Network Connection Guidelines
General Guidelines
As with any computing or communications
resources at Southern Illinois University, users must keep in mind the fact that
they are bound by the
Acceptable Use Guidelines.
Under no circumstances may machines be
configured with IP addresses that have not been assigned by Information
Technology. By using an unregistered IP address or an IP addressed assigned to
another, you may deprive other users of network service and/or make it
considerably more difficult to diagnose network problems on the campus network.
Dynamically assigned IP addresses are
considered to be "registered" for the period of the dynamic lease to a given
machine.
Using a different Ethernet hardware address
than is registered with Information Technology will also result in the machine
being removed from the network. Users purchasing new Ethernet cards, or who
otherwise need to change their hardware address must inform Information
Technology in order to ensure that the information listed above is kept accurate
and up-to-date.
Using an IP address, which you have not been
assigned, or using an Ethernet hardware address, which is different from the one
registered with Information Technology is grounds for suspension or loss of your
campus network privileges.
Routers
No routers will be allowed to be attached to
any portion of the campus network without specific approval
from Information Technology. Windows XP has a configuration
option under the Wireless Connection Properties, in the Advanced tab labeled as,
"Internet Connection Sharing" (ICS). This is a form of routing and is
prohibited. Any devices, which provide routing service for IP, IPX, ICS, or
AppleTalk traffic, will be immediately disconnected from the campus network
until such routing capabilities have been disabled. Repeat offenders are
subject to suspension or loss of their network connection privileges.
Ethernet hubs, which attach multiple devices
to a single network outlet, are not routers and may be attached to the campus
network. It is important that all machines connected to a hub be registered with
Information Technology (see REGISTRATION in this document).
Most operating systems do not provide
routing functionality and are perfectly safe to attach to our network in any
configuration. Some operating systems such as Windows NT, Windows NT Server, and
most UNIX operating systems have the capability to provide routing
functionality; for these operating systems, you should ensure that routing is
not configured. Some operating systems (NetWare) and devices (terminal servers,
commercial routers, etc.) act as routers by definition and are not permitted to
be attached to the campus network unless explicit permission is obtained in
advance from Information Technology (Network-Engineering@siu.edu).
Routers are generally used to connect
multiple network segments together and should not be necessary for individual
users on our campus. If misconfigured, routers can cause severe problems for all
users on a network segment. Even if properly configured, routers can cause
significant difficulties with the maintenance and support of network segments
maintained by Information Technology. For these reasons, systems connected to
the campus network in the residence halls are not permitted to act as routers.
Systems on the campus network are not
permitted to be configured as DHCP servers. DHCP allows systems to obtain the
correct IP address during the boot process. User owned DHCP servers might
override the distribution of IP addresses by the official DHCP servers, causing
the client system to obtain an incorrect address, denying it access to the
network. Any system found to be running a DHCP server will be immediately
removed from the network.
Network Traffic
Network traffic should be considered
private. Because of this, any "packet sniffing", or other deliberate attempts to
read network information which is not intended for your use will be grounds for
loss of network privileges for a period of not less than one full semester. In
some cases, the loss of privileges may be permanent. Note that it is permissible
to run a packet sniffer explicitly configured in non-promiscuous mode (you may
sniff packets going to or from your machine). This allows users to explore
aspects of networking while protecting the privacy of others.
Residence hall connections to the campus
network, and to the Internet, are provided to allow students, staff and faculty
to fully participate in the educational and research missions of Southern
Illinois University. In general, we encourage individuals to provide useful,
interesting and inventive content to the Internet community, so long as it
remains feasible for us to do so.
It may not remain feasible to provide
unlimited connectivity for systems, which are not strictly serving the
University's missions. Because of this possibility, we reserve the right to
reduce the amount of traffic being caused by their service, or where necessary,
to remove such systems or services from the campus network. In all but extreme
cases, we will contact the owner of the system before removing it from the
network.
Misconfigured Services
There may be times when a machine is
unintentionally misconfigured and subsequently causes a problem on the campus
network. In such cases, in order to preserve the best service possible for the
majority of the users, the machine will be disconnected from the campus network
immediately. The owner of the system in such cases will be notified via
electronic mail and via telephone that the machine has been disconnected.
Windows systems has an option in the Network
Connection dialog allowing one to select a pair of connections (wireless and
wired, wireless and dialup, for example) to "Bridge Connections". This
configuration is known to cause problems and should not be
enabled unless you are absolutely sure that you know what you are doing.
The machine will only be allowed back onto the network
after the owner notifies Information Technology or the person who sent the
electronic mail or phone call, that they have reconfigured the machine,
resolving the problem.
Accounts
Some operating systems, specifically UNIX
operating systems, allow the system administrator to create accounts for other
users. While this is not discouraged for machines connected to the campus
network, there are some things that should be considered.
All users must be accurately identifiable.
The user name field for any given account should contain the user's real name.
There is no valid reason to allow a user to have a fictitious name assigned to
their account.
Off-campus users, those with no affiliation
to Southern Illinois University are not explicitly prohibited from having
accounts on machines connected to the campus network, but the following items
should be considered by the owner of the machine:
-
All users of any system connected to the campus network are bound by the
Acceptable Use Guidelines. Failure to adhere to this Code will result in
either the loss of the account or the loss of campus network privileges for
the system. In all cases, the owner of the system involved may be held fully
responsible for such violations if Information Technology is not convinced
that the situation is being addressed in a professional, timely and
appropriate manner.
It should also be noted that university
resources, such as the campus network, are provided for university purposes.
Allowing unaffiliated users to have account on residence hall is a violation of
this policy.
As a system administrator you may be held
fully responsible for the conduct of your users. If the users in question are
violating computing policies or causing other problems, the system administrator
will be expected to take appropriate action to resolve the problem. If
Information Technology determines that the problem has not been resolved, the
system used will be disconnected from the campus network for a period of not
less than one full semester. In some cases, loss of network privileges could be
permanent.
Security
Users are responsible for the security and
integrity of their systems. In cases where a computer is "hacked into", it is
recommended that the system be either shut down or be removed from the campus
network as soon as possible in order to localize any potential damage and to
stop the attack from spreading. In such cases, if the system administrator
cannot be contacted in a reasonable time, Information Technology reserves the
right to disable the network connection. Once the system administrator is made
aware of the situation and agrees to take reasonable steps to ensure that the
machine is not compromised, network privileges may be restored.
In cases where, despite the efforts of the
system administrator, the machine continues to pose a security concern, we
reserve the right to require that the user switch to a single user OS before
allowing the system back onto the campus network.
In cases where a user's machines habitually
cause problems, by action, as a "target" of incoming attacks, or because of a
lack of responsible behavior on the owner's part, Information Technology may
initiate action to permanently ban the user from having machines on the campus
network.
Commercial Use
Under no circumstances will any individual
be permitted to use their network connection or computing privileges for
commercial purposes. Any commercial use of our facilities is explicitly
prohibited by the University and is grounds for removal of campus network
privileges.
Any machine that provides services for a
commercial operation (e.g. a web site selling commercial products), provides
services of a commercial nature (e.g. provides web services for a fee) is
explicitly prohibited from the campus network*.
*This section reinforces the guidelines on
DOMAIN NAMES above.
Anonymous Mailers
All electronic communications at SIU must
accurately identify the sender. The
Acceptable Use Guidelines explicitly prohibits anonymous mail forwarders.
Running an anonymous mail forwarding service is grounds for removal of campus
network privileges for a period of not less than one full semester.
Intentional Abuse
Systems found to be intentionally running
programs that disrupt network activity or attack specific machines on the
network will be subject to immediate removal. In some cases, disciplinary action
may be taken against the owner of the system and the user(s) involved in
generating the problem activity.
Network Maintenance
Information Technology will periodically conduct scans of
various areas of the network (subnets) in order to help to maintain a reasonable
network environment for the majority of our users. Results of such scanning may
help Information Technology to discover misconfigured systems, and may in some
cases cause us to discover activity, which violates laws, university policies,
or Information Technology guidelines. In such cases, action appropriate to the
"problem" will be taken.
Common Problems
Information Technology has noted a few
"recurring themes" in the computer resource abuse area. Some of these will be
discussed here, mainly to make you aware that some activities, which you might
not consider to be "bad", can get you into trouble.
Music and Video Files
It is a common misconception that the
creation and subsequent distribution of music files is an acceptable activity.
The distribution of copyright protected materials is illegal and is in direct
violation of the Computing Code of Ethics. The most common type of illegally
distributed music files are MP3 files. The RIAA has created a website addressing
this issue:
Also note that while this site explicitly
addresses the concerns of the music industry, that illegally distributing:
- Movies
- Cartoons or other "created"
works (e.g., Dilbert strips)
- Contents of other people's
web pages or other electronically published works.
- Television Show Episodes,
etc.
which are protected by copyright law, and to
which you do not have a license to distribute, should be treated with the same
consideration as music files.
Users should note that if they want to set
up a mechanism so that they can access their own files (not distribute them),
that care should be taken to use a password, which restricts access. In the case
of MP3 "shared folders" or web sites, the password "mp3" is NOT considered to be
an attempt to secure the site, but rather will be interpreted as an implicit
invitation to distribute materials from the site. If the files available in such
a site are not protected by copyright law, then there is no problem. Any
discovery of copyright protected materials in such site will be considered to be
a violation of policy and guidelines.
Users found to be distributing copyrighted
materials will have their network connections revoked for not less than one full
semester and may be subject to displinary action.
Software Piracy
Another recurring problem is software
piracy. Distributing licensed software is illegal and constitutes a violation of
the
Acceptable Use Guidelines. Systems being used to distribute copyrighted
software will be removed from the network immediately and the system
administrator may be subject to disciplinary action.
Denial of Service Attacks
Denial of service attacks are covered under
the
Acceptable Use Guidelines as follows:
"No one should deliberately attempt to
degrade or disrupt system performance or to interfere with the work of others."
Any attempt to disrupt service or
performance on systems on or off campus can result in the loss of network
privileges and disciplinary action. The following items are all examples of
denial of service attacks, but are not completely inclusive:
- Mail bombing (sending
thousands of mail messages to a group or individual)
- Ping flooding (launching
continuous ping requests at a specific machine)
- "Smurf attacks"
- "SYN flooding"
Advertising
The internet has been inundated with various
"make money fast" schemes, and other marketing ploys, as thoroughly as it has
been with legitimate businesses. You should keep in mind that despite the fact
that you may own your computer, it is using SIU's network, and has an SIU domain
name. You are not permitted to run or advertise a business from a SIU-based
system without explicit permission from an appropriate authority (see the
Acceptable Use Guidelines). The following items violate the intent of the
policy on commercial use:
- Advertising "banners" on web
pages served from hosts in the SIU.EDU domain.
- Advertising any commercial
enterprise (business) from web pages, plan files, etc. on hosts in the SIU.EDU
domain. Advertising any "make money fast" schemes, or "make money for browsing
the web" services on hosts in the SIU.EDU domain.
By making you aware of some of the
activities that frequently cause problems for users on the campus network, we
hope that you will be able to avoid situations, which could jeopardize your
network access.
|
