These guidelines have been written to outline the use of computer assets in the Scalable Computing Laboratory at Ames Laboratory. This document should be considered as adding additional restrictions and clarification to both the Ames Lab Computer Use Policy and the Iowa State University Code of Computer Ethics.

Comments and questions regarding these guidelines should be directed to the contact person listed below:

Name	Mark Klein
Address	327 Wilhelm Hall
Phone	294-1307
E-mail	mdklein@scl.ameslab.gov

1.0 PURPOSE and SCOPE

People requesting access to the SCL computing resources will be given a copy of this guideline statement and must sign a certification that they have read and understand the statements contained therein. The signed certificate will be kept on record in the SCL for at least as long as the account is active.

All existing users must also sign a certification that they have read and understand these guidelines. These guidelines are available in electronic form but the certificate must be printed out and signed. Existing users will be given 30 days to deliver a signed certificate.

If a user dissagrees with any portion of the guidelines, they should immediately stop using SCL computing resources and contact Mark Klein (515-294-1307).

The purpose of these guidelines is not to add new restrictions on the use of SCL resources. The purpose is to guarantee that users are aware of the existing restrictions.

2.0 INTRODUCTION

Ames Laboratory, a government owned, contractor operated facility located on Iowa State University campus, conducts theoretical and experimental research for the United States Department of Energy under contract number W7405-Eng-82.

Federal money is used to purchase, upgrade, and maintain all of the equipment in the SCL.

Therefore, the SCL computer use guidelines are derived mainly from laws about acceptable uses of federally owned equipment, and Department of Energy policies and recommendations.

3.0 USE OF COMPUTER ASSETS

Computer crime has not been a problem in this laboratory. However, to conform with higher organizational directives and to simplify review, the guideline is outlined below.

3.1 All of SCL's computer hardware, programs and data are for the sole use of SCL users in the performance of work authorized by the United States government or Iowa State University.

3.2 All use of SCL computers must be for authorized, approved work. The use of SCL resources for personal or non-work-related activity is prohibited.

3.3 All software that is used on SCL computers must be used for authorized, approved, official laboratory work. On multi-user systems, only the system administrator is authorized to load commercial software. Any user who loads software on any SCL computer assumes the responsibility to ensure that the software license for the software they load is not violated.

3.4 Creation and use of classified programs and files is not authorized on any SCL computer.

3.5 Creation and use of programs and files utilizing private personnel information is not authorized on any SCL computer system.

3.6 To prevent the spread of viruses, all email attachments should be scanned by an anti-virus program before opening. Unexpected attachments should receive additional scrutiny.

3.7 Passwords for access to SCL computing facilities must be protected by the individual users from unauthorized disclosure or use. Sharing of passwords will not be permitted unless specifically authorized by the CPPM, Program Director or Department Manager. Passwords must be changed as soon as possible after a suspected compromise of security or unacceptable exposure.

3.8 Using computers under a root account should be avoided whenever possible. Abuse of root privileges may cause a loss of network connectivity as well as support capabilities.

3.9 Avoid installing packages other than security upgrades without consulting the administrators. Packages may interfere with other services that are running.

3.10 The SCL complies with Ames Lab's ongoing sampling program to ensure that programs and data files on SCL computers comply with the above. (This program requires the Assistant Computer Protection Manager to review a portion of all the files on all systems on a regular basis.)

3.11 When a user account is deleted, all files in the home directory are archived, and then the account is deleted and the home directory removed.

3.12 Persons found in violation of the above guideline may be charged with misuse of government property. Such misuse is punishable by fine or imprisonment or both.

The help of every user is solicited. SCL cannot afford to have people who would openly misuse the trust that was freely given them when their account was granted. It is the responsibility of each SCL user to report suspected misuse of computer resources, theft of computer equipment and misappropriation of funds to higher and/or proper authority in order to prevent such wrongdoing from embarrassing SCL. Only through the help of all users can the laboratory ensure that it will remain an organization held in esteem by university, state and federal agencies.

4. EXAMPLES OF INAPPROPRIATE AND/OR ILLEGAL USE.

Examples of unauthorized use might include, but are not limited to: games, interest calculations, amortization programs, picture generators, holiday greeting generators, party invitations, poetry, personal letters, personal finance programs, investment programs, recipes, outside organization membership lists, programs utilized for personal gain, etc.

The incident at PNL where numerous people lost their jobs and several people went to jail helped DOE clarify the policies regarding pornography We are required to immediately contact the Ames Lab CPPM if we uncover evidence of uploading, downloading, storing or viewing pornographic material on goverment owned equipment. The CPPM will then report the problem to the DOE Chicago Operations Office, the Lab Director, Public Affairs and the law enforcement agencies. We do not have the option to deal with this type of problem ourselves. All judgement calls will be made by DOE officials and/or law enforcement agencies.

Downloading or developing tools or instructions on how to compromise the security of SCL computers is unauthorized unless you have a written exception from the head of the SCL.

Privacy Issues

There should be no expectations of privacy on any SCL computers. The Department of Energy requires that all ADP equipment usage is monitored for potential Waste Fraud and Abuse. All Computer Security Protection Managers (CPPM) and Assistant CPPMs are required to audit the computers in their groups at least twice a year to check for waste, fraud and abuse. This audit explicitly requires them to review files on every machine.

The following monitoring methods are used within the SCL.

Network Monitoring
• Automated network sniffers which attempt to identify suspicious behaviour and log all relevant packets.
• Non automated sniffers which record packets for manual review.
• Occasional ad hoc monitoring primarly focused on identifying and resolving problems with network applications.

File Monitoring
• All file systems are ocassionally reviewed for space usage. Large images or large collections of images found during these reviews will be examined. We are required to immediately report any pornographic images discovered to the Ames Lab CPPM who will then report it to the DOE Chicago Operations Office, the Lab Director, Public Affairs, and the FBI.
• If a file system becomes full, the names of all files in that file system are typically reviewed for potential waste fraud and abuse.
• The following checks are performed after security incidents and before waste fraud and abuse reports are due.
  • Exhaustive search of the names of all files on most machines.
  • A random selection (usually based on inode number) of files are reviewed.

Email Monitoring
• The addresses of all mail sent or received by the mail server is logged.
• All messages which are undeliverable are sent to postmaster@scl.ameslab.gov which is read by all members of the system administration staff.
• During short periods when the mail software on the mail server is upgraded or modified, all incoming and outgoing mail may be logged to ensure that no email is lost due to configuration problems.
• Because email is essentially sending files across the network, it is also subject to the network and file monitoring listed above.

Please sign and return the following section when requesting access the the SCL resources.

I understand the computer use policies above and agree to follow them
when using Scalable Computing Laboratory Resources.


Name:          	____________________________________ SCL Help 
                                                     assign e-mail: ___________________________

Telephone:     	____________________________________


Current Email:  ____________________________________ Return to SCL office


Sponsor's Name: ____________________________________


Organization:   ____________________________________


Signature:      ____________________________________


Start Date:     ____________________________________ Check out date: ___________________________


Access Needed:  -------------------------------------Forwarding e-mail:_________________________
(which machines,
 if known)