Webserver use, configuration and management

Unit WUCM1

Further security homework

University policies

Janet “Acceptable Use Policy”

In the context of academic computing, there is the Janet “Acceptable Use Policy” (http://www.ja.net/company/policies/aup.html) which sets out how academics, students and other university staff may use the Joint Academic Network – Janet. As a student of the UoP you are also bound by this policy.

Your first task is to look it up and look through the points raised. How many of the points at issue do you think have an impact on yourself?

University of Portsmouth policies and rules

In respect of your study at the University, what security policies affect your computer usage? Can you remember what you signed up to on your first use of a University computer? Where could you find it?  

The next task is to hunt up the Information Services website and track down the one you agreed to at the beginning of the year. There are a number of others. Working in pairs, go through the policy statements and classify them as to whether they:

  1. Benefit you as an individual.
  2. Benefit your year group collectively.
  3. Benefit the IS technical support staff.
  4. Benefit the University as an organisation.
  5. Benefit the UK academic community as a whole.
  6. Benefit people or organisations outside of the academic community.

Other "Acceptable use" policies

Try a web search for other "Acceptable use" policies. Are the majority aimed at educational, commercial or industrial organisations? Compare a few with the Janet one.

For each policy, review the principal groups of people who would benefit from observance of the policy. Get a printed (or download for later study) copy of a representative policy. This will be worth referring to in later discussions.

Commercial security policies

Basic security policy

Try a web search for "Security Policy". Your task this time, after you have looked at a few of them, is to evaluate the proportion that relate to computer or information security. Is this conclusion significant?

What are the common themes? How do they compare with the list of main characteristics discussed in the lecture? Retain a copy of the one you feel most representative.

Other security related policies

ISPs usually have a "Fair use" policy, or similar security related policy. In an earlier practical, you looked at the policy statement for your selected ISP. Compare that policy with the general security policies you have identified above. Evaluate the main groups of people who would benefit from observance of the policy.

Can you answer the question: “why have they produced the policy?” Is it evident in the policy itself?

Other policy statements

Email usage

This topic generates a number of issues that relate to the question of security policy, and significantly now that many users access their email via a webserver, have an impact on the main point of the unit.  

Consider that you are tasked with the job of formulating a "fair use" policy for your company’s e-mail system. In groups of 2-4 discuss and decide on what aspects of email use should be included and, more importantly, why? Prepare notes on your policy.

In your group decide on what legal status an email sent from one employee to an external customer should have. You might like to consider the questions posed by Whelan  (2000):

  1. Can e-mail messages be used in a court of law?
  2. Should company e-mail messages contain the same standard information as presented on company stationary – registered address etc.?
  3. As an employer, can I hold employees liable for the contents of their e-mails?
  4. As an employer, am I entitled to look at employees' emails?
  5. If I receive an e-mail, can I copy part of it and use in other material?
  6. Can I change a contract by e-mail?

There are many other questions that might be asked but this is a good start.

Now look on the web for material on both of these questions. What might be good search terms? Before starting, set out your search terms, and after the search look back and review your criteria. Can you now suggest better search terms? (For information on good search strategies see Hock, (2001) (in the library) or look for search advice on the search engines you used.

References

Robin Nobles and Kerri-Leigh Grady
Website Analysis and Reporting
Prima Tech, 2001
ISBN: 0761528423

Randolph Hock
The Extreme Searcher’s Guide to Web Search Engines, (2e)
CyberAge Books, 2001
ISBN: 0910965471

Ben Laurie & Peter Laurie
Apache: The Definitive Guide (3e)
O'Reilly, 2003
ISBN: 0596002033

Ben Laurie & Peter Laurie
Apache: The Definitive Guide (2e)
O'Reilly, 1999
ISBN: 1565925289

Michael Chinery
Spiders
Whittet Books, 1993
ISBN: 1873580096

Jonathan Whelan
FT.COM (Pearson Education), 2000
ISBN: 0273644653

Amrit Tiwana
Web Security
Digital Press, 1999
ISBN: 1555582109

Simson Garfinkel with Gene Spafford
Web Security, Privacy & Commerce (2e)
O'Reilly, 2002  
ISBN: 0596000456                 ((1e) was 1997)
 

Last updated by Prof Jim Briggs of the School of Computing at the University of Portsmouth