Security Policy on using the Centre's Computing Resources
Since incident reports of malicious attacks or account hacking and mail
spamming originating from our University have been on the rise, the Computer
Centre wishes to make users aware of the "The
University of Hong Kong Statement of Ethics on Computer Use".
This article will further substantiate the Computer Centre's policy for
legitimate use of our computing resources and state the course of action
to take against an abuser of our computing resources.
For details on how to protect your Unix systems against hacking,
please refer to the article "System
Security for Unix Systems" in a previous issue of the Computer News.
For PC system security, you may find the experience
of a concerned PC user to be useful information.
General Statement
In general, all computer users are expected to behave with ethics in using
the University's computing equipment and services. Any of the following
behavior is considered unacceptable and shall constitute an offense or
an abuse of computing resources:
-
damage of any hardware, software and/or data belonging to the University
or others;
-
unauthorized access or copy of other users' electronic mails, data, communication
or programs;
-
wasting limited shared resources such as network bandwidth in mail
spamming, etc.;
-
unauthorized dissemination of copyrighted materials or infringement of
copyright protected materials of any kind
Please note that the above guidelines also apply to ACE net/Hall
network users using their own computing equipment in connecting to the
campus network. In order to ensure a high level of services to our
users, the Computer Centre will monitor the network for sudden surge of
traffic or violating activities.
Action against Reported Incidents
When a complaint of abuse of the computing resources is received, the Computer
Centre shall handle the incident as follows:
-
contact the individual to inform him/her of the alleged offense;
-
suspend the computer account(s) of the offender;
-
arrange a meeting between the offender and a Computer Centre staff to discuss
the incident. The meeting should focus on educating the individual
on the nature of this offense so that future violations can be avoided;
-
the computer account of the violator will be resumed after the investigation
is completed and related issues resolved or when the Computer Centre considers
it not a threat to our system's security any more.
If there is a compromised computer system involved in the incident, the
computer should be immediately disconnected from the campus network before
remedial work can be done on it. Before re-connecting the machine
to the campus network, the violator should be responsible for cleaning
up the system based on advice provided by the Computer Centre. If
there is any difficulty in cleaning up the affected system, consultancy
services will be provided by the Computer Centre and there may be a charge
for such services. The Computer Centre reserves the right to disconnect
a computer system from the campus network if any of the following situations
are encountered:
-
repeated offense on a computer system is observed
-
substantial damage has been made to the data/equipment belonging to the
University or others
-
the incident has been escalated to judicial proceeding
If you wish to report any intrusion on your computer system, please feel
free to report your case to security@hku.hk.
KC Chang
Tel: 2859 7972
E-mail: kcchang@hkusua.hku.hk
[Contents]
[Next] [Previous]