Aims of Operational Circular Nº5

2000/06/19 by CSO

This document is an informal description of CERN policies with respect to its computing facilities. It introduces Operational Circular Nº5 (OC5) in an informal style with the intention of presenting its salient features in a reader-friendly way. Please note, however, that OC5 remains the only official document for legal reference.

Introduction

OC5 sets out the basic rules of use for all computing facilities at CERN. As the field of computing is evolving at a rapid rate, we needed to find a way to cover the general aspects of the use of CERN computing facilities as well as permitting a more flexible way of managing rules of use related to new aspects of computing facilities or to changes in technology.

This was done by introducing a subsidiary level to the rules of OC5 which contains rules of use for each computing service. These service rules appear on the web (http://www.cern.ch/ComputingRules), but nevertheless have to be approved before changes can be made to them. Some example services are e-mail, NICE and networking. The service rules are additional rules to OC5. Abuse of the service rules may entail withdrawal of access to the service and/or other sanction as specified in OC5.

OC5 and CERN

CERN provides computing resources, network infrastructure, e-mail and other services for the purpose of enabling the physics community to participate and fulfill the CERN physics programme. Resources are limited and intended to be used in the context of official work. Even if the educational and research aspects of CERN's life - providing an environment conducive to work - introduces the need for a certain amount of freedom of interest and development of ideas, CERN wishes to ensure that the resources it provides to researchers are used in the way they were intended.

CERN has a professional standing that it wishes to maintain. Computing and networking technologies have potentially placed users in the public eye, through e-mail discussion lists, news groups, and web sites where each user's contribution carries CERN's name - in the form cern.ch. It is now trivial to "publish" in ways that would not have been imagined a few years ago, bypassing the peer review process that has been normal for our community. Users need to be aware that whatever they place on web pages, send to discussion lists or post to news groups from CERN computing facilities carries CERN's name. People wishing their own web sites or e-mail addresses should make use of local Internet Service Providers who offer these services.

CERN provides a network infrastructure for the whole site and collaborating institutes may bring equipment to CERN and connect to CERN's network. All networked equipment on the CERN site is considered to fall under OC5. This (as mentioned above) is because abuse in e-mail, news groups, SPAM etc. from networked equipment will appear to originate at CERN and may be detrimental to the organization's image. Access from home via CERN facilities, such as Automatic Call Back (ACB), is considered in the same way.

Accounts and Services

Computing resources are allocated to users through the various services, such as accounts on NICE, central services, mail and through network connections. Users are responsible for and accountable for the use of their accounts and resources allocated to them. They should take reasonable precautions to prevent other persons from accessing their accounts by choosing good passwords and proper access protection settings. CERN will not tolerate any attempt at unauthorized access to accounts.

Some users may be given privileged accounts or access to accounts created for projects or other special reasons. In these cases the users must only use the accounts for the purpose for which they were intended and if the user's work changes he/she must inform the service manager and revoke access to the account(s).

Computing resources are often shared and limited. Excessive use by users may impact others. Each service monitors its quality and usage to enable all to work smoothly. Users may accidentally abuse these resources, in which case the service manager will as a general principle take action to protect the service and dialogue with the user concerned to rectify the situation. Refusal by users to cooperate with service managers is not tolerated.

Security

CERN takes a proactive interest in protecting its resources and users' accounts against attacks from persons outside of the Organization. These attacks may take many forms from e-mail SPAM to forged mail messages appearing to originate from CERN; virus propagation by various means; unauthorized use of accounts due to various circumstances (compromised passwords, operating system bugs, web server bugs, etc.). Security measures to combat these are implemented for CERN as a whole and by each service, and coordinated through the CERN computer security officer. A team, reachable via cert@cern.ch, will handle security related problems. Users who think that their account has been used by someone else, or suspect some other security related problem, should contact this team or their service manager. In cases of a suspected break-in from outside the user's account is normally blocked until the situation is resolved and new passwords are enforced. Any private or confidential information revealed during the detection of security problems or subsequent investigation is kept confidential.

Services often carry out their own security checks. Some services regularly check for viruses and the existence of suspicious programs using commercial virus scanning software. The virus checking programs may check all user files. If a user is informed that his files are infected by viruses or that suspicious programs have been found in his directory he must follow the service managers instructions. Similarly checks on "good" passwords are performed by some services. These use tools similar to those used by hackers to try to guess passwords. If the tool succeeds in guessing a user's password then the user will be informed and asked to change it. Refusal by users to cooperate with service managers is not tolerated.

Privacy, Confidentiality, Copyright and Illegal activities

Illegal activities, breach of copyright, dissemination of confidential information, pirating software, commercial activities, to mention a few activities are not tolerated.

CERN occasionally has special requirements to abide by. For example, CERN often enters into projects with manufacturers and has access to information that is confidential. Users must take appropriate actions to maintain the confidentiality of any such information. Similarly CERN is often given access to licensed software and the conditions of the license agreement must not be violated, particularly by allowing unauthorized persons to have access or to make copies.

Should users inadvertently come into contact with confidential information they must respect its confidentiality.

CERN accepts no liability for private or confidential information stored on its computer facilities. This includes all file stores and e-mail. Service managers may have to access private or confidential data in the course of maintaining and providing optimum services and in maintaining the security of the service against outside access. Any such information will be treated with confidentiality.

Personal Use

Networking, or rather the use of the Internet, now pervades almost everyone's life. It is unreasonable, if not impossible, to separate completely work and personal use of facilities such as e-mail, calendaring and address books - to give some trivial examples. In addition, as for the telephone, Internet access is available to most CERN users and some reasonable statement of an acceptable use was felt necessary. Basically the "Rules for personal use" section of OC5 states that using CERN computing facilities for personal use still means that all the relevant rules and regulations apply with a few additional constraints. For personal use, users must ensure that frequency and duration is limited, that resources used are negligible and that any such use is at a time and priority that does not impact their normal work. For example, outside working hours, at lunch break or coffee break.

Lastly, the use of CERN's computing facilities as part of CERN's social activities (Clubs etc.) is explicitly mentioned as permitted in the context of personal use.