The purpose of these policies and guidelines is to define the regulations for providing shared computers to the University’s network and their administration. These regulations are designed to minimize potential exposure of the University and individual user from damages that could result from computers that are not configured or maintained properly.
It is acknowledged that the University IT infrastructure is constantly evolving to meet changing needs of the University and challenges of new technology. These policies and guidelines, therefore, are subject to regular review and amendment.
These policies and guidelines apply to all shared computer systems connected to the University’s network, including, but not limited to, computer systems in departments, units, computer labs, classrooms, communal area, student societies and computer labs in hostels.
- System Administration
The technical support staff of a college/faculty/department/unit/society that provides shared computer systems is responsible of the system administration of these computer systems. In some cases the responsibility of some specific machines may be assigned to departmental staff. Faculty, staff, students and societies who have received explicit permission to connect their personal computers to the campus network via wired or wireless network are assumed having the responsibility to administrate their computers.
- System Administration Policies and Guidelines
The system administrators are responsible for:
- Providing both physical security and access authorization services for the computers according to the policies and guidelines provided in this document.
- Making sure access and use of the computers are authenticated and authorized.
- Tracking users and their respective access authorizations. Access and usage should be monitored and recorded on an on-going basis. End users should be informed about such monitoring and recording in the computer systems that they are using.
- Ensuring that all computers have anti-virus software installed and running and should ensure that virus definition files are updated daily or as recommended by the ITSC. Making sure that the shared computer systems are free of malicious software.
- Installing the most recent security patches on the system as soon as practical or as directed by the ITSC.
- Ensuring that suitable firewall is installed and running and that no unnecessary services are installed.
- Conducting auditing on log files on a regular basis and secure the log files.
- Reporting any inappropriate use or problems to their respective management committees.
- Making sure if disk storage is provided for end users, proper access control method must be implemented to protect user data being accessed by unauthorized person.
- Publishing the contact of support and administrators and user reminder, in eye-catching place in a shared computer for end users for enquiry or problem reporting while they are using the shared computer systems.
- Taking remedy action within a reasonable period of time following receipt of notification of security vulnerability.
- Removing from the network, machines that are infected, compromised, or modified in such a fashion that they are impacting network health.
- Reminder for End Users
- Users are bound by the ITSC CUHK Campus Network - Policies and Guidelines on Access and Usage.
- Users must follow the proper start up procedure or do a system re-start (power-off and then power-on), whenever possible, before using a shared computer system.
- After using, users must log off and power off, whenever possible, a shared computer system.
- Users should avoid inputting sensitive and personal data at shared computer systems and pay special attention to personal files.
No one should provide shared computers that cannot comply with the policies and guidelines as stated in this document. Violations of policies and guidelines in this document may be dealt with by the University in accordance with such disciplinary codes and/or procedures as are in place, from time to time, in respect of students and/or staff of the University.
User Support Service
Information Technology Services Centre
Version 2, May 2010