Introduction

PESIT Management Approved Use Of Computer Services

Personal use of PESIT computing equipment may only be approved by PESIT management if such use is clearly insignificant, does not interfere or compete with PESIT work, and does not involve any incremental cost to PESIT. Any questions concerning personal use of PESIT computing resources should be discussed with the system administrator.

Using PESIT computer systems to send or reply to "chain letters", or to distribute offensive or inappropriate material, is prohibited.

Passwords

The following guidelines are designed to help you select passwords that are not trivial or predictable, and are resistant to compromise by computer "hackers" .Computer access passwords must:

• Be at least 6 positions in length
• Contain at least one alphabetic and one non-alphabetic character.
• Contain an alphabetic or other non-numeric character in the first and last position.
• Contain no more than three identical consecutive characters in any position from the previous password
• Contain no more than two identical consecutive characters
• Not contain your userid as part of the password be it in whole, reversed or changed case. Parts of your userid in the password are also not encouraged.(SRI12RAM is a very weak password. Actually S1r2I3m4A5r is also very weak)
• Not contain the names of anyone you are even solely connected with. Family's and friends names are high in the priority of a brute force cracker (explained below)
• Not contain common words such as: Internet, Computer, Windows, PASSWORD ,etc..
• Be changed at least once every six months.

• When changing your password, you must select a new password, i.e., do not change the password to one that you used in the past.
• Note that hackers/crackers can use a variety of methods for gaining access.
• Social Engineering: This is getting password out of people by tricking them.For eg. a technician working for a computing magazine was tricked into giving his password away when he recieved a phone call from a person who convinced him that he was from VSNL and had trouble with the server. The man on the phone said that the VSNL server was down and they were re-creating the accounts and asked him for his old password so that he could continue.
• Trashing: This involves searchingdustbins, etc. or any scrap piece of paper. *Never* ever write down the password.
• Brute Force: This method involves cracking an account by blindly trying to login many times in the same account and guessing passwords. This isn't as ineffective as it seems. Passwords such as  SRI12RAM are very easy to crack by this way.

 

Protecting Against Computer Viruses

Be alert to the potential dangers of accepting programs from public sources such as bulletin boards and conferences, or unsolicited software. Do not execute a program if you are uncertain of expected results or do not know the source of the program. Also be wary of any program you recieve over the Internet (especially from hacker sites or unknown sites). If your mail reader supports ActiveX, Java, Javascript or VBScript, disable it. E-Mail is very effective in plain-text mode itself. Do not necessarily trust a site which claims to be safe either.

If programs on your machine are infected by a virus, report the virus infection immediately.
Harmful code false alarms and hoaxes are also a problem in networked environments. PESIT Students are not to send or forward e-mail notices concerning virus or harmful code warnings to other students.

 The Internet

INTRODUCTION

The internet is the mother of all networks.Initially, it consisted of a few computers in USA engaged in military applications in different locations that needed networking.They were collectively called Arpanet. It soon grew beyond that and educational institutions were also joined to this network, quickly allowing it to gain momentum. With the influx of students, the internet spawned a number of new ideas and protocols. The internet is not a product of genius and is not a miracle. It was largely formed due to the bright ideas of many people and slow development. As of today, there is no definition to the internet. One can best describe it as a collection of computers using many standard protocols and powering different applications. The internet has boomed only after the introduction of the World Wide Web (WWW). This allowed a new dimension in communication bringing the technology of the internet into the hands of a common man whose primary concern is ease of use and effectiveness.

The biggest step in the development in the initial phases of the internet is easily the allowing of universities to join it, instead of keeping it as a military network. It is with the same spirit that we plan to introduce the PESIT Internet Services.The Internet is a rapidly growing important resource for PESIT. Effective use of the Internet can provide a competitive advantage to us in the form of new opportunities, information gathering, improved external communications, and increased student responsiveness.

Internet access includes, but is not limited to; viewing web sites, sending and receiving electronic mail, transmitting or receiving files, accessing Usenet, and running Internet applications.

Noncompliance with the principles described in this document may result in disciplinary action, including dismissal.
 

Establishing New Internet Services

Because of the potential risk, establishment of new PESIT Internet services is strictly controlled, and all proposed new services must be approved before being placed into operation.

Privacy

PESIT's Internet web sites are obligated to respect the privacy wishes of individuals who visit the sites. PESIT web sites must not collect personal information about site visitors without the visitors' permission. Any personal information collected at an PESIT  web site must be protected against unauthorized access or disclosure.

All electronic documents created or stored or communicated using PESIT's computers are the property of PESIT. PESIT may access documents or communications stored on its property or in its systems whenever warranted by educational need or legal requirements; and reserves the right to monitor its systems for accounting purposes, to ensure proper use, and to detect security violations. Students should not expect that their communications using the college's systems are absolutely private. We are not very sure of Indian laws right now (We intend to find out.) but in the USA, e-mail messages older than 180 days can be accessed by others ( Read FBI,etc. ) without a court warrant. So please make sure that you delete all old messages.

Harmful Code

A "computer virus" is a program designed to copy itself into other programs. The virus may also be designed to cause the loss or alteration of data on a computer, or in extreme cases, to completely disable a computer. The virus is activated when the program "infected" by it is executed on a computer.

Be alert to the potential dangers of accepting programs from public sources such as bulletin boards and conferences, or unsolicited software. Do not execute a program if you are uncertain of expected results or do not know the source of the program.
If programs on your machine are infected by a virus, report the virus infection immediately.

Harmful code false alarms and hoaxes are also a problem in networked environments. PESIT students are not to send or forward e-mail notices concerning virus or harmful code warnings to other employees.

Other forms of harmful code can act similar to a computer virus, but are not transmitted by copying and executing infected programs. These newer forms of attack are activated by simply viewing a web site that contains maliciously programmed applets or JavaScript.

Web sites established by individuals (rather than by companies), and web sites established by organizations with questionable ethics, are prime candidates for hosting harmful code. You should avoid these sites whenever possible. Also note that sometimes big companies' web sites can also be dangerous. This is because their sites could have been cracked and hackers might be controlling it. NASA and the Pentagon have been hacked countless times ( But these always ended in those responsible being arrested - You can hack them but can't escape them.)

Conduct

When accessing the Internet :

• Adhere to the security and usage guidelines defined in this document
• Use only services you have authorization to access. Do not try to get into open Internet system or server ports without prior authorization
• Do not run security testing tools/programs against any Internet system or server without explicit authorization from the system/server owner
• Always represent yourself as yourself - never someone else
• Do *not* let someone else represent themselves as you ( Help us Help you!)
• Do not place any material on the Internet that would be considered inappropriate, offensive or disrespectful to others, and do not access such material

• Do not send mail so that it appears to have come from someone else
• Do not send unsolicited advertising via mail
• Do not automatically forward PESIT internal mail to an Internet site.
• Do not use autoreply functions to respond to your Internet mail.
• Do not send or reply to chain letters.
• Do not get involved in flame wars.

Usenet is a fantastic place for research and leisure. Think of it as the largest BBS in the world. However, it isn't without a fair amount of trouble. If you post material in Usenet, expect not only replies and kudos but also spam as well. It not only publishes your mail address all over the world but also allows others to check on you.Consider this following piece from Feb.97 PCWorld:
 
Use the internet and your life is an open book From the Web sites you visit to the e-mail you send, someone may be watching. Christopher Kantzes recently found out how little privacy the internet has to offer.For about a year, the Fisher Rosemount systems engineer has occasionally prowled relatively noncontroversial discussion groups such as rec.food.drink.beer and left his opinions to dozens others left there. He figured that this was an innocous and reasonably anonymous activity. That is, until the Minneapolis Star-Tribune chose him at random to piece together a profile based on his online ruminations.
Using DejaNews, a website that lets you search internet newsgroups by an individual 's name, the newspaper produced a fairly complete dossier on Kantzes. He was born in Salisbury, Maryland; went to school at the University of Delaware and the Syracuse University; worked at Magnavox in Fort Wayne, Indiana, before taking his current job; plays at Theatre de la Jeune Lune in Minneapolis; is partial towards Garrison Keillor, microbrewed beer, good restaurants and Apple Macintoshes; dislikes Bill Gates and Indiana (which he called a socially repressive state); and had vacationed in Paris and Rome in 1995.
Soon after the Star- Tribune published his article, Kantzes moved. Within weeks, an Internet electronic white pages service had a listing with his new address and phone number
More ellaboration, we think is unnecessary in this point. Dejanews' caution is applicable to all those using PESIT Internet Services:
"Be careful what you say about others. Please remember- you read netnews; so do as many as 3,000,000 people. This group quite probably includes your boss, your friend's boss, your girlfriend's brother's best friend and one of your father's best beer buddies. Information posted can come back to haunt you or the person you are talking about."
In any part of the internet, do not say anything or post anything you wouldn't shout through a megaphone in a crowd of 3,000,000. Do not write in E-Mail anything you wouldn't write in a postcard. For secure E-Mail, use encryption.

• Do not try to telnet to a system you are not authorized to use
• When selecting a telnet password for use on an Internet system, do not select the same password as you use on PESIT internal systems

Intellectual Property Rights

• Most information and software that is accessible on the Internet is subject to copyright or other intellectual property right protection. Therefore, nothing should be copied or downloaded from the Internet for use within PESIT unless express permission to do so is stated by the material owner. Also please retain proof that the material owner has given you permission. In such cases do not accept plain E-Mail approvals. Insist on digitally signed E-Mail.
• Materials distributed over the Internet in the form of shareware or freeware, often come with express requirements or limitations attached (for example, not to be used for commercial purposes; can not charge others for use or

distribution; subject to a copyright or attribution notice being affixed to each copy, must distribute source code, etc.) If there are such terms applied, you must read and understand them before downloading the software, and make a copy of the terms if possible. If any part of the terms is not compliant with PESIT policies or downloading the software to PESIT constitutes violation of their terms,then please do not download the material.

Inappropriate Internet Web Sites

• Web sites that contain sexually explicit images and related material
• Web sites that advocate illegal activity
• Web sites that advocate intolerance for others

If PESIT students' access to specific web sites containing inappropriate material becomes a source of embarrassment to the PESIT college due to news media or trade press reports, PESIT may choose to apply technical control measures to prevent further access to those sites. PESIT does not routinely scan Internet web sites for inappropriate material, nor does it attempt
to maintain a complete list of inappropriate web sites. PESIT students should not presume that PESIT approves access to all web sites not blocked by PESIT technical control measures.

Receiving Unsolicited E-MAIL

PESIT students holding an Internet e-mail address may be recipients of unsolicited non-educational e-mail (sometimes referred to as spam or junkmail). This situation is very similar to receiving unsolicited telephone calls or unsolicited postal mail. If you are spammed, please do not spam back. A flame war can be very taxing on system resources. Instead, please contact the system administrator asking him/her to block the other person's mail out using filters.

The easiest, and generally most effective response to unsolicited e-mail is simply to ignore the mailing. In specific cases where individuals or organizations on the Internet demonstrate themselves to be a continuous source of unwanted and unsolicited e-mail, PESIT may choose to apply technical control measures to prevent the receipt of further mailings from those individuals or organizations.

PERSONAL USE

Access to Internet services for personal use during your normal hours is allowed if such use is clearly insignificant as compared to your educational  use. In addition, personal use during or outside of normal hours must:

• not interfere or compete with PESIT work,
• not interfere with your work or the works of other PESIT students,
• not interfere with the operation of PESIT's Internet gateways,
• comply with the security and usage guidelines described within this document.
• exercise restraint

Questions concerning personal use of Internet services and PESIT computing
resources should be discussed with system administrator.