Network Security Policy
Policy No. H.2.
Marine Biological Laboratory
Network Security Policy
Initiated by: Director, Information Systems Division
Approved by: MBL Computer Advisory Committee
Date: August 29, 1994
Revision: November 29, 2001
Distribution: All Users of the MBL Network
1.0 Policy Statement:
It is the policy of the Marine Biological Laboratory (“MBL”) to prohibit the unauthorized use of the
MBL Network itself and those computing resources connected to the network. The network utility at
the MBL is dedicated to facilitating high speed communication between and among the research
communities, various government organizations, information providers and other commercial
vendors and companies. The MBL Network is the property of MBL. MBL reserves the right to change,
modify or revoke this policy with or without notice, at any time.
2.0 MBLnet Security Policy Goals:
2.1 Availability – ensure that systems, networks, applications, utilities, and data are on-line and
accessible when authorized users need them.
2.2 Integrity – protect user information, data or software from improper modification or access (i.e.
virus or unauthorized access/modifications.)
2.3 Confidentiality – assure that sensitive data is read only by authorized individuals and is not
disclosed to unauthorized individuals or to the public.
2.4 Propriety – ensure that the MBL Network is used only for its intended purposes and not for any
prohibited activities and uses.
3.0 Conditions and Procedures For Use:
MBLnet users shall adhere to the conditions and procedures set forth in this policy. Violation of this
policy will result in the loss of network privileges and may result in criminal or civil prosecution
and/or disciplinary action for MBL employees up to and including discharge.
3.1 All users of MBLnet shall abide by the following conditions and procedures:
3.1.1 Users shall not make unauthorized copies of data or software, however, the user is
responsible for ensuring that data under their purview is adequately and routinely backed
3.1.2 Users are to choose passwords wisely and to keep them secret (Policy No.H2.2).
3.1.3 Users are to access the system and data in an authorized fashion only.
220.127.116.11 Users shall not allow access or use of their account to any other individual or
18.104.22.168 Users shall not leave their computer logged in to networked services and
unattended. Users shall use password protected screen savers and/or log out
of applications before leaving the computer.
22.214.171.124 Users shall not give system or site related information to an unauthorized person
either in person in any manner, by telephone, email, written material, etc.
126.96.36.199 Users shall not type a command or a password for an unauthorized person.
188.8.131.52 Users shall not send security related information (i.e. a password) over E- mail.
184.108.40.206 Users shall not give accounts on personal workstations to unauthorized users.
3.1.4 Security violations or unusual activity should be reported immediately to
3.1.5 Unusual activity could include:
220.127.116.11 mysterious or missing files
18.104.22.168 attempted use of a user’s account without his/her consent.
3.1.6 Users acknowledge the right of the organization to monitor system use for legitimate
business purposes, including security purposes, as set forth in § 6.0.
3.1.7 The networked servers are not for personal use and the organization will not be held liable
for safeguarding any personal data or programs placed on the servers.
3.1.8 Users are responsible for coordinating with the MBLnet Network Manager any network
activity or additional connections that may affect MBLnet performance. Network
connections may be obtained only in the authorized manner by contacting ISD.
3.1.9 Users are not to install or execute any programs or processes which are designed to
gather information about the MBL network, the servers, or other machines on the
Internet, both inside and outside of MBL.
3.1.10 Users are not to purposefully access MBLnet or any MBL or Internet servers or
computers in a manner which disguises the user’s identity, computer name, address,
location, or other identification of the electronic source.
3.1.11 Users are to ensure that all use of computing and network resources is consistent with
the educational and scientific mission of the MBL.
3.2 Information Systems Division (“ISD”) reserves the right to remove user accounts and/or revoke
network access privileges for cause. For purposes of this policy, “cause” is defined as the user’s
failure to adhere to the conditions or procedures set forth in this policy or engaging in any other
inappropriate conduct with respect to the MBL Network.
3.3 System Administrators will be responsible for :
3.3.1 managing and overseeing security to ensure privacy and integrity of user information.
3.3.2 monitoring the system for security breaches and unauthorized activity using available
security utilities and software.
3.3.3 using available utilities to ensure secure movement of data within MBLnet and over the
3.3.4 taking every precaution to minimize network and machine downtime.
4.0 Prohibited Activities and Uses:
4.1 The network shall not be used to transmit any communication where the meaning of the
message, the content of the file, or the operation of the application, including its transmission or
distribution, would violate any applicable law or regulation or would likely be offensive to the
recipient or recipients thereof.
4.2 For example, the use of foul, obscene, discriminatory, unlawful or harassing language or images
when sending or displaying messages on e- mail is prohibited.
4.3 Also, it is unacceptable to use the Internet to send, display, download or print offensive messages
or pornographic materials or sexually explicit pictures, derogatory religious or racial or
5.0 Unsolicited advertising:
Unsolicited advertising may not be “broadcast” or otherwise sent to any user of the MBLnet network
or any directly or indirectly attached network. However, when requested by a user of the networks,
product information and other commercial messages are permitted to be transmitted over the
MBL does not intend, as a matter of policy, to randomly monitor the use of technology (including
e-mail), and will consider the individual user’s limited interest in privacy to the extent feasible and
consistent with MBL’s institutional interests and goals set forth herein. A limited number of
authorized MBL personnel will have unrestricted access to and may monitor information stored on
the MBL Networked servers (including e-mail) for legitimate business purposes. These may include,
but are not limited to, retrieving business information; trouble-shooting hardware and software
problems; preventing system misuse and the unauthorized accessing of confidential, proprietary or
trade secret information; assuring compliance with software distribution policies; security purposes;
and complying with legal and regulatory requests for information. Given these business requirements,
MBL cannot guarantee the privacy of documents and messages stored in the network. Accordingly,
MBL reserves the right to access and review all information on the system for legitimate business
Users are hereby notified that access to the MBL network increases the vulnerability of whatever
equipment is connected to the network. MBL makes no warranty either expressed or implied with
respect to security measures implemented on the network or computing resources. Users shall be
responsible for their own security measures to protect their hardware, software and data.
8.0 Virus Control and other Compromises:
8.1 Users must ensure that any media (i.e. disks, CDs or any computer equipment) brought into the
MBL from outside is free of viruses, worms, or other compromises before used in a PC or
connected to the network. If a user is uncertain how to check a disk or computer, he or she
should contact the help desk.
8.2 If a virus, worm, or compromise is detected or suspected, the user should contact the help desk
8.3 Users should use EXTREME CAUTION when opening e- mail attachments. E-mail has become the
most likely way viruses are spread. If a user does not know the recipient or is not expecting the
attachment, then the attachment should NOT be opened.
8.4 Another frequently used “social virus” is in the form of an e- mail that urges the recipient to send
everyone he or she knows a copy of the e- mail. Often it professes to protect against a new virus
or serious incident. Users should NOT forward copies of such an e- mail, which often is a hoax. Users
can, however, forward one copy to the help desk to verify the claim.
8.5 MBL Administrative computers are equipped with a corporate AntiVirus protection program by
ISD. The computer user may not alter settings of this program.
9.0 Policy Updates:
Policy clarification and updates are available from the Information Systems Division.