Network Access Policy

PURPOSE

William Paterson University wants to provide for as open a computing environment as possible within the constraints of budget and usage that promote the goals and objectives of the University. This policy applies to anyone who uses the University’s computers and networks, and articulates the standards of behavior that are expected of everyone.

POLICY

The Information Technology Services unit is responsible to administer this policy, and to make referrals to appropriate administrative offices for disciplinary action. Any exception to the policy must be approved in writing by the Information Technology Services unit.

The University reserves the right to regulate any activity that occurs on the campus network or on any other computer based system owned by the University. This includes, but is not limited to, the following implications:

1. Anyone who uses the campus computing environment must have appropriate status (e.g. staff, faculty and current students) and must be properly authorized when required.

2. Anyone not adhering to University policy should expect any or all of the following disciplinary actions:

  1. Restriction or suspension of access privileges.
  2. Referral to the appropriate disciplinary body of the University.
  3. Referral to the appropriate local, state or federal authority for legal prosecution.

3. Material (software, hardware or data) that is found to be in violation of this policy can be banned, confiscated, or otherwise eliminated from the University computing environment.

4. The University will be as proactive as possible to ensure compliance with this policy, including surveillance commensurate with appropriate maintenance of the right to privacy.

Users must not engage in activity outside the limits of access that have been authorized for them. This includes but is not limited to:

1. Performing an act that negatively impacts the operation of computers, peripherals or networks, or that impedes the ability of someone else to do his/her work. Examples include but are not limited to:

  1. Tampering with any transmission medium or hardware device, or connecting any unauthorized device (such as a router, switch, hub, wireless access point, etc.) or computer to the University network.
  2. Propagating a software virus or worm.
  3. Damaging or destroying data owned by the University or someone else.
  4. Modifying any disk or software directory provided by the University for any type of special use.
  5. Performing an act that places an unnecessary load on a shared computer or the University network.
  6. Illegal file sharing .

2. Attempting to circumvent protection schemes for access to data or systems, or otherwise uncover security loopholes.

3. Gaining or granting unauthorized access to computers, devices, software or data. This includes, but is not limited to:

  1. Admitting someone into a locked facility, or unlocking any facility that is normally locked, without permission.
  2. Revealing a password to any account, including one's own personal account, without permission.
  3. Permitting the use of any account, including one's own personal account, in a way that allows unauthorized access to resources.

4. Using the University's facilities to broadcast unauthorized personal messages to large segments of the user community. Examples include but are not limited to:

  1. Advertising campaigns for personal financial gain or political purposes.
  2. Pranks and chain messages.
  3. Announcements not approved for dissemination by this method.

Users must abide by all applicable laws or government regulations, and operate within the limits articulated by the University for ethical and moral behavior. Examples include but are not limited to:

  1. Using any material in violation of any software licensing agreement or copyright law.
  2. Using software or data that infringes on the rights of others. Examples include the production or propagation of material that is abusive, profane or sexually, racially or religiously offensive; or material that may injure or harass someone else, or lead to a lawsuit or criminal charges.
  3. Using University equipment or network infrastructure to access off-campus resources (including materials on the internet) in a manner that is in violation of the ethical or moral standards of the University.
  4. Monitoring someone else's data communications, or otherwise reading, copying, changing or deleting files or software without proper permission of the owner.
  5. Using University facilities for personal gain, or for the benefit of an organization other than the college, without permission.

Users must abide by all other applicable University policies. Examples include but are not limited to:

  1. The software piracy policy.
  2. Usage restrictions, physical access regulations, and behavioral expectations established for each location containing equipment designated for public use. Examples: games policy, location specific software usage priorities, etc.
  3. Usage restrictions for network connections in residence hall rooms.
    Example: Setting up any served based host system for commercial use. Setting up any FTP servers for copyrighted music material, games and application software.(ex. MP3's). Setting up any game servers without proper authorization and for outside domain access. Registering a "personal" domain using the University's addressing scheme. Tampering with the Residence Hall Network. Extending access to others by tampering with the Residence Hall Network (utilizing wireless access points, routers, switches, hubs, etc.). Using the Residence Hall Network to commit data access security violations.

 

Other

Privacy

Information and Collection

  1. Logs detailing P2P traffic and usage on the University network will be collected.
  2. Logs will contain IP addresses involved in data transfer, direction of transfer (if retrievable), metadata of file (if retrievable), time, protocol used, and amount of data transferred.
  3. Logs will not contain any personal identifying information.
  4. Logs will be kept for one year.


Information Use

  1. Logs will be subject to periodic review for enforcement of this policy.
  2. Information collected may be used in aggregate format for reporting purposes.
  3. Individual usage will not be actively or routinely monitored.
  4. Logs maybe used to investigate complaints or suspicious traffic patterns.
  5. Individual colleges, departments, functional or administrative areas, and entities of the University may request information about P2P usage pertinent to that area. This request may only be made by the dean, chair, department head, manager, or other leadership of the area requesting information.
  6. The University will not release any information collected by the appliance to any entity external to the University unless compelled or obligated by law or court order, subpoena, warrant, or writing.

Enforcement

  • Any faculty, staff, or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion, and/or termination of employment in accordance with procedures defined by the University administrative policies stated in the handbook governing that individual.
  • In addition, any external entity, contractor, consultant, or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.


Definitions

  1. P2P (peer-to-peer), in the context of this policy, is defined as direct data communication between two or more network capable devices over the Internet or other network, usually for the purpose of sharing any data file (including, but not limited to: music, pictures, video, software, and documents).
  2. P2P network, in the context of this policy, is defined as a collection of distributed network-capable devices participating in P2P activity.
  3. Peer-to-Peer (P2P) application is defined as any application that allows a network-capable device to participate in one or more P2P networks.
  4. Sharing, in the context of this policy, describes the action and activity of making any data file available to one or more P2P networks.
  5. Logs are defined as collections of information, typically used to document activity and events.
  6. Uploading describes network trafficking of data files originating from the University network and destined for an external network.
  7. Downloading describes network trafficking of data files originating form an external network and destined for the University network.
  8. The University network and networking resources describe all materials and devices owned by the University and used to provide network connectivity to any network capable device. This includes all jacks, cable, hubs, wireless access points, switches, and routers.

EXCEPTIONS

Exceptions to this policy will be handled in accordance with the ITS Security Policy.


REVIEW

This policy will be maintained in accordance with the ITS Security Policy.


EMERGENCIES

In emergency cases, actions may be taken by the Incident Response Team in accordance with the procedures in the ITS Incident Response Handbook. These actions may include rendering systems inaccessible.

 

APPENDIX

 

Created:

Author:

Version: 1.0