J. Wayne Reitz Union
Educating Leaders for a Global Community
(Reprinted from Office of Information Technology http://www.it.ufl.edu/policies/aupolicy.html)
As part of its educational mission, the University of Florida acquires, develops, and maintains computers, computer systems and networks. These computing resources are intended for university-related purposes, including direct and indirect support of the university's instruction, research and service missions; university administrative functions; student and campus life activities; and the free exchange of ideas within the university community and among the university community and the wider local, national, and world communities.
This policy applies to all users of university computing resources, whether affiliated with the university or not, and to all uses of those resources, whether on campus or from remote locations. Additional policies may govern specific computers, computer systems or networks provided or operated by specific units of the university. Consult the operators or managers of the specific computer, computer system, or network that you are interested in for further information. This policy may be modified as deemed appropriate by the University. Users are encouraged to periodically review the policy as posted on the university's home page.
The rights of academic freedom and freedom of expression apply to the use of university computing resources. So too, however, do the responsibilities and limitations associated with those rights. The university supports a campus and computing environment open to the free expression of ideas, including unpopular points of view. However, the use of university computing resources, like the use of other university-provided resources and activities, is subject to the requirements of legal and ethical behavior. Thus, legitimate use of a computer, computer system or network does not extend to whatever is technically possible.
Users of university computing resources must comply with federal and state laws, university rules and policies, and the terms of applicable contracts including software licenses while using university computing resources. Examples of applicable laws, rules and policies include the laws of libel, privacy, copyright, trademark, obscenity and child pornography; the Florida Computer Crimes Act, the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit "hacking," "cracking" and similar activities; the university's Student Code of Conduct; the University's SexualHarassment Policy. Users who engage in electronic communications with persons in other states or countries or on other systems or networks may also be subject to the laws of those jurisdictions and the rules and policies of those other systems and networks. Users with questions as to how the various laws, rules and resolutions may apply to a particular use of university computing resources should contact the for more information.
Users are responsible for ascertaining what authorizations are necessary and for obtaining them before using university computing resources. Users are responsible for any activity originating from their accounts which they can reasonably be expected to control. Accounts and passwords may not, under any circumstances, be used by persons other than those to whom they have been assigned by the account administrator . In cases when unauthorized use of accounts or resources is detected or suspected, the account owner should change the password and report the incident to the appropriate account administrator, Unit Information Security Manager, and/or Dean, Director, or Department Chair.
Although there is no set bandwidth, disk space, CPU time, or other limit applicable to all uses of university computing resources, the university may require users of those resources to limit or refrain from specific uses if, in the opinion of the system administrator, such use interferes with the efficient operations of the system.
Users may not state or imply that they speak on behalf of the university or use university trademarks and logos without authorization to do so. Authorization to use university trademarks and logos on university computing resources may be granted only by the Office of Public Relations or University Athletic Association. The use of appropriate disclaimers is encouraged. For further guidelines on the use of the university's marks, name and image, please refer to UF's Graphical Standards Policy.
Users must not use computing resources to gain unauthorized access to remote computers or to impair or damage the operations of UF computers or networks, terminals or peripherals. This includes blocking communication lines, intercepting or sniffing communications, and running, installing or sharing virus programs. Deliberate attempts to circumvent data protection or other security measures are not allowed.
Users who violate this policy may be denied access to university computing resources and may be subject to other penalties and disciplinary action, including possible expulsion or dismissal. Alleged violations will be handled through the university disciplinary procedures applicable to the user. The university may suspend, block or restrict access to an account, independent of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of university or other computing resources or to protect the university from liability. The university may also refer suspected violations of applicable law to appropriate law enforcement agencies.
The university employs various measures to protect the security of its computing resources and its user's accounts. Users should be aware, however, that the university cannot guarantee security and confidentiality. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords and changing them regularly.
Users should also be aware that their uses of university computing resources are not completely private. While the university does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the university's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns and other such activities that are necessary for the provision of service. The university may also specifically monitor the activity and accounts of individual users of university computing resources, including individual login sessions and the content of individual communications, without notice, when:
Any such monitoring of communications, other than what is made accessible by the user, required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the appropriate Vice President or the Vice Provost for Information Technology in consultation with the . The university, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to appropriate university personnel or law enforcement agencies and may use those results in appropriate university disciplinary proceedings. Communications made by means of university computing resources are also generally subject to the Florida Public Records Law to the same extent as they would be if made on paper.
Visitors to UF Web sites who are not currently UF students, faculty or staff should refer to the university's Internet Privacy Policy for privacy information.
For purposes of this document, e-mail includes point-to-point messages, postings to newsgroups and listserves and any electronic messaging involving computers and computer networks. Organizational e-mail accounts, including those used by student organizations, are held to the same standards as those for individual use by members of the University of Florida community. E-mail is also generally subject to the Florida Public Records Law to the same extent as it would be on paper.
GatorLink email is the official email account for students. The GatorLink policy can be found at www.gatorlink.ufl.edu/policy.html.
While not an exhaustive list, the following uses of e-mail by individuals or organizations are considered inappropriate and unacceptable at the University of Florida. In general, e-mail shall not be used for the initiation or re-transmission of:
Computing resources are not to be used for personal commercial purposes or for personal financial or other gain. Occasional personal use of university computing resources for other purposes is permitted when it does not consume a significant amount of those resources, does not interfere with the performance of the user's job or other university responsibilities, and is otherwise in compliance with this policy. Further limits may be imposed upon personal use in accordance with normal supervisory procedures concerning the use of University equipment.
Web Pages Official university pages (including colleges, departments, bureaus, centers, institutes, etc.) represent the university and are intended for the official business functions of the university. Each official home page must use an address that ends in "ufl.edu" and be registered with the university's Web administrator who will then include it as a link from the UF Web Site Listing. (For more information on the ufl.edu domain, please refer to the UF Domain Name Policy). The following information must be readily accessible on the main page:
For more information on including the university's wordmark on a Web page, please refer to the UF's Graphical Standards Policy. For help finding a wordmark suitable for a particular Web site, UF's Web Administration maintains a set of official Web graphics.
Personal web space is provided for Gatorlink account holders at http://help.gatorlink.ufl.edu/webserv.html.
Employee pages represent the individual in his or her primary role as a UF employee. Incidental personal information on employee pages is deemed acceptable so long as it does not interfere with the function or desired presentation of the unit, cause disruption of normal service, incur significant cost to the university or result in excessive use of resources. Faculty and staff who wish to publish substantial personal information not related to their University functions should use an Internet service provider rather than using university Web resources.
Organizational and other pages represent recognized organizations, clubs, associations, sororities, fraternities, workgroups and committees affiliated with the university.
Using UF Web pages for personal gain is forbidden. Any private commercial use of UF Web pages must be pre-approved pursuant to existing university policies and procedures regarding outside employment activities. The university may require pages involving commercial use to reside on a specific domain such as ufl.org or ufl.com. All UF units that accept payment electronically via the Internet are required to process all sales transactions through the Office of Finance and Administration Web payment gateway (IPAY). Refer to the E-Commerce Security and Management Policy for more information. For advertising, Web page authors should be familiar with the university's policies regarding Advertising on University Webspace and Recognizing Corporate Supporters on the Web.
UF accepts no responsibility for the content of pages or graphics that are linked from UF pages. However, Web page authors should consider that such links, even when clearly labeled, can be misinterpreted as being associated with the University. Links to pages where you have a personal monetary interest are likely to violate policies regarding advertising and commercial use and should be avoided.
Excessive or disruptive use of university resources in the viewing or publishing of Web pages is not permitted. Units owning or administering the resources involved will determine whether specific usage is considered normal, excessive or disruptive.
Retention periods must be followed for all official university Web pages as required by the Florida Public Records Law. Official university Web pages are treated like e-mail and subject to the same guidelines set forth in the UF E-mail as Public Records Policy.
Users must not attempt to implement their own network infrastructure. This includes, but is not limited to basic network devices such as hubs, switches, routers, network firewalls, and wireless access points. Users must not offer alternate methods of access to UF IT resources such as modems and virtual private networks (VPNs). Users must not offer network infrastructure services such as DHCP and DNS. Exceptions to this policy must be coordinated with Network Services and the local network administrator.
For the purposes of this document, we refer only to wireless transmission using radio frequency (RF). Wireless is shared media and easily intercepted by a third party. Wireless users are encouraged to use some type of encryption. WIPA provides authentication and access to the internet from UF wireless connections, but it doesn't provide encryption. Use of the UF VPN is encouraged to encrypt wireless communication.
Improperly configured wireless access points (WAPs) might cause denial of service to legitimate wireless users. WAPs can also be used to subvert security. Wireless access points must be authorized by Network Services and the local network administrator. Information about UF wireless access can be found at http://net-services.ufl.edu/provided_services/wireless. For authorization to deploy wireless in the area of Shands Hospital and the Health Science Center, contact Shands or HealthNet.
A VPN provides secure encrypted access between a client and the VPN server. They are most commonly used for secure access to a trusted network from remote, untrusted networks.
VPN servers must be authorized by local network administrator. Information about the UF VPN can be found at http://net-services.ufl.edu/provided_services/vpn. For authorization and answers to your questions about VPN access to the Health Science Center, contact your local LAN administrator. For authorization and answers to your questions about VPN access to Shands, go to http://extranet.shands.org/vpn
