Security Standards for Students

Standards
The University’s Computer and Information Network is a continually growing and changing resource that supports thousands of users and systems. These resources are intended to support the academic, research, and business needs of the University Community. In order to ensure a reasonable and dependable level of support, these resources require professional management and responsible use. Misuse of resources has the potential to disrupt University business and/or the legitimate academic or research work of students and faculty. Users are therefore required and expected to exercise responsible, ethical behavior when using these resources. Access to and use of these resources is issued on a temporary basis while the user is an active member of the University Community (i.e. registered student, staff, or faculty member). Resources remain the property of the University at all times.

Scope
These standards apply to all computing and communication resources at the University of Massachusetts Lowell. These resources include any and all University owned or managed networks, computer systems, and computer-related equipment, as well as all information contained therein. All members of the University of Massachusetts Lowell community (faculty, staff, students, hosted entities, and authorized guests) sharing these resources also share the rights and responsibilities for their use.

Rights and Disclaimers
To maintain a stable operating environment and to insure against unauthorized or improper use, the University reserves the right, without notice, to inspect any data stored or transmitted on University resources. In the event of suspected misuse or of questionable use, the user in question will be contacted for further discussion and/or explanation. If the alleged misuse is determined to be contrary to University policy and/or prevailing law, appropriate disciplinary action will be taken. These measures may include, but not limited to, permanent/temporary suspension of user privileges and deletion of files. In all cases, the inspection of files is only to ensure proper operation of the University systems; the University acknowledges the requirement to maintain user privacy and to avoid unnecessary interruption of user activities.

Security Requirements
Students are responsible for the security and integrity of their computer. If a system has been “hacked” or otherwise compromised, it will be disconnected from the network pending a resolution. Students are expected to take reasonable precaution to safeguard their password(s). Passwords must adhere to the University Password Requirements (http://www.uml.edu/It/Services/Email/PasswordRequirements.aspx). Under no circumstances should your password be blank. Students are required to comply with the campus Anti-Virus Policy by installing and updating antivirus software. To obtain the most current copy of site-licensed anti-virus software, please contain the Help Center at 978-934-4357.

Keeping your computer updated is part of responsible computing and a requirement. The manufacturers of your operating system and application software provide regular updates to their products to patch security holes and flaws. Ignoring these updates will not only put your data at risk, but could also allow someone to take control over your computer to violate policies and laws. You will be held responsible for these violations.

Conditions of Use
Students are responsible for all traffic originating from their machine, regardless of whether they generated it or realize they have violated any specific policies. In most cases, unintentional violations will result in a temporary loss of network access pending the resolution of the problem and education of the student. You must use only those resources to which the University has specifically granted you access. The unauthorized use of those resources is prohibited and may, in some cases, be violations of the law.  Unauthorized use includes, but is not limited to, the following:

  • Use of University resources to gain unauthorized access to resources of this and/or other institutions, organizations, or individuals.
  • Use of false or misleading information for the purpose of obtaining access to resources.
  • Use of any resource in a manner that violates State or Federal Law or University policy, e.g. the use of resources for private gain.
  • Accessing, altering, copying, moving or removing information, proprietary software or other files (including programs, subroutine libraries, data and electronic mail) from system or public files or files of other users without prior authorization.
  • Use of any resource irresponsibly or in a manner needlessly affecting the work of others. This includes transmitting or making accessible offensive, or harassing material; intentionally, recklessly or negligently damaging any system (i.e. by the introduction of any so-called “virus”, “worm”, or Trojan horse program); intentionally damaging or violating the privacy of information not belonging to you; or intentionally misusing or allowing misuse of system resources.
  • Unnecessarily or inappropriately using computer systems and resources including but not limited to sending chain emails, spamming, mail bombing, launching Denial of Service attacks, generating unnecessary excessive print, etc.
  • Unauthorized routers and servers are not permitted on any portion of the network. Ethernet hubs, which allow multiple devices to connect to a single network jack, are not routers and are permitted providing they have been approved by the Network Services Department. Any devices that provide server services will be immediately disconnected from the campus network. Examples of server services include, but are not limited to:  mail, ftp, web, DHCP, DNS, game, and mIRC chat servers.
  • Network addresses on the residential network are assigned by the DHCP server managed by Network Services. All student machines connected to the residential network must be configured to use DHCP to obtain their IP address.  Static IP addresses are not allowed.  Any machine found with an IP address not assigned by the DHCP server will be disconnected.
  • The University network is not to be used for personal profit or business. 
  • Domain registration of University IP addresses is not permitted.
  • Inappropriate use of video cameras or similar devices is not permitted on the residential network.
  • Illegally copying, distributing, sharing, downloading or uploading copyrighted music, movies, software and games violates Federal Copyright laws and these standards. The University of Massachusetts Lowell is obligated by the Digital Millennium Copyright Act to take action on all notifications received regarding alleged copyright infringement.
  • Any attempted intrusion into University computers or resources, Denial of Service (DOS) attacks, activity to disrupt the network, or to scan the network will not be tolerated and will be addressed by the appropriate local campus, state and federal authorities.
  • The University reserves the right to prohibit users from accessing certain sites via the University Network.
  • The University reserves the right to disable any computer connection at its own discretion.  Network scanning or packet “sniffing” on or off campus are not permitted unless authorized by the Network Services department. 
  • The use of wireless access points and wireless routers, MiFi devices, mobile hotspots and other devices acting as a wireless host, unless authorized by the Network Services department, is not permitted on the network.
  • It is your responsibility to report any violation of these standards by another individual and any information relating to a flaw in, or bypass of, resource security to the IT Security Office.

Any questions about these standards or of the applicability of these standards to a particular situation should be referred to the Information Technology Security Office by sending e-mail to itsecurity@uml.edu.