Administration of computing and networking resources within the College of Engineering is a collective activity undertaken by a group of local administrators. Local administrators at college, departmental, laboratory, research group and individual faculty levels retain local authority over their resources and are collectively referred to in this document as college network- and system- administrators. Those who administrate, work together to assure the reliability and availability of the services these resources provide to college users. To assure reliability and availability, attention to the security of these resources is essential. This policy gives the collective group of local system and network administrators within the College the authority to protect these resources and specifically requires local administrators to make every effort to assure that the privacy, academic freedom and intellectual property rights of users is preserved. Locally designated personnel serve as system/network administrators over the resources they control. No system/network administrator has the right to access computers outside their auspices without the approval of the local administrator.

4.1 System administrators are responsible for the security of information stored on these resources.

4.2 Administrators must take appropriate and reasonable steps to inhibit attempts to obtain unauthorized copies of computer software, computer data and/or software manuals.

4.3 Administrators must take appropriate and reasonable steps to make sure that the number of simultaneous users of software does not exceed the number of original copies purchased.

4.4 Administrators should take steps to insure that assigned passwords are non-trivial and users should be given guidelines for choosing strong passwords.

4.5 Administrators must take appropriate and reasonable steps to assure that access to the computer operations areas is restricted to those responsible for operation and maintenance.

4.6 Default passwords shipped with servers, operating systems software or applications must always be changed when the hardware or application is installed or implemented.

4.7 Special access to information or other special computing privileges are to be used only in performance of official duties.

4.8 Gaining unauthorized access to a system (or area of a system) using knowledge of access abilities gained during a previous position at the institution is prohibited.

4.9 System administrators should never give access to any user on a system they do not administer.

4.10 Computer installations will have defined procedures for maintaining data integrity during hardware repair, and will set up a schedule of preventive maintenance for the computer systems where appropriate.

4.11 System administrators should install fixes to known system problems as expeditiously as possible.

4.12 Sessions with root or other privileged access must be logged off to a point that requires a new log-on whenever leaving your work area.