SECURITY POLICY FOR THE THEORY NETWORK

Serious problems with the security of computer networks around the world have forced us to introduce a formal policy regarding the use of computers on our network.

Accounts on the UBC Theory systems are a priviledge, not a right, and are provided under the following conditions:

  1. ) All your accounts will be terminated a few days after you leave UBC. You may request an extention of the life of your account for the purposes of transfering files to your new location.
  2. ) Your account and your password are supplied for your use only. Do not give your password to anyone else. If you believe that anyone might know it, change it immediately. If you have a guest or a friend who needs brief access to a computer, either sign him on to your account yourself, or ask us to give him/her a temporary account. Use anonymous ftp to transfer files to users elsewhere- do not give them your password to sign onto your account. Evidence that others are using your account will result in loss of the account.
  3. ) Although we will attempt to maintain a reasonable level of confidentiality, your account, your files, your email, etc. should be regarded as potentially public. We will not assume responsibility if anyone else gains access to your files, and we reserve the right to access your accounts and files to fix problems, or if we suspect wrongdoing of your or other's part.
    Although backups are made occasionally( once a month), they are not made regularly, and you assume the burden of keeping backups of crucial information. (An Exabyte tape drive is located in Unruh's office for use by the thoery group). We will not be responsible for any direct or consequential damages which result due to loss damage or destruction of your data, however caused, or because of the access to your data by anyone else, however caused.
    Anyone wanting to volunteer to make regular backups, see Bill
  4. ) The X display system is a security nightmare. To (slighltly) lessen the danger, we do not allow users to run xhost on the theory machines. Instead use rxauth [To use, place the theory machine name into the remote .rhosts file. When you want to use X on the remote machine, use rxauth . This uses the MIT magic cookie security process, which is slighlty less insecure than xhost.]
  5. ) Do not place remote machine names into your .rhosts file. This is a potentially severe security hole. (Yes, we know that this is potentially in conflict with item 4. Talk to us if it is a real problem)
  6. ) Use the machines responsibly. UBC regulations do not allow the machines to be used for outside for profit activities without the express permission of a designated UBC authority. Furthermore, the use of the theory machines for personal, non-UBC related affairs is condoned only in so far as such use does not hamper the use of the machines for Univesity related business. In particular the theory machines are for the use of the members of the theory group on the Physics department.
    Any use of the machines to harass, distribute pornography, or to "spam" (mail to a large number of newsgroups or people who you have no reason to believe want to receive your mail) will result in immediate loss of your priviledge to use the theory computers. Any complaints that we receivei from others that such activity has taken place will be taken very seriously.
  7. ) Theory group account holders must further agree to abide by the general policy guidelines set out by the Physics and Astronomy Department for computer use. These can be obtained from Ron Parachoniak or read here:
Those who do not abide by these rules are subject to having their computer priviledges revoked. In other words we are really serious about this! We have been fortunate so far in our group but there have been many other systems on the international network which have been very seriously affected by security violations.

The machines are for the use of the theory group. The above rules are to ensure that they remain useful. At times the rules may get in the way. Let us know if this happens so that we can find ways around the problems. Please do not try to get around the security measures on your own, as the problems created could affect everyone.

If you have any questions or if you disagree with any of these rules please feel free to speak with Bill Unruh or Nathan Weiss. BUT YOU STILL MUST ABIDE BY THESE RULES.

Appeals for loss of your account should be directed in the first instance to one of us, then to the head of the department of Physics and Astronomy.