Dean's Directive no. 4/2018

Rules for administering and using devices connected to the MFF UK network



Table of Contents
I. Basic provisions
II. Domain administration
III. Device administration
IV. Regulations for users
V. Final provisions



I. Basic provisions

  1. The network of the Faculty of Mathematics and Physics of Charles University (hereinafter referred to as „MFF UK“) is a set of technical facilities (i.e. cabling, network components and central servers) allowing MFF UK staff and students to access the Internet or, in some cases, other public computer networks. These guidelines define the fundamental rights and responsibilities of the operators of computer equipment connected to the MFF UK network, and of network administrators and their users.
  2. For the purposes of these rules, a user is a MFF UK employee, student, or another person approved by the network administrator or other authorized person, who is using computer equipment at MFF UK, connected via an arbitrary public computer network (e.g. the Internet). A user is likewise any subscriber to any of the authentication networks supported by MFF UK (e.g. eduroam), logged on in compliance with the rules of the relevant network.
  3. The network is administratively divided into smaller parts, so-called domains, which generally correspond to particular locations (currently Karlov, Karlín, Malá Strana, Troja and the Kolej 17. listopadu residence). The administration of these domains is assigned to employees or to departments as decided by the Dean of MFF UK. With the agreement of the IT coordinator a domain administrator may issue concrete rules of operation as necessary in accordance with the principles expressed in these guidelines.
  4. For every device connected to the MFF UK network, the operator (typically a  department) designates a person responsible for the operation of the device – the end user device administrator. With the agreement of the IT coordinator, a  device administrator may issue concrete rules of operation as necessary in accordance with the principles expressed in these guidelines.


II. Domain administration

  1. A domain administrator ensures the operation of the basic infrastructure of the MFF UK network in a given area (i.e. linking individual stations, not the functionality of the stations as such) and its linkage to surrounding networks.
  2. A domain administrator is responsible for the configuration and operation of the physical network infrastructure and the operation of central services for a  given locality, such as mail servers, DNS, DHCP etc.
  3. A domain administrator approves the connection of every new device to the MFF UK network, and assigns it an IP address and domain name. For authorized users, this approval may be done through technical means. The domain administrator likewise approves changes to the communication configuration of devices connected to the network and to the operation of network services.
  4. In serious cases a domain administrator has the right to disconnect a  segment or user device causing problems (regardless of whose fault the problem may be) for as much time as is necessary to restore network functionality. The network administrator shall inform the relevant group of users about the causes and troubleshooting process using contact information in the affected users' accounts or via registered devices.
  5. No MFF UK network user has the right to manipulate the physical network infrastructure (cables, network units) within the range of authority of a domain administrator or to make any alterations to them through software without previous permission from the domain administrator.
  6. A domain administrator is responsible for installing cabling within its range of authority, but is not responsible for any construction work necessary for its installation.
  7. The domain administrator contact address (for sending requests for connecting end user devices, error reporting, comments, etc.) is: netadm@domain.mff.cuni.cz. For each domain there is a notification mechanism (e.g. a mailing list or discussion forum) for end user device administrators, through which the domain administrator distributes its requirements, recommendations, announcements of network outages, etc. This notification mechanism must be listed on the domain's web page www.domain.mff.cuni.cz.
  8. A domain administrator may determine a schedule of regular network outages. S/he must make this schedule available to users in the relevant network locality.


III. Device administration

  1. A device administrator may apply to the domain network administrator for a  connection, stating in his/her application the type of connection, MAC address and the proposed name. Without permission from the network administrator, it is not permitted to use any MAC address other than the original MAC address from the device manufacturer. S/he must likewise seek permission for any change to the end user device configuration pursuant to Section II.c) of these guidelines.
  2. A device administrator is responsible for the observance of Section IV hereof by any possible user of the device s/he administers. Where necessary, s/he shall publish rules of operation for the device as a supplement to these guidelines.
  3. A device administrator is accountable for the consequences of any attempts at interference with network operation or safety from the device s/he administers, and is therefore obligated to abide by the safety rules common for any device of similar type. Upon request from the network or domain administrator, the device administrator must provide all requested information and must cooperate.
  4. In the event of reasonable suspicion of violation of the laws of the Czech Republic or this Directive, a device administrator has the right to block a user account. The administrator must inform the user about the causes and process for resolving any specific case, using the contact information listed in the given user's account.
  5. A device administrator is required to record information about provided services for the purposes of administration, statistics, monitoring and security. S/he is authorized to record and analyze this information only to the degree necessary for ensuring regular device operation and in accordance with applicable legal regulations.
  6. In the event of a network service failure, a device administrator within the sphere of authority of a domain administrator has the right to contact the domain administrator, who shall take immediate troubleshooting action to remove the fault. If the failure has occurred due to erroneous configuration of the device, the device administrator should remedy the fault himself.
  7. Other activities on a device fall wholly into the responsibility of its administrator (including configuration, backup, account creation, etc.).
  8. When administering user accounts, common safety rules must be observed. Except for well-founded exceptions, only personal accounts may be created, and the accounts of users whose rights to use the MFF UK network have expired must be removed periodically. If an account is created for a person who is not a  student or employee of MFF UK, the device administrator must inform them of the principles of this Directive and must ensure that they are followed.


IV. Regulations for users

  1. Every user must be registered and must have a known identity (with the exception of access to public anonymous services such as FTP). A user must reveal his identity upon request from an administrator or other authorized person. The user is required to select a safe access password or other means of authentication and keep it confidential. If a user allows his/her identity to be compromised, s/he is liable for any damage incurred. If a user finds out that his/her or another account has been compromised, he must notify the device or domain administrator without delay. When a user’s employment with or studies at MFF UK are terminated, his/her user rights expire after a safety period determined by the administrator of the applicable device or service.
  2. Computer equipment which is the property of the faculty and the MFF UK network may only be used in accordance with the mission of MFF UK and the activities listed in the statute of MFF UK and the trade licenses of MFF UK. It is prohibited to use these facilities for any commercial, political, religious or nationalist purpose. The user must not distribute information that is contrary to law or that might discredit the reputation of Charles University. This also applies to the contents of web pages and direct links from these pages.
  3. For electronic mail, the same ethics apply as for the use of classic letter mail. The sender must not pretend to be someone else, or disturb other users with his/her correspondence or burden the network or devices disproportionately. An electronic message in transit has the nature of an open letter and its form and content must reflect that. The same rules also apply for completing WWW forms and for other forms of electronic communication.
  4. Activities prohibited on computer equipment connected to the MFF UK network include the distribution, installation or the use of any software or data which the user is not authorized to distribute, install or use. (Here, passive distribution also counts – e.g. placement on a web server or social network, or distribution via peer-to-peer services). When working in the network, users are prohibited from running any software whose operation is not approved of by the network administrator. Without permission, it is also prohibited to copy or distribute any part of operating systems and/or installed software that are not freely distributable.
  5. Any attempts at gaining unauthorized access to programs, information, privileged status, peripherals or other users' data, or any mediation or facilitation of such access are prohibited. Should any such access or status occur inadvertently, the user is obliged to notify the device or network administrator, and in the event of his/her unavailability to terminate such status.
  6. A user must abide by the rules of handling specific technical equipment. S/he must not alter the configuration of network facilities or manipulate devices that are not intended for public use.
  7. A user must also observe the specific rules of the networks s/he enters (both within MFF UK as well as outside it) and the laws (e.g. copyright and export) of the relevant countries.
  8. Networks’ operation may be monitored for the purpose of optimizing their functioning, and for detecting and preventing abnormal states and attempts at unauthorized access. The user agrees that his activity and data may be monitored. Any data acquired in this way has a confidential character and must be handled in accordance with valid legal regulations.
  9. Neither the network administrator nor MFF UK bear legal liability for any incidental non-delivery, delay or other defects in data transmission, service outages or loss of data. Protection against any damages incurred in this way is entirely the user's responsibility.


V. Final provisions

  1. Any violation of these rules will be penalized in accordance with the law.
  2. This Directive supplements the current university-wide regulations and becomes effective as of June 1, 2018. At the same time, Dean's Directive No. 4/2008 of May 15, 2008 is hereby repealed.



Authors:
doc. RNDr. Petr Hnětynka, Ph.D., IT coordinator,
RNDr. Libor Forst, head of SISAL

Approved 25. 4. 2018,
published 27. 4. 2018.


Approved by:

prof. RNDr. Jan Kratochvíl, CSc.
dean of the faculty