IACS Computing & Wireless Facilities
March 12, 2008
IACS Computing Facilities are all facilities related to numerical and symbolic computations and communications and network access such as, but not limited to, e-mail and Internet access. IACS provides these to facilitate the research, education and administrative efforts of its members and staff. To this end the Computer Centre (CC) provides support in networking and information resources for its computing community. The Computer Centre undertakes security and monitoring measures to preserve the integrity and performance of its networking and computing resources.
Use of any IACS technology resource can be made by authorised persons as long as this usage is in compliance with Institute policies and all local, state and central government laws governing telecommunication. Failure to comply may result in the closure of an account, with further discretionary action taken by the Director of the Institute, if necessary.
In order to protect the integrity of the IACS computer and communications network and its systems, any proof of unauthorised or illegal use of any IACS network device and/or computer and/or its accounts can warrant an investigation. Users may voluntarily cooperate with the CC staff in such investigations. If necessary, User's files, accounts and/or systems will be investigated only by a person, persons or a committee designated for each case separately by the director of IACS.
The following items describe general policies for usage and administration of IACS's computing facilities.
Purpose : computing facilities are to be provided by IACS and its centres, departments and units in support of the research, teaching, administration and public services according to the mission of the institute.
Users : users of IACS computing facilities are to be limited primarily to IACS's academic and other staff, students and visitors for purposes that conform to the requirements of the item above.
Any usage which contravenes local, state and central government laws or violates norms of IACS usage will be treated as misuse. Two specific categories of misuse are listed below. All listed actions and others which effectively amount to the same are considered to be misuse of IACS computing, communications and network facility.
Misuse involving or amounting to attack on any devices, systems and/or networks
- Using the network to gain unauthorised access to any computer system.
- Tapping phone or network transmissions (e.g. running network sniffers without authorisation).
- Knowingly performing an act which will interfere with the normal operation of computers, terminals, peripherals or networks.
- Knowingly running, installing and/or giving to another user a program intended to damage or place excessive load on a computer system, network device or network. This includes, but is not limited to, programs known as computer viruses, Trojan horses and worms.
- Attempting to circumvent data protection schemes or uncover security loopholes.
- Masking the identity of an account or machine.
- Releasing a virus, worm or other program that damages or otherwise harms a device, system or network
- Using IACS resources for unauthorised purposes (e.g. using personal computers connected to the campus network to set up web servers for commercial or illegal purposes).
- Unauthorised access to data or files even if they are not securely protected (e.g. breaking into a system by taking advantage of security holes, or defacing someone else's web page)
Other categories of misuse
- Using an account that the user is not authorised to use, or obtaining a password for a computer account without the consent of the account owner.
- Providing any assistance to any person to facilitate unauthorised access to one or more files, accounts, computers, network devices or network segments.
- Deliberately wasting computing resources.
- Attempting to monitor or tamper with another user's electronic communications, or reading, copying, changing or deleting another user's files or software without explicit agreement of the owner.
- Preventing others from accessing services.
- Sending forged messages under someone else's name.
- Employing a false identity for e-mail or other purposes.
- Using email to harass others.
- Charging the services availed of by a person to the account of another.
WIRELESS SECURITY POLICY
It is MANDATORY for departments deploying wireless network in IACS to implement secured access using one of the methods. Access to network/internet via wireless routers must be using one of the methods.
Wi-Fi Protected Access (WPA) OR Wired Equivalent Protection (WEP)
Media Access Control (MAC) Filtering enabled access
General guidelines to be followed are as below:
Provide the computer centre network group of your plan on wireless network deployment.
Purchase only wireless access points and routers which comply to 802.1X standard.
Any user can reset the router to factory defaults and get access to router and network. Hence install the wireless router/access point in a secured place where physical access is not possible for general user.
Change the factory default administrator password of the wireless router/access point to a complex alphanumeric password.
Change the default Service Set Identifier (SSID) on all wireless routers/Access points to broadcast your department SSID s. This enables users to easily identify the access point to which they are connecting.
Deploy personal firewalls on all the remote access devices, such as laptops and enforce their continuous use. Ensure that user devices have up-to-date antivirus software security patches. Don't allow machines without protection on the network.
Enable DHCP server service on the wireless router using the IP range allotted to your department and disable the NAT ing feature on the wireless router. This will help in tracing the misbehaving laptop connected to the wireless router.
Upgrade the firmware of wireless router and access point as and when new security patches or new versions are released.
When disposing access points that will no longer be used, clear access point configuration to prevent disclosure of network configuration, keys, passwords, etc.
The following actions will be taken in case of infractions of the IACS policies:
- All cases of infractions of this policy and misuse of IACS computing, communications and network resources will be logged and a written record will be kept with the Computer Centre. Such reports can be used to take further action if necessary.
- Minor infractions of this policy or those that appear accidental in nature will be typically handled informally by email or in-person discussions. If an infraction has been judged to be accidental, a note to this effect must be made in the log with the Computer Centre.
- More serious infractions will be handled via formal procedures.
- In case of misuse involving or amounting to attack on any devices, systems and/or networks, if there is any need for immediate response, then offending accounts, computers, network devices or network segments will be isolated or shut down according to reasonable technical criteria. Such decisions must be taken by the chairman of the Computer and Communications Committee in consultation with the head of the Computer Centre. Justification for these steps must be recorded after the fact in the log kept by the Computer Centre.