SIU Acceptable Use Policy Main Content
This Acceptable Use Policy or "AUP" specifies that certain actions are prohibited by Southern Illinois University Carbondale or "SIU" for users of: the campus data network, Internet connectivity, research network connectivity, telecommunications or any associated computational resource or service. SIU reserves the right to modify this policy at any time to stay in compliance with all known laws, regulations, policies, and security requirements that are established by appropriate legislative and regulatory authorities or enacted by the SIU administration. By using SIU services any customer, employee or third party unconditionally accepts the terms of this policy.
The SIU data network is a publicly owned private network. SIU systems and services are for the use of authorized users only. Authorized users are subject to routine network monitoring and troubleshooting for the purpose of security, network performance audits and when so directed by our legal authorities. Any user of SIU systems expressly consents to routine monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, SIU staff may provide the evidence of monitoring to law enforcement officials. Further, if illicit activity of any kind is suspected as a result of routine monitoring an internal investigation may result and employment may be suspended or terminated pending the outcome of such an investigation. SIU also reserves the right to deny IP addresses, revoke IP addresses, revoke network access, deny use of network IDs or deny use of any computational resource or service. Limited public access to the Internet is granted in cases where it is a requirement of Federal law such as in the case of Federal Repository holdings of Morris Library.
The SIU data facilities may be used only for lawful purposes. Transmission, distribution or storage of any material in violation of any applicable law or regulation coming to or from any unauthorized network or system is prohibited. Illegal use may include without limitation: material protected by copyright, trademark, trade secret or other intellectual property rights, material used without proper authorization, government and military data protected by law or applicable national security policies and concerns, SIU data protected by public policy, material that in SIU's sole discretion is obscene or defamatory or constitutes an illegal threat, material that violates export control laws or any other laws or applicable regulations. Any violation of the above which compromises the integrity of the SIU; data facilities, network, services or resources connected to the SIU network is strictly prohibited.
SYSTEM AND NETWORK SECURITY
Violations of systems or network security are prohibited and may result in criminal and or civil liability. Use of the SIU data facilities or resources constitutes consent to SIU's routine network and systems monitoring. Should any violations of the law or this AUP be discovered during monitoring, SIU will involve and cooperate with local, State of Illinois, and Federal law enforcement authorities for resolution. Examples of unlawful acts, system or network security violations include but are not limited to the following:
- Unauthorized access to or use of: SIU data, SIU systems or networks, any attempt to probe, damage, scan or test the vulnerability of a system or network or to breach security or authentication measures without express authorization of the owner of the system or network. SIU Information Technology department employees may scan or test the vulnerability of SIU systems or networks that they are responsible for or they manage or are connected to the SIU network.
- Unauthorized monitoring of data or traffic on any network or system without express authorization of the owner of the system or network. SIU Information Technology department Security, Network Engineering Team, Systems and Telecommunications employees may monitor data or traffic on any SIU network or system owned and operated by SIU or for which SIU is expressly responsible to manage through agreement with the owner.
- Interference with service to any user, host or network including without limitation: email "bombing", email "spamming", flooding, deliberate attempts to overload a system, broadcast or "smurf" attacks, deliberate malware or spyware installation, key-logging and other malicious activities.
- Unauthorized access to any data, system, or network for any purpose which is not lawful or which is intended to do harm.
- Forging or alteration of any network or TCP-IP packet header or any part of the header information of an email or a newsgroup posting. Electronic forging of any kind to include but not limited to IP addresses, DNS resolutions, DNS or AD domains, business names, any related forgery, etc.
- Email "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address
- Email "spamming" is a variant of bombing; it refers to sending email to hundreds or thousands of users or to lists that expand to that many users. Spamming may also occur innocently, as a result of sending a message to mailing lists and not realizing that the list explodes to thousands of users, or as a result of an incorrectly set-up responder message.
- "Flooding," or SYN floods, occurs when a target machine is flooded with TCP connection requests. The target host becomes extremely slow, crashes or hangs. Broadcast or "smurf" attacks cause network links to become overloaded. The "smurf" attack sends simultaneous streams of ICMP echo requests ("pings") to the broadcast address of a subnet.
(Last updated on 02/2014.)
For questions concerning this policy, please contact:
Michael Shelton - Deputy Director, Information Technology Department
Southern Illinois University Carbondale
625 Wham Drive
Carbondale IL 62901
Note: This Acceptable Use Policy was crafted by permission after the Illinois Century Network Acceptable Use Policy at http://www.illinois.net/AUP.pdf.