. These simple actions will help keep you safe from threats across the board.

Internet safety is not only important when it comes to crackers or viruses. It is just as important to protect yourself from lawsuits. Illegally sharing copyrighted materials, including music, movies, books, etc., can be just as dangerous as giving someone your passwords. Distribution of such files can earn you up to a $250,000 fine.

The following list presents a condensed version of safe computer practices.

  • Keep your computer software up-to-date with the latest antivirus software and patches.
  • Make backups of your important files in case something happens to them.
  • Do not violate copyrights. Piracy is not tolerated.
  • Make sure you read the End User Liscense Agreements for all software you install.

Violations of Policy

As users commit various violations of ITD policies, punishments have been scaled in order to take account the severity of the violation. ITD staff takes into account the severity of risk presented to the school and the ammount of damage done to systems when classifying violations. The lowest risk violations are classified as level one, medium risk as level two, and high risk are level three violations.

Level one
For committing a level one violation, users will receive an e-mail from ITS notifying them of the violation breeched and a link to the published policy. There will also be a request for a written response by the user pledging to stop the behavior. Level one violations include, but are not limited to, eating or drinking in labs, reports of offensive e-mail, minor incidents of chain mail.
Level two
These violations require that the offender discuss the incident with the investigator of the offense. Offenders will also be asked to sign a document acknowledging that they understand the rules and regulations. Violations include not responding to level one warnings, account sharing, spamming, and port scanning.
Level three
For level three violations, the offender will be sent to the appropriate University officials (Student conduct for cases of student offenders). Level three violations include denying access to users, interfere with regular network operations, infringe copyrights, and forging e-mails.

Loss of access to account, service, machine, etc. – Section V of NC State’s Administrative Regulations-Computer Use states that “a University system administrator (or designees) may suspend a user’s access privileges or suspend services to a computer, for as long as necessary to protect the University’s computing resources, to prevent an ongoing threat of harm to persons or property, or to prevent a threat of interference with normal University functions.” In such a case, ITD staff will observe the following:

  1. The user will be sent either an electronic or a written note communicating the suspension, the reasons for suspension, and when the suspension may be discussed with an administrator.
  2. The user must be given a chance to meet with the system administrator at his or her earliest convenience. The system adminstrator will review his or her decision after this meeting.
  3. Following the meeting, the user will be sent notification of the system administrator’s decision. The user will also be notified that he or she may appeal to the system adminstrator’s immediate supervisor.

In order to maintain accurate records, ITD staff keeps a restricted-access database of all violations that come to their attention. Although they are not publicly accessible, these records may be used by appropriate officials during disciplinary or legal proceedings.

Web Accessibility

Network Scanning

Campus Policy Regarding Running Network-Based Security Software

  • Campus computing and network administrators have the authority and responsibility to run programs or take other actions for support and security of the campus environment. Advanced notification to appropriate unit administration and support personnel is required for all actions which might reasonably be expected to pose a risk to production work. Prompt notification is required of mistakes or unexpected results which negatively impact production work.
  • College and departmental administrators should restrict actions to their domain of responsibility except by mutual agreement with other affected domain peers.
  • Students are not allowed to run network based security analysis programs such as Satan and doing so will subject them to disciplinary action.
  • These programs are a fact of life and NCState.Net will test and investigate such programs as necessary to identify risks and corrective and/or protective measures. As stated above, NCState.Net will provide advanced notification to appropriate unit and support personnel when there are reasonable expectations that risks to production work may be involved.

External Web Services Policy

Memo from Chancellor Oblinger (August 1st, 2007):

Over the past several months the university has initiated several new marketing and communications efforts. These have included the launch of the new www.ncsu.edu website, which will put us at the leading edge of the web world; the strategic marketing research study conducted by Art & Science Group, 1.1. c.; and, very soon, contracting with a major public relations firm for a three-year public relations campaign based on the results ofthe Art & Science Group study.

NC State as well as the General Administration are committing significant funding to this effort; consequently, we are now poised to begin defining our position and relevance in a much more aggressive and strategic manner. The Office of Public Affairs is leading these efforts, under the direction of Debbie Griffith (Associate Vice Chancellor for Public Affairs), Keith Nichols (Director ofNews Services) and Jason Simon (Director of Marketing and Director of Creative Services). They will provide regular updates to campus constituents through the campus PR-group meetings; university website; sessions with University Council, Executive Officers, Deans, Vice Provosts, other administrative teams, and university governance groups; and individually-scheduled meetings throughout campus.

In an effort to ensure that our investments in these areas are well-spent, I am requesting that any advertising purchases, RFPs for public relations, marketing, advertising, website design and development, or general communications counsel and any other significant external communications investments be coordinated through the Office of Public Affairs, effective immediately. This does not apply to Human Resources advertising and job postings.

Public Affairs has demonstrated that they can help negotiate better rates, frequencies, and other matters with vendors and advertisers, thereby enhancing the value of all of our efforts. In addition, this coordination will ensure that our external communications are reaching the target audiences in the best manner possible, that we are not being redundant in our placements and that our investments are based on sound strategic approaches.

Please coordinate with Debbie Griffith during the planning for any external communication projects – the earlier in the process, the better. Our Purchasing Department will also work closely with Public Affairs by referring to Ms. Griffith any purchasing matters related to marketing and/or public affairs. She will develop a process for working with your units to make sure this coordination is timely and useful. More detail will be provided by Ms. Griffith by August 17, 2007.

Thank you for your continued efforts to ensure that the great things we do at NC State are shared with a larger audience-in a way that makes not only your unit, as well as the entire university, achieve the reputation and prominence we deserve.

Accessibility

North Carolina State University is committed to providing an inclusive environment for all students. This commitment takes a proactive approach to providing accessibility to its information resources, including Web pages and online content.

To accommodate access to information technology resources for a student with a disability, the Disability Services Office (DSO)offers a range of assistive technologies and devices, including screen-reading software, screen magnifiers, accessible workstations and braille technologies. Additionally, IT Accessibility Services provides software, tutorials, and workshops to assist faculty, staff, and web developers across campus in the design and development of accessible IT and web environments.

For more information on available services, please see DSO accommodations and services and IT Accessibility workshops and tools. For more information on web accessibility, please see Web Accessibility.

ECE Policies

Contents

  1. Computers Stay On
  2. Dual Boot
    1. Security
    2. Remote Access Servers
  3. File Sharing Applications
  4. Three Year Warranty
  5. Personal Computers
  6. Windows Patching Policy
    1. Desktop and Laptop Clients
    2. Personal Computers
    3. Exceptions

Computers Stay On

Dual Boot

REWRITE for GENERAL USE — add in info about

Security

Remote Access Servers

VCL/GRENDELs

On the NCSU network, an unpatched Windows workstation is hacked within 30 seconds. Often, less time is required. Keeping the OSes patched is our number one way to prevent one machine from attacking the rest.

Dual booted machines are the blight of security within this environment.

With the OS switching back and forth, neither OS (we’re patching Linux across the network as well) is kept up to date. And we can’t know how long a machine has stayed on one OS versus the other.

Therefore, the goal has been to discourage, and eventually remove the use of dual booted systems *wherever possible*.

What I need to know is the reasons/needs for the dual boot. I’ll give you one: OPNET currently requires Windows — assuming your primary use of the machine is as a Linux box, then this would be a good reason to have both the OSes. Granted, once OPNET *is* available on Linux, this would no longer be a legitimate reason.

While you know our goal is to move to a non-dual boot environment, *I* need to know the obstacles that *you* see to this. What applications prevent your use of a single OS? Having this information helps to better define this policy.

We wouldn’t want to have Windows on a box simply because a student likes to use Outlook to check his mail, or because they prefer Office over StarOffice.

I would ask that you work with us on this. We have no research support funding. Trust me, if we could, we would — so we have a limited staff to respond to issues that arise. We do so because I recognize the needs of the department, and because I’d like to avoid the “wild west” of computing that ECE was four years ago. Our goals are to meet your legitimate needs, but we must weigh that against the cost of support and to the rest of the network.

  • We will dual boot this machine*.

You are correct that a 600Mhz machine will not meet your needs. Outside of the Networking group, one of the major reasons we have dual boot requests is because a student wants to “play” with the buzz work “Linux”. A secondary machine on which to do this often does meet their needs, and is therefore a standard response to such requests. I will have our people adjust this response to elicit legitimate reasons for the request and possible exceptions, as in this case, to the policy.

We *WILL* be erecting the firewalls on both the Linux and Windows OSes.

This should help, partially, to protect the machines while updates are installed. Unfortunately, not all issues are due to outside attacks, but it’s something. This should not affect the use of the machine, but if it does, let us know, and we’ll see what specific exceptions to this firewall can be made.

While the machine is being built, please send me the reasons a dual boot is important to you in this case. If we can determine what the problems are with a single OS, we can attempt to resolve them, or at least keep them in mind.

File Sharing Applications

The Digital Millennium Copyright Act amends federal copyright laws, providing liability protections to providers of online services when their networks contain material infringing upon copyrights.

WolfTech actively searches for software piracy upon the network. Here’s information on piracy, our policies, and the process should you be caught with illegal software.

Software piracy is something that we have been hearing a lot these days. While it has been around since the time Bill Gates dropped out of Harvard, it has just recently become big news. Today, with high speed Internet connections rampant, peer-to-peer, p2p, file sharing applications have begun springing up all over the place. These handy applications allow people to share music, videos, other applications, and anything lese electronic.

So whats the big deal? Not everybody sees this as sharing. When you download something for free via p2p applications, you are technically stealing from the original author. Programs sold for hundreds, even thousands, of dollars are being swapped from computer to computer via the Internet. Each time someone copies a file or program from another user, they are costing that company the cost of the product.

There are other ways of distributing pirated software, such as selling burned CDs, but it is all legally punishable. If convicted, a software pirate can spend up to five years in prison or be fined up to $250,000. Plus, litigation can continue into civil court where damages may rack up even more. In addition to the financial burden, if you work for a company, you have single handedly tarnished their entire reputation.

Running the program in itself is not even illegal under current US Copyright Law. However, what you get off of the program may be illegal. The act of sharing the file or program, under many licensing schemes, is illegal. If you are caught using the programs for illegal activities, it is the responsibility of NC State to report you to the proper authorities, and your network account may be deactivated.

Three Year Warranty

Personal Computers

CLEAN Personal Computers getting Permanent IPs

Here’s the immediate issue. IPs are controlled by individual departments or colleges. *THESE UNITS* are responsible for the network and require that all IPs be assigned BY THESE groups. So having a “central” entity, aka ITD/ComTech, do this would NOT be good. On many levels. I can go into detail later if you like, but save us all time, and make sure that you’re working with individual colleges, not central IT, when requesting IPs.

One example — I will remove ANY IP in ECE IP ranges that are not in our records. This is something you’d want to avoid.

This is NOT a centralized problem, or one in which a centralized solution is likely to work. Should the committee like some contacts within each department/college, I can provide this.

Having said that, some departments and colleges already *do* register personal machines. ECE is one of those.

The current version of our online request form is here: https://www.wolftech.ncsu.edu/requests/register/

You can get an idea of the information we require on our form there.

Sample of the rules we follow:

  1. The registered name of the machine is USERID.ece.ncsu.edu. Students do not have the option to change this. FT Faculty can, if strongly desired. This naming convention allows identification of the owner quite easily, as well as distinguishing it as a personal machine on sight. We do, of course, maintain a comprehensive database of all of our IPs/computers, but this helps as well. Also removes some maintenance/labor costs in setting up the IP access.
  2. One registered machine per student. We will occasionally make exceptions for special cases (in which case, the name of the machine is USERID2). This is a very rare event.
  3. Symantec AntiVirus is required, but this is a general NCSU IT rule already in place. NCSU users are directed tohttp://www.ncsu.edu/antivirus/. Additional network usage policies are set by NCSU, the colleges, and departments. For example, you are not allowed to run servers from these machines. Should the computer show up (*blip*) on our network monitors, we will come ask what the user is up to.
  4. OS Updates: All personal machines operating on the ECE network must be configured to automatically install Windows patches from our WSUS server. For more information and instructions on how to configured your computer to use WSUS, see WSUS.
  5. You must have an NCSU UnityID to have a permanently registered IP. All faculty, staff, students, postdocs, and, usually, visiting scholars (see NoPay notes below), have a UnityID.
  6. All personally owned machines are removed from the network once the userid of the owner has been disabled by the University. We have scripts that report these machines to us on a weekly basis. If we know someone has left, we’ll remove it ahead of this time.

Windows Patching Policy

The Department of Electrical and Computer Engineering uses Windows System Update Services (WSUS) to keep all Windows computers up to date with the latest security patches, updates, and drivers. This system is an integral part of maintaining both the security and availability of our network. The purpose of this policy is to optimize WSUS to meet our organizational requirements for security, stability, and user impact.

  • Security
    • Microsoft releases new software updates on the 2nd Tuesday of each month.
    • When exploitation of a vulnerability is already occurring, or is imminent, Microsoft will release and update immediately.
    • As an academic environment, our network is relatively exposed to threats, both from off campus and from computers brought onto our network.
  • Stability
    • Microsoft Updates have the potential cause unwanted side effects and should be tested before deployment.
  • User Impact
    • Many Windows Updates require the computer to be rebooted before the update takes effect.
    • Some updates do not require a reboot and can be installed with minimal impact on the user.
    • If a user is logged into the computer, Windows Update will prompt the user to reboot. If the user does not respond within a configurable period of time, the computer will reboot.
    • If a user cancels the reboot, they will be re-notified to reboot after a configurable period of time.
    • Many users leave jobs running on their computers overnight. Because the user is not present to prevent the reboot, the computer reboots, killing any running jobs.

Desktop and Laptop Clients

  1. When monthly updates are released, an email notification will be sent to all ECE faculty, staff, and students. When emergency updates are released, email notifications will be sent to all ECE faculty, staff, and students and the installation schedule will be set based on the circumstances.
  2. Updates will be installed on IT staff computers to allow for rudimentary testing.
  3. If no problems are found with the updates, they will be approved for installation 48 hours after the email notification is sent.
  4. Updates that do not require a reboot will be installed immediately upon approval and detection. Updates requiring a reboot will be installed according to the following schedule.
    • Teaching Lab Computers: 11:00 PM
      After hours, to avoid interrupting a class in session.
    • Research Computers: 3:00 PM
      During working hours, to avoid “surprise” reboots.
    • Faculty Computers: 4:00 PM
      During working hours, to avoid “surprise” reboots.
    • Staff Computers: 8:00 PM
      After hours, to avoid disturbing staff.
  1. Any user wishing to avoid an automatic reboot must manually download and install the updates and reboot before the scheduled installation. For instructions, click here.
  2. The reboot timer is set to 30 minutes. If the user fails to cancel the reboot within 30 minutes, the computer will automatically reboot.
  3. The notification interval is set to 30 minutes. If the user cancels the reboot, they will be re-prompted to reboot after 30 minutes.

Personal Computers

  • All ECE faculty, staff, and students will be notified when new updates are released.
  • Users will be advised to install the Microsoft Updates on their personal and home computers.
  • All personal computers that have been issued an IP address on the NCSU network are required to be configured to receive updates from ECE’s WSUS server. For instructions on how to configure your computer to use WSUS, click here.

Exceptions

  • The only exception to this policy is for computers that do not have a network connection.