COS 498 Cybersecurity Acceptable Use Policy

Students are reminded that they are bound by the terms of their University of Maine IT Acceptable Use policy as shown below, with the following revisions:

For education purposes, a network in the Cybersecurity laboratory will be provided to students for use in class exercises. That network has the following exceptions to the stated Acceptable Use policy.

Students are permitted to violate provisions 4, 5, 6 and 10 of the acceptable use policy ONLY as regards machines on the designated educational subnet, and ONLY as it directly relates to class assignments.

Students may NOT violate any provision of the acceptable use policy on the gateway computer. In other words, the fact that the gateway computer is on the University of Maine network supersedes the fact that it is also on the dedicated educational network.

Users of the cybersecurity educational subnet can have no expectation of privacy. All data on the network should be considered public.

Users may not use the cybersecurity educational subnet for any commercial purposes, or to host any activity outside the assigned class exercises.

Users may not gain physical access to the computers on the educational subnet through any means without the express permission of the system administrator or the instructor.

UMaine Acceptable Use Agreement

Definition of Terms

Account:

Any ID and password combination issued by the University for access to electronic communication systems or computer resources.

User:

Any person who uses a University of Maine electronic communication system or computer resources.

Electronic resources:

Computer files and software, including but not limited to those which reside on disks and other storage media, individual computers, networked servers, or other electronic communications systems.

Electronic communications systems:

Computers and networks [systems] used in communicating or posting information or material by way of electronic mail, bulletin boards or web pages or other such electronic resources. Also includes, but is not limited to, remote internet access services and direct connections to the campus network.

System administrator:

A person responsible for managing and operating an electronic communication system for the use of others.

Agreement

The account issued to you by Information Technologies shall be used only in the manner described below. Violations of these rules may be cause for referral of the matter to the appropriate University judicial body or to the Department of Public Safety.

1. The account shall be used only by the person to whom it is issued. You are responsible for the actions of anyone using your account.

2. All passwords issued are to be held privately and securely. Be responsible for all use of your accounts and for protecting each account's password. In other words, do not share computer accounts. If someone else learns your password, you must change it.

3. The account shall be used for academic purposes pertaining to the University of Maine only. You may send and receive electronic mail and maintain personal information (letters, resumes, etc.) as long as you observe the rules of etiquette, including refraining from obscenities and profanity. You may NOT conduct business transactions on the UM system or through networks. This prohibition extends to consulting for private gain.

4. The account shall not be used for unauthorized access and/or attempts to access computers, computer software, computer data or information, or networks without proper authorization, regardless of whether the computer, software, data, information, or network in question is owned by the University. (That is, if you abuse the networks to which the University belongs or the computers at other sites connected to those networks, the University will treat this matter as an abuse of your University of Maine computing privileges.)

5. The user shall not take advantage of another's inexperience or negligence to gain access to any computer account or electronic resource for which he or she has not received explicit permission to access.

6. The user shall not send fraudulent computer mail, break into another user's electronic mailbox, or read someone else's electronic mail without his or her permission.

7. The user shall not use the University's electronic communications systems to harass or threaten other users.

8. Software, other than freeware/shareware, may NOT be copied without written permission of the system administrator.

9. The user is responsible for maintaining the security of his or her own data and for making back-ups of such data.

10. The user shall not encroach on others' use of the electronic communications systems (e.g., disrupting others' computer use by excessive game playing; by sending excessive messages, either locally or off-campus [including but not limited to electronic chain letters]; printing excessive copies of documents, files, data, or programs; modifying system facilities, operating systems, or disk partitions; attempting to crash or tie up a University computer; damaging or vandalizing University computing facilities, equipment, software, or computer files.)

11. The user should report any abuse of the above to the appropriate project director, instructor, supervisor, system administrator, or other University authority.