Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Mac support 
 » Linux support 
 » Windows PC support 

Network use policies

The short version

  • Don't attach something to the network without first getting approval from SCS Facilities.
  • Don't do bad things on the network.
  • Misbehaving equipment will be unplugged or filtered.

On this page

Introduction
Why this document was written, including some examples of things not to do.
Connecting hosts to the network
Conditions for placing equipment on the SCS network.
Domains, host names, and name service
Policies for hostnames, providing name service, and creating virtual hosts for serving web pages
Network usage restrictions
What you can and cannot do on the network, including privacy and networking monitoring issues.
Running network services
What to do, and what not to do, if you administer a host or run network services, such as FTP, web, or file-sharing servers.

Introduction

The SCS network is vital to the School's research and educational activities. Hosts or other equipment that are improperly configured, malfunctioning, have been broken into, or are using excessive resources, may cause major problems for network operation and for other hosts on the network. Things that have caused network problems for us in the past include:

  • People using IP addresses that have been assigned to other hosts.
  • Unauthorized DHCP servers.
  • Routing software being run on user systems.
  • Unpatched hosts getting broken into and conducting denial of service attacks against other sites.
  • Researchers conducting unannounced network-related experiments that adversely affect network performance for all of SCS.

To help prevent network problems and assist SCS Facilities in fixing problems when they occur, people using the SCS network must abide by the network use policies given below. These policies are meant to supplement the official Carnegie Mellon computing policy (off-site link, will open in a new window) and provide some SCS-specific additions to that policy.

Connecting hosts to the network

  1. You must register any host or network device, including printers and wireless access points, with SCS Facilities, giving machine type, location, hardware address, and contact information, before putting it on the network. You must notify us if any of the above information changes.
  2. Hosts, equipment, and cables/wiring should not be connected to the SCS network, moved to different network outlets, or reconfigured in any way that might affect network performance or functionality, without prior notification and approval of SCS Facilities.
  3. We assign all IP addresses and approve hostnames. Only in special cases will we give out an IP address without knowing the host's hardware address.
  4. We reserve the right to disconnect or otherwise remove hosts and equipment from the network without notice if they are causing problems, violating network usage policies, or showing signs that they have been broken into.
  5. We reserve the right to monitor network traffic in order to detect or debug network problems and to detect unauthorized use of the network or activity that violates network usage policies. We reserve the right to scan any host or equipment connected to the SCS network for open ports, possible security holes, or any other information that may be gained by scanning. By using the SCS network, or connecting hosts or equipment to the SCS network, you consent to such monitoring and scanning.

Domains, host names and name service

Domain hosting

  • You can use CMU equipment to host a domain as long as it is non-profit and not a .com domain or .net domain (contact us if you feel that you need CMU equipment to host a .net domain for research-related reasons).
  • We will provide name-service for a domain if the domain is related to SCS or CMU research/educational activities and is not a .com or .net domain.
  • We do not delegate DNS for SCS or subdomains of SCS. projects.

Naming policy

  • The project component of a hostname must be a valid project.
  • We try to avoid having multiple hosts that have the same first component of their hostnames.
  • All personally owned machines should have a ".pc.cs.cmu.edu" extension.
  • We reserve the right to reject inappropriate hostnames.

Virtual web hosting

A virtual web host requires the allocation of multiple IP addresses (one for each of our main web servers). Because SCS IP address space is limited, virtual web hosts will only be created if:
  • The request is for a valid project, with a limit of one virtual web host per project.
  • The virtual host will be used for non-commercial, academic, purposes.
  • The virtual host is needed for research reasons or to provide a high-visibility (outside of CMU), high-traffic, service.

Network usage restrictions

  1. You may not use the SCS network or data gathered from the SCS network for purposes of gaining or attempting to gain unauthorized access to hosts, networked equipment or data. Any use of the SCS network to scan, break into, attempt to break into, or intentionally degrade the performance, functionality, or network connectivity of hosts or other networked equipment is prohibited, unless:
    • You have gotten the permission of the administrator(s) of said hosts and/or equipment, and
    • The activity will not cause service or performance problems for other hosts or equipment on the network.
    Some exceptions may be granted for non-obtrusive scanning, network measurement, or other activities, but SCS Facilities must be notified and permission obtained from Facilities beforehand.
  2. Network monitoring (tcpdump, etc) for research purposes or debugging network problems is allowed, subject to relevant federal, state or other laws. It is expected that people collecting such data will respect the privacy of anyone whose traffic is incidentally collected by such activities. Network monitoring or packet sniffing for the purposes of intercepting e-mail, passwords, or other personal data without the consent of all parties is not permitted.
  3. Any use of the SCS network that may possibly affect network performance, routing, connectivity, or possibly cause service or performance problems for other hosts or equipment must be approved by SCS Facilities beforehand.
  4. Using the SCS network for purposes of harassment, fraud, sending threatening communications, inappropriate sending of unsolicited bulk e-mail, or any violation of applicable federal, state or other laws, or university policy, is prohibited.
  5. Any use of the SCS network or SCS hosts for commercial purposes or personal commercial gain, except in a purely incidental manner, without advance authorization is prohibited.

Running network services

  1. If you install, enable, or administer any network-aware software on a host, including Web, FTP, SSH, file-sharing, and operating system services, you are responsible for making sure the software does not interfere with network operation, cause problems for other hosts on the network, provide unauthorized access to hosts or data, or otherwise violate network usage policies.
  2. You are responsible for making sure that any network-aware software that you install or administer is kept up-to-date with respect to security patches, and for taking appropriate steps to prevent unauthorized access or use of such software. Hosts or other networked equipment running software or services that are known to be insecure, or that are configured in an insecure manner, may be disconnected or otherwise removed from the network.
  3. If a service generates a very large amount of network traffic, we'll need a work-related justification and may ask you to find ways to reduce the amount of traffic.
  4. Use of such services for illegal behavior, including illegal distribution of copyrighted materials such as software, MP3 music files, DivX movies, etc, without the consent of the copyright holder, is prohibited.