JHU CS Academic Computing Policy

1. User Accounts
   1. Account Types
   2. Account Eligibility
   3. Application
   4. Login Security
   5. Expiration
   6. Deactivation of Accounts
2. General Conduct
   1. Resource Conservation
   2. Insitutional Reputation
   3. Legal Issues
3. Resources and Services
   1. Disk, Memory, and CPU
   2. Termination of Jobs
   3. Software
   4. Electronic Mail
   5. Printing
   6. Computer Science Lab
4. Usage Monitoring
5. Data Integrity
   1. Goal of Backups
   2. Frequency and Scope
   3. Restoration requests
6. Support
   1. Requesting Support
   2. User Responsibilites
   3. Levels of Support
   4. Supported hardware and software
7. Security Policy
   1. Data Security
   2. Physical Security
   3. Enforcement
8. Definitions

1. Account Types
   1. Research System/Net Accounts - (Also called Grad Net Accounts) Will be granted to graduate students, faculty, guests and staff for the purposes of education and conducting research in Computer Science. Will be granted to undergraduate students and guests under certain conditions.
   2. Ugrad System/Net Accounts - Will be granted to graduate students, faculty, staff, guests and undergraduates, as well as selected non-CS undergrads.

2. Account Eligibility
   1. Research System/Net Accounts - Will be granted to graduates, faculty and staff at their request. Research accounts will be granted to undergraduates only with a written request from a faculty memeber detailing why the student requires a research account. This request will include an estimate of disk usage requirements, the length of time for which the account will remain open, and for what purpose the account is needed. Guest accounts will be opened for non-JHU affiliates and instructors under the same conditions.
   2. Ugrad System Accounts - Will be granted to faculty, instructors, staff, graduates and undergraduates at their request. Ugrad accounts will be granted to guests under the same conditions as research accounts. Ugrad accounts will be granted to non-CS students enrolled in CS classes on a per-class/per-semester basis, as deemed necessary by the instructor and the systems staff. These accounts will remain open only for the duration of the student's enrollment in that class.

3. Application Procedure - Application forms for all account types are available in the departmental office (NEB224), outside NEB 226, or outside NEB B-32. The CS UNIX/Windows Account Request Form is available for download on the Forms webpage. Applications must be completed (both sides), signed, and returned toNEB 224. Once your account has been created, you will be notified by e-mail as to when and where to pick it up. When picking up your account, you will need your J-Card.

    

4. Login security - See section on security (VIII.2.1) for guidelines on password security.
5. Expiration of accounts - After you have left JHU, you will be notified by e-mail when your account will be removed. Once notified, you may request your account remain open, pending approval and adherance to quotas, as well as current policy. Accounts created because of enrollment in a CS class (see Elgibility Requirements) will be expired at the conclusion of the class.
6. Deactivation of accounts - Accounts will be deactivated by the systems staff in light of concerns about security or misuse. A user account's ability to write to its home directory will be automatically frozen by the system for exceeding disk quotas. Accounts will be reactivated at the discretion of the systems staff in consultation with the user in question. A user account's ability to write to its home directory will be automatically frozen by the system for exceeding disk quotas

II. General Conduct

1. Resource Conservation - Disk space and processor time, printer paper and toner are at a premium in the department. Users will keep this in mind at all times, and make every effort not to squander the resources available to them. Processor intensive jobs should be run using "nice" to set them at a lower priority or should be confined to machines that are not publicly used for general computing tasks.

2. Institutional Reputation - Users are reminded that they are de facto representatives of the university via their contact with the outside world. Users will refrain from activities which would reflect negatively upon the Deparment of Computer Science in particular and Johns Hopkins University in general.

3. Legal issues - No user will, at any time, take any action which is in violation of federal or local law. No user will willingly permit their account to be used in the commission of a crime. This includes violations of security, either of our systems or anyone elses, and infringement of copyright laws. Failure to comply will result in the immediate and permanent loss of computing priviliges and possible legal action to be taken against the individual(s) concerned. Users of JHU CS systems who have access to other systems via our network are expected to comply with the rules set forth by the administrators of those systems. Accounts will be frozen if outside administrators report misconduct involving the use of a JHU CS account.

III.Resources and Services

1. Disk, Memory, and CPU
   1. IUgrad Systems - Ugrad accounts have both hard and soft disk limits. Users whose accounts are over the soft limit for more than 7 days will have their diskspace frozen. At no point are ugrad network users allowed to write in excess of their hard quotas. Users who need their quotas enlarged should make an appointment to discuss their needs with the systems staff on a per-case basis. Jobs which are expected to be long running or processor intensive should not be run on ugrad systems without prior approval from the systems staff.
   2. Research Systems - Research accounts do not have quotas for faculty, staff, current students, etc. Users are asked to use disk space wisely and keep in mind that others in the department are using the same disk space. . Users with very high disk requirements are encouraged to discuss the matter with the systems staff well in advance of any highly disk intensive work. Such users may be required to purchase their own storage space as the systems staff may not be able to afford to support them. Processor intensive jobs should be restriced to non-public machines whenever possible. If processor or network intensive tasks must be run on shared systems, users are expected to use "nice" to readjust the priority of their jobs so as not to negatively impact other users of the systems.
   3. General Usage Policies - Processes which are interfering with the ability of other users to utilize a public system may be stopped or terminated. Users should make every attempt to exit applications properly so as to avoid runaway processes. Users have a limited amount of disk space available to them in /tmp (Linux) or /scratch (Linux/Solaris) on each machine. This is a volatile space. The systems staff reserves the right to delete any of these files at any time. They may be lost at reboot on all of our systems. Users are not encouraged to store files in /tmp.
2. Termination of Jobs/Processes - The systems staff may stop or terminate jobs/processes which are actively interfering with normal use of the systems. The systems staff may first attempt to contact the user whose job is causing problems, and, if this is unsuccessful, stop or terminate the process.

3. Software
   1. Supported - Locally installed programs will generally be available on departmental machines. The systems staff has the authority to make decisions about what software packages will be supported.

   2. Unsupported - Users have the opportunity to install unsupported software on departmental systems in their own home directory. Software installed by users on both the research and ugrad systems is not supported by the department, and technical support will not be made available for these applications. Under no circumstance will users install any software which requires a license not held by the department. This precludes users installing software for which they are personally licensed, but for which the department is not. Additionally, users installing software into their own home directories should be aware of the amount of disk space the software takes up. Remember, you are sharing disk space with others in the CS Dept.
   3. Users who require additional software for coursework can apply for the software to be installed at http://www.cs.jhu.edu/sw-request

4. Electronic Mail - Mail directories for each user are available on all public access CS Department machines. The preferred way for users to advertise their email addresses externally is "username@cs.jhu.edu". See supported software (III.3.1) for a list of currently available packages for use with electronic mail. Use of CS mail systems for 'mailbombing' or sending or relaying unsolicited commercial email (spam) is specifically prohibited.

5. Printing - Postscript laser printers are available to all students in several locations. Users should pick up their print jobs as soon as possible. Unretrieved printouts may be discarded .

6. Computer Science Lab - The Computer Science Lab exists to facilitate and support classes taught in the Department of Computer Science. Rules for use of the Computer Science Lab are posted around the lab, as well as on the back of the CS UNIX/Windows Account Request Form.

V.Data Integrity

1. Goal of Backups - The goal of our backup strategy is to provide reasonable protection against data loss (in the case of user files) and protection against corruption of operating systems or OS components through accident, attack or disaster.

2. Frequency and scope - We currently backup to tape on a mostly daily and weekly basis, with full backups done monthly.

3. Restoration policy - Requests for retrieval of a file should be made to support@cs.jhu.edu and include the date/time the desired file was last modified, and the full pathname of the file.

1. Support requests - Requests for user support will be submitted via email to 'support@cs.jhu.edu' Each request will be prioritizedy, and then assigned to a staff member for resolution.
2. Unsupported - Unsupported systems are generally not installed or maintained by the systems staff and may not have access to certain services including network-wide accounts or home directories. These systems will not be allowed to mount disks that the CS computing staff make available to supported machines. Unsupported systems will not use CS computing staff-supported distributed password handling or host users' home directories nor will they be part of the departmental backup schedule. While faculty and students are in no way prohibited from using the hardware/software combinations of their choice, they should make themselves aware of a platform's status before they decide to adopt it. While the staff will make every effort to lend assistance when possible, we cannot offer any guarantees in the case of unsupported hardware or software.

    

3. Supported Operating Systems and Platforms -
   1. Supported - Fedora Core Linux,, Solaris, and Windows are currently supported operating systems.

   VIII.Security

1. Data Security
   1. Objectives - To prevent unauthorized use of our facilities for any purpose. Specifically, to prevent our machines from being used as "jumping-off points" for illicit or illegal activity. To protect user data from destruction by vindictive or malicious users, either internal or external. To protect user data from accidental destruction by other users.

   2. User responsibilities
      1. Passwords - All passwords must meet a reasonable standard for security. Passwords should not contain any part of any username. They should not be dictionary words, in this language or another. Passwords should contain both capital and lowercase letters and non-alpha-numeric characters. Users must not share passwords. Users will not make written copies of their passwords. Users should change their passwords often (at least monthly is recommended). Users should never e-mail their passwords. Under no circumstances should a user leave a logged-in, unlocked terminal unattended.
      2. Permissions and Configuration files - It is strongly advised that users DO NOT allow world or group permissions of any kind on their files, except where absolutely necessary (ie. public_html directories). Before modifying any of their configuration files, users are responsible for making themselves aware of any possible security implications. Users are responsible for the permissions that are set on their files.
      3. Encryption - Users are encouraged to use encrypted methods for all logins and file transfers. SSH (secure shell) and SCP (secure copy) are available on all departmental UNIX machines. . Users are strongly encourgaged to use them. Try PuTTy available at: http://www.chiark.greenend.org.uk/~sgtatham/putty SSH can be configured to handle X redirection.
      4. Copyright Policy - Users will not appropriate nor distribute copyrighted material for which they do not have legal rights using Department equipment. This includes via http, ftp or by incorrectly setting permissions, so as to allow widespread access.
      5. Security-related research/experimentation - Any action taken by any user which that user has reason to believe may have an impact on the security of any JHU CS system, or which may result in a denial of service, must be explicitly approved beforehand by a member of the systems staff. This includes the writing/testing of exploit code, and any testing of known or suspected bugs. Failure to obtain prior approval for such actions will be interpreted as malicious intent, and will be dealt with accordingly.
      6. Possession of exploit code - Exploit code is defined as any script or program designed to make use of known bugs or functionality in an attempt to gain unauthorized access to a system or to conduct a denial of service. Any user in possession of exploit code MUST make the systems staff aware of its presence on the system within a reasonable period of time. Users will do this by sending email sent to 'support@cs.jhu.edu.' Each file containing exploit code must be specifically noted.
      7. Incident Reporting - Users should report all confirmed or suspected security violations IMMEDIATELY.

2. Physical Security
   1. Equipment Removal - Equipment will not be removed from its designated area except by members of the systems staff. Anyone needing to remove or relocate department equipment must obtain approval from the administrative staff.
   2. Personal equipment - Personal equipment is allowed on site, and can even be granted network access. Personal equipment should be clearly marked to show ownership, so as to avoid confusion with departmental resources. All personal equipment should meet the same standards for security that departmental machines must meet.
   3. Incident reporting - Faculty, staff and students who believe they have witnessed an act of theft or vandalism should report the incident to the systems staff and JHU Security immediately.

3. Enforcement - Users who do not comply with the above policy may have their accounts frozen and possible legal or disciplinary action taken against them. Accounts will be unfrozen at the discretion of the systems staff.

Faculty - Full time and joint faculty members as defined by the Chair of the Department.

Instructors - Instructors as defined by the Chair of the Department, often postdocs.

Graduate student - Will refer to phd, masters and concurrent Bachelors/Masters students in the Department of Computer Science.

Undergraduate - Will refer to JHU undergraduate students with a major or minor in Computer Science or Computer Engineering.

Systems Staff - Will refer to full time, salaried staff members and student consultants.

Guests - Will refer to people not affiliated with the Department of Computer Science who are granted access to JHU CS faciities at the special request of faculty and staff. These might include Postdocs and Researchers.

Research Systems - Machines used for continuing research in Computer Science. These systems are used primarily by graduate students and faculty for research-related and/or course-related projects.

IUgrad Systems - Machines used for the support of classes. These systems are used primarily by undergraduates for classwork, but Masters students, and some PhD students may use them as well.

LAST UPDATE: September 29, 2008..