Center for Information Technology Services
Usage Guidelines and Policies for UMnet Accounts
It is the intent of Center for Technology Services to provide reliable and secure communication services and utilities on UMnet. UMnet exists to provide campus students, faculty, and staff with communication applications such as electronic mail, listserv and WWW services; it is not the intent for the system to be used for other "non-communication" services.
In order to provide reliable and secure communication services to account holders it is necessary to specify guidelines for usage on the system. UMnet user accounts will be set up using the following criteria.
NOTE: Account holders may ask for certain exemptions to the policies by contacting the Center for Technology Services ASC Help Desk at firstname.lastname@example.org.
The purpose of UMnet is to provide the campus with reliable and secure communication services. The system shall be used for communication purposes only, including e-mail, listserv, and WWW. UMnet is not intended to be used as a programming environment. Click on http://www.umaryland.edu/cits/policies/responsible_use.html for the complete UMB Information Technology Acceptable Use Policy.
Account holders are not permitted interactive (e.g. shell) access to the system.
All UM, Baltimore faculty, staff, and currently enrolled students are given first priority for UMnet accounts upon receipt of a signed UMnet registration form. All other University Center personnel are given second priority upon receipt of a signed UMnet registration form.
EXECUTABLES and SCRIPTS
It is the intent of Center for Information Technology Services to provide campus account holders with sufficient services and utilities to perform the intended communication tasks. Account holders will not be permitted to run scripts or executable programs, other than those provided by the system administrators, on the system. If an unauthorized executable is found it will be deleted.
ACCOUNT EXPIRATION AND DELETION
Account holders not accessing (i.e. not logging into their account) for six months will have their account disabled.
Account holders will be unsubscribed from all listservs at this time.
Accounts inactive for one year will be deleted from the system. The actual account and all related files to the account will also be removed. Files owned by the account holder will NOT be backed up for possible later restore unless the account holder submits a written request to Center for Information Technology Services. Account holders must provide their own 8mm tape or purchase one at the current rate.
Account holders are allowed multiple login sessions until system performance demands the systems administrator to place a limit on the number of sessions a user may have.
In order to provide secure and reliable communication services, disk quotas will be imposed for account holders. Account holders will have a "soft" and a "hard" quota. When the "soft" quota is reached, the system will warn the account holder once. The system will not allow an account holder to go beyond the "hard" quota, e.g. during an ftp file transfer, if the file transfer exceeds the "hard" quota, the transfer will fail.
Once an account holder is notified that they have exceeded their "soft" quota, they are given a period of seven days to delete the necessary files to bring them back under their "soft" quota. If after seven days, an account holder still exceeds their "soft" quota, their "soft" quota becomes their "hard" quota and the account holder will not be able to write anything to disk until they delete files which will bring them under their "soft" quota.
If an account holder does not log onto the system within the seven day period after their "soft" quota becomes their "hard" quota, system managers have the right to delete files owned by the account holder to bring them down back to their "soft" quota.
It is the intent of Center for Information Technology Services to provide adequate disk storage needs for account holders by allocating each "soft" quota which is ample for the intended communication services. The "hard" quota is established as a convenience to account holders so that they can temporarily retrieve files from other sources.
- The soft quota on UMnet accounts for email is 180 MB, the hard quota is 200 MB.
- The soft quota on UMnet accounts for file storage (WEBDISK) is 45 MB, the hard quota is 50 MB.
Restoration of accidentally deleted files is not available. The system is backed up daily for disaster recovery purposes.
ACCOUNT PASSWORD EXPIRATIONS
All account holders' passwords expire every six months, at which time the account holder must provide a new, secure password in order to regain access to the system. There is an e-mail warning given prior to this change. The system will prompt you for a new password when yours has expired. Follow the secure password guidelines found in Password Security on UMnet to provide a secure password.
ACCOUNT PASSWORD CHANGE REQUESTS
Users may request a new password for their account in the event that they forget their current password or if their account has been disabled due to inactivity (i.e. not logged into for six months). Users will be required to complete and sign a Password Change Request Form, and display their University ID card for positive identification before their account password will be changed. Password Change Request Forms may be obtained at the Assistance and Service Center during normal business hours (Monday through Friday from 8 a.m. to 5:00 p.m.). Forms may be obtained after normal business hours at the UMnet Drop Box Table in the Reference Desk area of the Health Sciences and Human Services Library.
Special arrangements have been made with several of the schools for the handling of student password/account problems. These schools may designate personnel who may contact Center for Information Technology Services on behalf of a student for resolving issues such as password changes.
PASSWORD SECURITY CHECKS
System personnel periodically check for insecure passwords. If an account holder has what appears to be an insecure password, the account will be disabled and the account holder must request a new password. Please review Password Security on UMnet for information on creating a secure password.
Account holders are expected to follow the generally accepted guidelines for network use as outlined in the Information Technology Acceptable Use Policy http://www.umaryland.edu/cits/policiies/responsible_use.html. When posting to a list, do not intentionally post inappropriate or off-topic information, post a message only once, and remember these postings are being distributed to groups of faculty, students, and staff.
Anyone using this system expressly consents to having his/her activities monitored by system personnel. Should this reveal possible evidence of criminal activity, the records of this monitoring will be provided to law enforcement officials.
RESPONSIBLE COMPUTING / RULES OF USE
This document is to be considered in conjunction with the attached document, Information Technology Acceptable Use Policy http://www.umaryland.edu/cits/policies/responsible_use.html. All rules and guidelines outlined in that document apply to UMnet as well as to the other campus machines and network.
THE AGREEMENT YOU SIGNED
"I certify that I am fully aware of the appropriate provisions of the Annotated Code of Maryland, Article 27, Sections 45A and 146, relating to the illegal access and the unauthorized manipulation of data using computer resources and understand the punishment for such crimes. I certify that I will abide by the campus Responsible Computing policy. I further certify that I will not use the campus Center for Information Technology Services resources for personal benefit and that my USERNAME/PASSWORD shall not be used by any other individual and shall remain confidential information."
A copy of the above codes may be obtained by calling Center for Information Technology Services at 410 706-HELP (410 706-4357) or by writing to email@example.com.
1st offense -
User is sent a message from Systems Administrator informing them of the violation. Appropriate action is taken such as deleting an executable. User is informed of what action is taken for a second offense.
2nd offense -
The user's account or network access is disabled for 2 weeks. A notification is sent to the appropriate person in the school/department. Appropriate action is taken such as deleting an executable. User is informed of what action is taken for a third offense.
3rd offense -
The user's account or network access is disabled for 6 months. A notification is sent to the appropriate person in the school/department. Appropriate action is taken such as deleting an executable.
For 2nd and 3rd offenses by a student the Assistant/Associate Dean for Student Affairs will be notified.
For 2nd and 3rd offenses by faculty/staff the Vice President of the Administrative unit will be notified.
If appropriate, the matter may be referred to the appropriate State or Federal authorities.
SECURITY RELATED RISKS
If at any time an system manager believes that system security or availability has been compromised, they have the responsibility to take whatever steps are necessary to address the situation. Necessary steps may be taken, without prior notice, such as disabling an account holder's password, removing an account, removing any file from the system, or taking the system out of service.
Questions regarding these policies may be sent to firstname.lastname@example.org