Information Technology Services Centre - Computer Network - Policies & Guidelines on Access and Usage
  • Submit
  • Computer Network - Policies & Guidelines on Access and Usage

    1. Intorduction
      The mission of the Information Technology Services Centre (ITSC) is to operate and develop its Computer Network (ITSCnet) to support and promote instructional, research, and administrative activities in the University. ITSCnet is composed of timesharing systems, servers and workstations, personal computers, laser printers, high-speed line printers, plotter and other special input/output devices, some telecommunication modems, bridges, routers and other special-purpose peripherals. These systems are interconnected into several local-area networks within the Information Technology Services Centre. Network connections are also maintained to the rest of the Chinese University campus including many departmental LANs, as well as to off-campus networks such as HARNET and Internet. Most of the policies and guidelines presented in this document are expressed in general terms. They are applicable to all facilities and services that ITSC are providing. Policies and guidelines that are more specific to a facility on a service are documented online. As a user of ITSCnet you are automatically governed by the policies and guidelines in this document and on other electronic media.

    2. Disclaimers 
      The ITSCnet makes available to faculty, staff, students and others, computing facilities consisting of hardware, software and documentation. The use and operation of these facilities is subject to the following disclaimers.
      1. Every effort is made by the ITSC staff to prevent loss of data in the event of hardware or software failure or through human error. This is done by making regular backup copies of data stored on the ITSCnet to magnetic tape or other media. It must be recognized, however, that in rare cases it may not be possible to restore the latest version of every data file from these backups, and some data loss may occur. Because these cases are outside the ITSC staff's control, the staff are not liable for any loss of data arising directly or indirectly from the failure of hardware, software, or from human error.
      2. Because the goals of the ITSCnet are primarily educational in nature, computer systems are generally open to perusal and investigation by users, and security controls may be less restrictive than they would be in other environments. Although an appropriate effort is made to maintain system security, unauthorized access to information is possible through malicious mischief. The ITSC staff cannot guarantee against loss of privacy, theft of information, damage or loss of data arising directly or indirectly from the absence or failure of system security protection mechanisms. ITSC will accept no liability whatsoever for any direct, incidental, consequential or indirect damages, loss or corruption of data, loss of profits, goodwill, bargain or opportunity or loss of anticipated savings or any other loss resulting from your access to, reliance on, or use of, or inability to use ITSCnet, whether based on warranty, contract, tort, negligence or any other legal theory, and whether or not ITSC knows of the possibility of such damage.
      3. Most of the software used on the ITSCnet is purchased or licensed from third-party vendors, usually without source code. This limits the ITSC staff's ability to repair bugs in this software, or to modify the software. In many cases, several software packages of similar purpose are provided to attempt to serve a broader range of needs. However, the ITSCnet can make no warranty, express or implied, regarding the computing services offered or their fitness for any particular purpose.

    3. Access to ITSCNet Facilities  
      When applying for access to ITSCnet facilities, a valid University identification card must be presented. For some facilities, ITSCnet may require application to be endorsed by the supervisor of the student or the lecturer in charge of the class.
      1. The facilities of the ITSCnet are made available to the faculty, staff, and students of the University, generally without charge. Facilities may also be made available to student organizations, staff organizations and members of other higher institutes by special arrangement.
      2. Only properly authorized persons may access ITSCnet facilities; proper authorization is provided by ITSC staff members or their designates in the form of an account issued in the name of the authorized person.
      3. A user may not permit any other person, including other authorized users, to access ITSCnet facilities through his or her account, unless the access is on behalf of the account holder.
      4. Those people, who have been issued keys, access cards, or combinations to obtain access to ITSCnet facilities may not use these items to allow other persons to access the facilities. Keys access cards, and combinations should not be lent or given to others.

    4. User Rights and Responsibilities 
      Users of the ITSCnet have the following rights and responsibilities.
      1. To enable the ITSC staff to accurately maintain information about the user of each account, each user is responsible for supplying current information to the appropriate ITSC staff member including department affiliation, degree program (undergraduate or graduate), and the University position (faculty, staff, graduate staff, or student).
      2. To provide false or misleading information for the purpose of obtaining access to ITSCnet facilities is a violation of University policy.
      3. Users are responsible for any and all activities initiated in or on ITSCnet facilities by their accounts.
      4. Users are responsible for selecting a secure password for their account and for keeping that password secret at all times. Passwords should not be written down, stored on-line, or given to others. Passwords should never be given out to someone claiming to be an ITSC staff member; authorized ITSC staff members do not need to know individual user's password.
      5. Users are responsible for protecting their own files and data from being read and/or written by other users, using whatever protection mechanisms are provided by the operating system in use. Users are responsible for picking up their printer output in a timely fashion to avoid theft or disposal.
      6. Users are urged to report any system security violation, or suspected system security violation, to the ITSCnet staff or through ITSC Service Desk System at https://servicedesk.itsc.cuhk.edu.hk/ immediately.
      7. Most ITSCnet facilities are made available on an unmonitored basis. It is the responsibility of every user to act in such a manner as to not cause damage to the physical equipment. Accidental damage, or damage caused by other parties, should be reported to the ITSCnet staff as soon as possible so that corrective action can be taken.
      8. Users who borrow hardware, software, or documentation from ITSCnet are responsible for its proper care and to return it in a timely fashion.
      9. Users are responsible for obeying all official notices posted in terminal rooms attached to ITSCnet equipment, or displayed in the log-on message of the day.
      10. Users who are authorized by ITSC may not be denied access to ITSCnet facilities by someone who is not using the facilities for instructional, research, or administrative purposes or who is not a faculty, staff, or student member of the University. An authorized user may ask the offending person to relinquish the resource, or may ask any ITSC staff member to intervene on his or her behalf.
      11. Users have the right not to be harassed while using ITSCnet facilities, whether it is physical, verbal, electronic, or any other form of abuse. Harassment should be reported to the ITSCnet staff or ITSC Service Desk System at https://servicedesk.itsc.cuhk.edu.hk/.
      12. Users have the right to make data access requests to ascertain from ITSC whether ITSC holds personal data of which they are the data subjects, and if ITSC holds such data, to be supplied with a copy of such data. Above all, users of the ITSCnet facilities are responsible at all times for using them in a manner that is ethical, legal, and not to the detriment of others.

    5. ITSC Staff Rights and Responsibilities 
      The ITSC staff generally may do whatever is necessary to carry out his or her responsibility to maintain effective operation of the ITSCnet facilities.
      1. The ITSC staff has the responsibility to make every reasonable effort to maintain the privacy of a user's files, electronic mails, and printer listings.
      2. ITSC has the responsibility to comply with the guidelines of the Personal Data (Privacy) Ordinance in using and holding personal data of its users. Details of ITSC privacy policy and practices in collecting, holding and using of staff and student personal data can be found at http://www.cuhk.edu.hk/itsc/about/pdo.html.
      3. In the normal course of examining and repairing system problems, and when investigating instances of improper use of ITSCnet facilities, the ITSC staff may need to examine users' files, electronic mails, and printer listings; temporarily revoke user account or block access to user files. The ITSC staff has the right to do this, subject to item 5.1 above and the University Policies and Guidelines on the Use and Monitoring of the University’s Information and Communication Technologies Facilities and Services published at http://www.cuhk.edu.hk/itsc/security/restricted/ispolicy/ict-guidelines.pdf.
      4. Investigations that discover improper use may cause the ITSC staff to: limit the access of those found using facilities or services improperly; disclose information found during the investigation to University or law enforcement authorities; initiate disciplinary actions as prescribed by University policies and procedures.
      5. In order to protect against hardware and software failures, backup of all data stored on ITSCnet systems are made on a regular basis. The ITSC staff has the right to examine the contents of these backups to get sufficient information to diagnose and correct problems with system software, or to investigate instances of improper use of ITSCnet facilities, subject to item 5.1 above and the University Policies and Guidelines on the Use and Monitoring of the University’s Information and Communication Technologies Facilities and Services published at http://www.cuhk.edu.hk/itsc/security/restricted/ispolicy/ict-guidelines.pdf.
      6. With reasonable cause for suspicion, the ITSC staff has the right to monitor any and all aspects of a system, to determine if a user is acting in violation of the guidelines set forth in this document, subject to item 5.1 above and the University Policies and Guidelines on the Use and Monitoring of the University’s Information and Communication Technologies Facilities and Services published at http://www.cuhk.edu.hk/itsc/security/restricted/ispolicy/ict-guidelines.pdf.
      7. The ITSC staff may alter the priority or terminate the execution of any process that is consuming excessive system resources or objectionably degrading system response, with or without prior notification.
      8. The ITSC staff may remove or compress disk files that are not related to Information Technology Services Centre missions or which are consuming large amounts of disk space, with or without prior notification.
      9. The ITSC staff has the responsibility to keep the database of user accounts in the computer systems up-to-date. A user account and data files will be deleted, without prior notice, once he/she is not a member of the University.
      10. The ITSC staff may terminate connected login sessions that have been idling (unused) for long periods of time, in order to free resources. This applies particularly to limited resources such as dial-in connections. The definition of a “long period” of time may vary from system to system, depending on resource availability.
      11. The ITSC staff has the responsibility to provide advance notices of system shutdowns for maintenance, upgrades, or changes so that users may plan around periods of system unavailability. However, in the event of an emergency, the ITSCnet staff may shut down a system with little or no advance notification. Every effort will be made to give users a chance to save their work before the system is taken out of service.
      12. The ITSCstaff members have the responsibility to report any violations of University policy to the appropriate authorities. The ITSCnet staff has the authority to remove harassing, defamatory, pornographic, obscene, indecent or distasteful contents from e-mail, newsgroup, website and etc.
      13. The ITSC staff may refuse or restrict access of ITSCnet facilities to any person who has violated the guidelines in this document, or who has violated the guidelines of other computer facilities belonging to the University.

    6. Proper Use 
      The ITSCnet facilities are provided for use by faculty, staff, and students to support the missions of the Information Technology Services Centre. All faculty, staff, and students using ITSCnet facilities are responsible for using these facilities in an effective, ethical, and lawful manner.
      1. Many resources, such as disk space, CPU cycle, printer queues, batch queues, login sessions, and software licenses, are shared by all users. No user may monopolize these resources.
        1. Users should consume as little disk space as practical; make use of available means for compressing files and archiving unused files off-line.
        2. Users should not load the system in such a way that others cannot perform useful work. Only a single instance of large, resource-intensive programs should be executed at one time.
        3. Long print jobs such as thesis should not be printed during periods of peak printer demand.
        4. Many software packages have a limited number of licenses, requiring users to share the licenses.
        5. The resources of workstations located in public laboratories should be respected; jobs may not be run that would interfere with the use of that workstation by the person sitting at the keyboard.
      2. ITSCnet facilities are provided for academic use (instruction and research) and some administrative uses. ITSCnet facilities must not be used for commercial or personal gains without explicit approval of ITSC.
      3. The ITSC staff recognizes the academic value of research on computer security and the investigation of self-replicating code. However, the use and development of this type of software, if not properly supervised, can inadvertently affect the operation and integrity of ITSCnet systems.
        1. Users may not intentionally develop or use programs, which harass other users of the system.
        2. Users may not intentionally develop or use programs, which attempt to bypass system security mechanisms, steal passwords or data, or “crack” passwords.
        3. Users may not intentionally develop or use programs that, by design, attempt to consume all of an available system resource (cpu, memory, swap space, disk space, network bandwidth, etc.). Special arrangement can be made with ITSC in case such request is required.
        4. Users may not intentionally develop or use programs designed to replicate themselves or attach themselves to other programs, commonly called worms or viruses.
        5. Users may not intentionally develop or use programs designed to evade software licensing or copying restrictions.
        6. Users who believe that they have a legitimate reason to use or develop programs in the above categories must give prior notice to the ITSC staff. Special arrangements can be made to provide an adequate environment for conducting the research without risking damage to or impairment of other systems.
      4. Users are forbidden to give/disclose their passwords to anyone or allow anyone to use their e-mail or computing accounts.
      5. Files owned by individual users are to be considered private property, whether or not they are accessible by other users.
        1. Just as an unlocked door or window does not implicitly grant permission to strangers to enter your house, the ability to read another user’s files does not implicitly grant permission to read those files.
        2. Under no circumstances may a user alter a file that does not belong to him or her without prior permission of the file’s owner. The ability to alter another user’s files does not implicitly grant permission to alter those files.
      6. Because this is an educational environment, computer systems are generally open to perusal and investigation by users. This access must not be abused either by attempting to harm the systems, or by stealing copyrighted or licensed software.
        1. Because this is an educational environment, computer systems are generally open to perusal and investigation by users. This access must not be abused either by attempting to harm the systems, or by stealing copyrighted or licensed software.
        2. Most system-level files are parts of copyrighted or licensed software, and may not be copied, in whole or in part.
        3. The same standards of intellectual and academic honesty and plagiarism apply to software as to other forms of published work.
        4. Making copies of software having a restricted-use license is theft and so is figuring out how to “beat” the license.
        5. Deliberate alteration of system files is vandalism or malicious destruction of University property.
      7. Harassing, defamatory, pornographic, obscene, indecent or distasteful contents may not be sent via electronic mail or posted to electronic bulletin boards, web pages and newsgroups.
      8. Sending forged e-mail or posting forged message in newsgroups are regarded as dishonest and are forbidden.
      9. Unsolicited massive e mailing without explicit approval from ITSC is prohibited. Sending electronic messages to people you do not know or who do not need to get your message is a nuisance.
      10. ITSCnet facilities and network connections may not be used for the purposes of making unauthorized connections to, breaking into, or adversely affecting the performance of other systems on the network, whether these systems and networks are University-owned or not. The ability to connect to other systems via the network does not imply the right to make use of or even connect to these systems unless properly authorized by the owners of those systems.
      11. Other organizations operating computing and network facilities that are reachable via the ITSCnet may have their own policies governing the use of those resources. When accessing remote resources from ITSCnet facilities, users are responsible for obeying both the guidelines set forth in this document and the policies of the other organizations.

    7. Copyrights and Licenses 
      Hong Kong copyright and patent laws protect the interests of authors, inventors, and software developers in their products. The software used on ITSCnet facilities is operated under license agreements with software suppliers.
      1. Software license agreements serve to increase compliance with copyright and patent laws. It is against Hong Kong law and ITSC policy to violate the copyrights or patents on computer software. It is against ITSC policy and may be a violation of Hong Kong law to violate software license agreements.
      2. Software in use on ITSCnet facilities, unless it is stored in areas specifically marked as containing copyable software, may not be copied to magnetic tape, hard or floppy disks, or otherwise removed from ITSCnet facilities.
      3. Source code for licensed software is not allowed to be included in software that is released for use outside the ITSCnet.
      4. Copyright Infringement is strictly prohibited on the campus network as stipulated in the ITSC Acceptable Use Policies and Guidelines on Access and Usage.
      5. Unauthorized uploading or downloading of copyright works may attract civil or even criminal sanctions. Users should be well aware of the copyright ownership of the files.
      6. The ITSC staff has the responsibility to track down any infringement of copyright by taking proactive measures such as monitoring network activities and browsing usage log.
      7. Users have the responsibility to report a copyright infringement activity in the University. Copyright infringement should be reported to the ITSC staff or through ITSC Service Desk System at https://servicedesk.itsc.cuhk.edu.hk/.

    8. Procedures to Handle Violations of Policies and Guidelines 
      1. Step One. When a student or staff is alleged to be abusing computing resources, all of his or her computing privileges may be suspended immediately to protect the computing resources and to assure reliable service to the rest of the community.
      2. Step Two. The student or staff will be notified and be requested to discuss, in person, with the responsible person of ITSC.
      3. Step Three. If the student or staff is proven to have violated the policies and guidelines set forth in this document, penalties will be imposed as described in Section (9) of this document.

    9. Enforcement 
      The disposition of situations involving a violation of the guidelines set forth in this document and the penalties that may be imposed for these violations are as described below.
      1. Infractions such as overloading systems, using ITSCnet facilities for commercial purpose, forging e-mail or electronic message, harassment and sending massive number of un-solicited e-mails will result in temporary deprivation of ITSCnet access privileges for TWO weeks.
        Repeated infractions will result in temporary deprivation of ITSCnet access privileges for ONE month and the case will be escalated to the University authorities for further action. If the offender is a student of the University, the case will be referred to the Dean of the student’s college or the Graduate School. If the offender is a staff member of the University, the case will also be referred to the appropriate authority of the University.
      2. Serious infractions such as giving or disclosing passwords to others, allowing (not for job delegation purpose) others to use one’s e-mail or computing accounts, unauthorized use or access of ICT facilities or services, attempts to steal password or data, attempts to steal licensed software, infringement of copyright and attempts to damage computer facilities (inside or outside the University) and violation of local laws such as those in Appendix (I) will result in temporary deprivation of ITSCnet access privileges for ONE month. The case will also be escalated to the University authorities for further action. If the offender is a student of the University, the case will be referred to the Dean of the student’s college or the Graduate School. If the offender is a staff member of the University, the case will be referred to the appropriate University authority.
        Repeated serious infractions will result in temporary deprivation of ITSCnet access privilege for THREE months. The case will also be escalated to the University authorities for further action. If the offender is a student of the University, the case will be referred to the Dean of the student’s college or the Graduate School. If the offender is a staff member of the University, the case will be referred to the appropriate University authority.

    10. Consultation, Support and Enquiry 
      For any enquiries, please contact us by:
      Website: http://www.cuhk.edu.hk/itsc
      ITSC Service Desk: https://servicedesk.itsc.cuhk.edu.hk/
      Fax: 2603-6098
      Phone: 3943-8845 (Hotline Services)
      Monday - Thursday 08:45-13:00 14:00-17:30
      Friday 08:45-13:00 14:00-17:45
      Saturday, Sunday & Public Holiday close

    11. Appendix I
      1. The Telecommunication Ordinance
        • (S. 27A, Cap. 106) - Prohibiting unauthorized access to computer by telecommunication.
      2. The Crime Ordinance
        • (S. 59, Cap. 200) - Extending the meaning of property to include any program or data held in a computer or in computer storage medium.
        • (S. 59 and 60, Cap. 200) - Extending the meaning of criminal damage to property to misuse of a computer program or data.
        • (S. 161, Cap. 200) - Prohibiting access to computer with criminal or dishonest intent.
      3. The Theft Ordinance
        • (S. 11, Cap. 210) - Extending the meaning of burglary to include unlawfully causing a computer to function other than as it has been established and altering, erasing or adding any computer program or data.
        • (S. 19, Cap. 210) - Extending the meaning of false accounting to include destroying, defacing, concealing or falsifying records kept by computer.
      4. The Personal Data (Privacy) Ordinance
      5. Copyright and Intellectual Property Rights
      6. Unsolicited Electronic Messages Ordinance