Goshen College Code of Conduct for Use of Computing Facilities

Introduction
Computers and the Internet are powerful tools and an integral part of a GC education. However, it is quite possible to use these technologies in ways that cause problems ranging from embarrassment to lawsuits. This policy is designed to help you avoid the social, ethical and legal pitfalls associated with computer use in the internet age. Your use of the Goshen College computing environment implies your acceptance of the following guidelines:

The computing and network resources provided by Goshen College are intended to support the academic mission of the institution. Usage of these resources must be in accordance with GC's "Community Standards", other campus policies and guidelines, and applicable laws. Acceptable uses include: instruction, independent study, authorized research, independent research, and the official work of the offices, departments, recognized student and campus organizations, and agencies affiliated with the institution.

If you have a question about whether a specific use of computing or networking resources is legal or appropriate, refer to this document or send e-mail to and ask before proceeding.

Please read these rules carefully. For further information, see the Additional Links section at the bottom of this page.

Rules of Conduct

Rule #1 - Your Use of Computing Resources
Rule #2 - Password Security
Rule #3 - Commercial Uses
Rule #4 - Illegal Activities
Rule #5 - Harrassment
Rule #6 - Appropriate Use
Rule #7 - Forgery
Rule #8 - Copyrights
Rule #9 - Plagiarism
Rule #10 - Unauthorized Access

Only you are entitled to use computing resources provided by the college specifically for your use. (Such as your Ethernet connection.)

RULES

Do not give your password to anyone else, even people you trust, like your boyfriend, girlfriend, brother, sister, or a friend who has offered to help you fix a problem. If you suspect that someone may have discovered or guessed your password, change it immediately.

• You are responsible for any fees or damages incurred using the ResNet connection or computing resource assigned to you, even if a friend using your account without your permission did the damage.
• You will also be held responsible for destructive or illegal activity done by someone to whom you gave access. (This rule applies even if the computing resource doesn't require a password -- for example, if you give someone else physical access to your Ethernet port.)

RULES

The following commercial uses are expressly prohibited:

• Advertising for or promotion of third party businesses.
• promotion of affiliate programs on GC websites.
• receiving payment for your use of GC computers or network bandwidth

It is, however, permissable to link to non-GC sites promoting business or professional activity.

RULES

Never use any college-provided computing resource to do something illegal, threatening, or deliberately destructive--not even as a joke. All complaints will be investigated. Student Life investigates complaints about students; the Office of the Provost investigates complaints about GC faculty and staff.

• Violations can result in disciplinary action, criminal charges, or both. The police and the FBI routinely investigate such matters.
• Ignorance is no excuse.
• You cannot be exempt from the law because you are "just a student" or you were "just playing around".
• If you are a student with a part-time job at the college, you may be disciplined as an employee and as a student, resulting in both professional and educational consequences.

RULES

Be civil. Do not send rude, offensive or harassing e-mail. If someone asks you to stop sending mail, then stop sending it. If you fail to do so, the person can file a complaint and you can be disciplined. If you ever feel that you are being a victim of harrassment, it should be reported immediately to Student Life (x7543). If you are concerned for your safety or feel that you are in danger, talk to your Resident Director, campus security or Student Life, or in an emergency call 911.

RULES

Be a good citizen--use resources appropriately. Do not interfere with the activities of others or use a disproportionate share of resources. Send messages only to those who may be interested in the content. Examples of inappropriate use of resources include.

• Unauthorized access to a personal or GC system or account
• Deleting or copying files from another person's computer account
• Excessive use of disk space or network bandwidth
• Excessive recreational use during work hours or in public labs
• Unapproved mass emailings to campus users
• Logging into multiple computers for non-academic purposes
• Installation of software on public computers which compromise their security or reliability, or interfere with maintenance procedures
• Installation or use of sexually explicit or offensive screensavers, wallpaper, pictures, etc.
• Sending intimidating or harassing messages
• Sending unsolicited bulk e-mail or advertisements (spamming)
• Attacks on networks or systems within or beyond Goshen College
• Using college resources for personal financial gain or illegal activities
• Performing activities that interfere with the rights of others
• Viewing or printing offensive material in a public area
• Distributing chain letters

These actions frequently result in complaints and may incur restriction or suspension of computing priveleges and/or disciplinary action.

RULES

Never falsify e-mail or newsgroup postings. This type of forgery can result in serious criminal penalties and disciplinary action by the Judicial Board or the Office of the Provost.

• All messages must correctly identify the sender.
• All electronic mail messages belong to someone and should be treated as private communications unless the author has explicitly made them available to others.

  RULES

Avoid copyright infringement. It is a violation of college policy and federal law to participate in copyright infringement. Copyrighted materials include, but are not limited to, computer software, audio and video recordings, photographs, illustrations, artwork and written material. Violators are subject to discipline, including suspension, as well as legal liability, even if the work did not contain a written copyright notice. See the GC Copyright Policy for more information.

RULES

Avoid plagiarism. The web contains a wealth of content. If you make use of it, you must include appropriate citation. Never attempt to pass off others' work as your own.  Papers you submit for coursework may be checked for plagiarized material copied from the web, other student papers, and selected online databases.  Cases of plagiarism are reported to the Associate Dean. Penalties for plagiarism are listed in the college catalog and range from redoing the assignment to dismissal from the college.

More info on Plagiarism

RULES

Never try to circumvent login procedures on any computer system or otherwise gain access where you are not allowed. This is not acceptable under any circumstances and can result in serious consequences, including disciplinary action by the Judicial Board or the Office of the Provost.

RULES

Additional Links:
Digital Milllenium Copyright Act
Avoid Embarrassment
US Government - Copyright Basics

Some material used with permission from University of Texas, Austin and Salem State College.

Using GC Mass Emailing Lists

Background
Information Technology Services (ITS) has made available a number of mass emailing lists for limited campus use. Sending an email message to any of these lists will distribute it to all of the users on the list. Below is our policy for promoting accountability and responsible use of this campus resource.

Goals
The goals of this policy are to

1. provide appropriate, decentralized access to the lists; and
2. to achieve this decentralization while maintaining an acceptable level of accountability.

Generally, this means giving access to these lists to one person per department. This can be a department head, office manager, or whomever makes sense for each department. These people will be informed about the proper use of the email list and will act as a "filter" for their department, making sure that messages sent to the email lists follow the guidelines below. Since these email lists affect so many people, users or departments who refuse to follow the guidelines may lose access.

Email Lists Available

Administrative faculty	ADMIN
Administrative & Teaching Faculty and Staff	EMPLOYEE
Entities separate from Goshen College (Marriot, Archives)	OTHER
Teaching faculty	PROFESSOR
Teaching and Administrative faculty	FACULTY
Retired faculty	RETIRED
Staff	STAFF
Students	STUDENT

Guidelines for Using Mass Email Lists

1. Email sent to a mass email list must be of value or interest to a majority of those on the list.
2. Email sent to a mass email list must be kept reasonably short, less than a page.
3. Email sent to a mass email list must be clear, concise and well-written.
4. Email sent to a mass email list must not include attachments.
5. Whenever possible use the Communicator and/or Faculty-Staff Bulletin instead of mass email lists.
6. When in doubt about sending email to a certain mass email list contact ITS before going ahead.
7. The more often the mass email lists are used, the more likely people are to ignore the messages. Remember, less is more!

Rationale Behind the Guidelines for Using Mass Email Lists

1. Many of us have experienced "junk email" when an unscrupuluous mass marketer sends email to thousands of people hoping for responses from a few interested people. Sending email to our lists that is only of interest to a small fraction of the recipients is email abuse and a waste of Goshen College computing and personnel resources.
2. Remember that email sent to these lists will be going to hundreds of users. This means that hundreds of copies of your message will be sitting in emailboxes, hundreds of people will need to read through your message and hundreds of people may decide to store or print your message. That is a lot of Goshen College resources and people time. Documents longer than one page or with complex formatting should be posted to the web. The email to the list then only needs to contain the URL (i.e: https://gconline.goshen.edu/public/announcement.html) and a very brief description. This has several advantages. It can be easily referred to in the future. Only one copy is maintained and can be easily updated without sending out hundreds of new copies. For information on how to publish announcements to the web contact ITS.
3. See number 2 above. Also, remember that any erroneous or confusing information you send out could generate hundreds of email replies that you have to answer. Read it through twice and have a coworker read it through before sending to the email lists.
4. See number 2 above. Although including attachments can be helpful when working with highly formatted documents, it is often a waste of time and resources when you are just trying to convey information to a large group of people. It forces users to start up another application. In some cases it may mean the user has to convert the attachment to a format compatible with their software. This is not a problem with a regular email message or with documents published on a web page. Additionally, documents published on a web page can be easily corrected or updated without sending out hundreds of new copies.
5. The Communicator and/or Faculty-Staff Bulletin are the official means of communicating information on campus and should be used as such. At times, however, critical information needs to go out. Waiting for the next Communicator or Faculty-Staff Bulletin to be published may make the information moot. In these cases it is very appropriate to use one of the mass email lists.
6. Since ITS often gets complaints about inappropriate use of the mass email lists, we can often give guidance when you are trying to decide the appropriateness of sending a mass email message.
7. If the mass email lists are used frivolously, then users will begin to assume that messages sent that way are less important. The messages will be ignored or trashed without being read more often. This diminishes the value of the mass email lists. If we only use the lists for important information of interest to the majority of people on the list, then users will see messages sent that way as worth their attention.

Getting Access to the Mass Email Lists for Your Department
Before requesting access to the mass email lists for your department, please check the list of authorized users below. If your department does not yet have an authorized user or you need to change your department's authorized user please decide who that person should be (usually an office manager or department head) and email your request including a brief rationale for the request to . Allow at least two business days for processing. All authorized users will need to agree to the use guidelines before being given access.

Note, in a few cases it may be appropriate for more than one person in a department to be an authorized mass email list user.  In a few cases, people not on the below list may have access to a single list as needed.

Users with Access to the Mass Email Lists

Accounting	Jean Yoder
Admission	Nina Newburn
Business	Michelle Horning
Career Services	Anita Yoder
College Relations	Mary Ann Bean, Jan Ramer
Executive Offices	Frank Johnson, Dave Janzen, Jim Histand, Nancy J. Miller, Betty Schrag, Deanna Risser
Financial Aid	Galen Graber, Betsy Eggink
ITS Media	Paul Housholder, Sarah Mlotshwa, Mike McHugh
Library	Sally Jo Milne, Lisa Guedea Carreno
Music Center	Brian Wiebe
Physical Plant	Joy Hite, Glenn Gilbert
Printing & Mailing	Joe Bean
Public Relations	Rachel Lapp, Myrna Kauffman
Registrar	Stan Miller, Carol Leatherman
Science	Marilyn Bayak
Student Life	Shirley Shriner, Bill Born
SSWA	Marge Brandeberry
Wellness Center	Nelda Johnson

GOSHEN COLLEGE PRIVACY OF ELECTRONIC FILES AND COMMUNICATIONS

Desktop Computing Hardware Policy

The college is committed to providing adequate computing equipment for its employees. Currently, that commitment consists of the following guidelines, with planning and budgeting occurring in April of each year:

The following guidelines will be used to evaluate all existing equipment, upgrades and additional equipment requests:

For the purposes of this policy, a temporary employee is someone who is hired for less than a full academic year. Though temporary, these employees may still require computer access. New employees may begin at any point in the academic year, and fill a position that did not exist previously. Equipment for these employees will be funded based on the following criteria:

1. Notification. If the department notifies ITS of the need during the spring budget cycle, ITS will participate in the funding of the equipment. If not, the department will bear the full cost of the equipment.

2. FTE. The employee's FTE will be calculated against a full-year contract. (ie. an employee who works full-time for 6 months would be .5 FTE) If the notification requirement has been met, the department will be charged using the same fee structure as described for part-time employees below.

3. If the department purchases the equipment, ITS will place a current year or projected next year standard system in conversation with the department. ITS will then take over the maintenance of that equipment at the end of its useful life.

4. Equipment purchased by a department will not be subject to any additional charges (ie. part-time usage charges) until after ITS replaces it in the next equipment cycle.

In part-time staffing situations, any multiple of workers adding up to .6 FTE or greater will be treated as full-time. In situations where combined usage is between .3 and .6 FTE, the department (or departments) will be responsible for a $125/year computing access fee. In situations where combined usage is less than .3 FTE, the department will be responsible for a $200/year computing access fee. For Custodial and Trades staff, appropriate access will be negotiated between the department and ITS.

For grant-funded employees there is an expectation that the grant will pay for the employee's computer equipment. If it is to be supported by ITS, it must meet ITS hardware standards and should be purchased through ITS. Grant-writers should use the following guidelines for budgeting:

1. Desktop computers: $350/year
2. Laptop computers: $600/year

The college commitment also includes access to regional laser printers. Departments wishing to use personal inkjet printers will be responsible for the equipment, consumables and maintenance costs.

1. ITS must be notified of needs for the following academic year during the spring budgeting cycle. Needs which arise after that time will be handled out of departmental funds or can wait until the next annual cycle.
2. All hardware cycles are projections and are subject to change based on availability of funds.

GOSHEN COLLEGE ADMINISTRATIVE SYSTEMS SECURITY PROCEDURES

Jenzabar information systems are an integral part of the mission of Goshen College. The college has made a substantial investment in human and financial resources to obtain and manage these systems. The following procedures have been established to protect this investment and the good reputation of the college; to develop data stewardship to safeguard the information contained in these systems; and to enhance the fulfillment of the mission of the college.

Information Technology Services (ITS) Data Systems staff are responsible for the administration of these security procedures, in accordance with all college information policies dealing with security, access, and confidentiality of college records.

Statement of responsibility

All users of Jenzabar, Jenzabar CampusWeb, and applications that depend on Jenzabar data (GC Online) are required to comply with these security procedures.

ITS (Information Technology Services) responsibilities

ITS shall be responsible for the administration of all access controls for Jenzabar. ITS will process adds, changes, and deactivations to user accounts upon receipt of a written request from the end user's supervisor or manager. (See sections titled Request for user access process and Access deactivation process.) Requests to add or change access must include all required approvals for the appropriate level of access. Requests to deactivate access may be processed by an oral request from Human Resources prior to the receipt of the written request. Data Systems staff will periodically run scripts that monitor employee status to ensure that former employees are deactivated.

Employee Responsibilities

An employee who uses Jenzabar or applications that depend on Jenzabar data shall:

• Ensure that all Jenzabar access requested and used is for professional reasons and they are required for their productivity.
• Use and protect their own account passwords and privileges, and not share those with other employees or non-employees.
• Be responsible for the content of all Jenzabar data that is placed over the Internet, sent through email or passed to other departments for college use.
• Know and abide by all college information policies dealing with security and confidentiality of college records.
• Avoid transmission of non-public Jenzabar information. If it is necessary to transmit non-public information, employees are required to take steps reasonably intended to ensure that information is delivered securely to the proper person who is authorized to receive such information for legitimate college use.

Supervisor and manager responsibilities

Supervisors and managers shall:

• Ensure that all appropriate personnel are aware of and comply with these security procedures.
• Provide appropriate data stewardship in their areas of responsibility.
• Work with the Data Systems staff to create and validate proper authorizations for Jenzabar data access for current and new employees.
• Create appropriate control practices, standards, and methods designed to provide reasonable assurance that all employees observe these security procedures.
• Provide appropriate support and guidance to assist employees in fulfilling their job responsibilities under these security procedures.

HR (Human Resources) responsibilities

HR will notify ITS of employee transfers and terminations in a timely fashion. Involuntary terminations will be reported concurrent with the termination.

Module Owner responsibilities

Data stewardship

Data stewardship has as its main objective the management of the college's data assets in order to improve their usability, accessibility and quality. This is accomplished through the role of the departmental module owners, who have planning and policy level responsibility for data within their areas, and management responsibilities for defined segments of the institutional data. In the simplest terms, the data stewards could be said to be the owners of the data. Ultimately, data stewardship is the responsibility of departmental directors and their designates, in conjunction with ITS staff.

It is the module owners responsibility to develop consistent data definitions, develop and adhere to data standards created by the institution, document the business rules of their area, monitor the quality of the data input and output from the Jenzabar systems they use, define security requirements, work with other module owners on integration requirements, and communicate critical uses of data on which other departments depend. As data are developed, the module owners assure that entry and access of the data is appropriately managed. This shall include the classification of all forms, reports and all other forms of access in which this data is expressed.

There shall be a module owner designate for each Jenzabar module in use at the college. Currently these include: Admissions (AD), Advising (AV). Business Office (BU): General Ledger and Accounts Receivable, Development (DE), Financial Aid (FA), Human Resources (HR): Payroll and Personnel, Registrar (RE), Student Life (SA), Tasklist Security (TL). The college also maintains and develops custom applications that are designed for and integrated with Jenzabar which also require data stewardship, GC Online, photoID database and online timecard.

These policies are subject to change with prior notice as may be reasonable under the circumstances.

Goshen College Network Security Policy

Introduction

Understandings

1. The campus internet connection provides access to a global network and provides a global population with access to Goshen College.
2. A small but significant number of people are actively seeking to exploit security weaknesses on campus through viruses, worms, hacking, phishing and other malicious activity.  
3. Creating an adequately secure computing environment is a partnership between ITS and the user community.  It requires both infrastructure, education and in some cases, changes in behavior and procedures.
4. Security is often in tension with campus culture.  Because GC is a Mennonite, Christian college, our security policies and infrastructure will be considerably different than a military base, a government lab, or a K-12 district.
5. The campus wireless network is a low-security network by design.  Key transactions such as authentication and purchasing should be done via SSL connections.
6. All security measures must comply with federal and state laws, college rules and policies, and the terms of applicable contracts including software licenses.
7. Requests for exceptions to this policy must be submitted in writing to the IT Director and may be processed by the Information Technology Committee (ITC) at the discretion of the IT Director.

ITS Responsibilities

ITS is ultimately responsible for providing the infrastructure, monitoring, education and policy enforcement necessary to provide a secure campus computing environment.

I.  Infrastructure

1. Registration.  ITS maintains and operates infrastructure for registering all computing devices connected to the campus wired network.  All students will need to register their computers by providing their userID and ethernet (MAC) address, before using the campus wired network.
2. Authentication.  ITS provides campus authentication services through a central LDAP directory.  Access to all enterprise network services is regulated by this directory for authentication.  All college-owned computers will be configured to authenticate to this directory at start-up.  Exceptions would include public kiosks in the Good Library and other public areas. Accounts will be maintained on an ongoing basis to reflect changes in status and ensure appropriate levels of access to data and services.
3. Encryption.  ITS will provide infrastructure for encrypting web portal services and key transactions such as authentication and financial transactions. When it is reasonable to do so, ITS will actively block insecure pathways to services.
4. Firewall.  ITS will maintain a campus firewall configured to protect the campus from common attacks.  The need for security will be balanced against the college's academic mission and a general desire to have the least restrictive environment while maintaining an appropriate level of security.  Firewall rules will be updated regularly to reflected changing realities the internet security climate.
5. System Configuration. ITS will provide institutionally-owned systems with OS and network-capable software configured for secure, reliable operation. ITS will recommend procedures for how to secure student and home-use computers.
6. Network Design.  ITS will employ a network architecture which promotes security, reliability and manageability
7. Backup.  ITS will provide infrastructure and procedures for backing up campus data and services on a nightly basis.  Mission critical administrative data backups will be rotated off-site on a regular basis.  Data on local hard drives is not backed up. Users who store data on their local hard drive are responsible for backing up to a network drive.
8. Archiving.  ITS will provide infrastructure for archiving electronic data which is deemed by the college to be of historical significance or is otherwise set aside for archival purposes.  GC File is currently used for this purpose, though it may be necessary or desirable to provide dedicated infrastructure for this task in the future.
9. Redundancy.  ITS will provide a 'yesterday server' for Jenzabar and GC File, [WWW?, Mail?] to facilitate rapid recovery from a major hardware failure or security event.  ITS will provide hardware redundancy for campus servers, including RAID, redundant power supplies, network cards, and processors, as appropriate to the service.
10. Physical Security.  ITS is responsible for providing appropriate levels of security to deter theft of institutionally-owned equipment and data. Factors influencing the definition of 'appropriate' include cost to secure equipment, replacement cost of the equipment, programmatic considerations, and the nature and security history of the space.
11. Anti-virus.  ITS will provide the campus and home users with utilities to prevent and abate viruses, worms, trojans and other malware, along with infrastructure and procedures for maintaining those utilities.  ITS will scan and disinfect incoming and outgoing email for viruses and other disallowed content.   ITS will scan GC File weekly for viruses and malware.
12. Server Room Security.  ITS is responsible for ensuring the physical security of ITS Server Rooms.  This includes limiting physical access to the server room (it is not accessible via a grand master key) as well as monitoring for fire, water, smoke, cooling and power issues.

II.  Monitoring, Management and Compliance

ITS will maintain a suite of network monitoring and management tools that allow technical staff to:

1. Assess network health
2. Identify and address the source of attacks and problems
3. Manage network bandwidth
4. Be alerted to service outages and problems
5. Fix problems remotely
6. Assess patch-level of clients and servers
7. Be alerted to intrusions/unauthorized access to campus servers
8. Block systems which are not in compliance with security expectations from using the campus network and/or internet.

III.  Assessment

1. The ITS Annual Report will include a section on security detailing incidents, improvements, identifying gaps and recommendations for the upcoming academic year.
2. At the request of the ITC or the Provost, ITS will perform an internal or external security audit
3. This policy will be reviewed and updated by the ITC as needed.

IV.  Communication/Education/Training

1. ITS will notify the campus of imminent security threats along with information on appropriate counter-measures
2. ITS will maintain appropriate end-user documentation to promote compliance with this policy.

End User Responsibilities

I.  General Understandings.  Campus computer users will:

1. Read and comply with the Computing Code of Conduct.
2. Become knowledgeable about relevant security requirements and guidelines
3. Protect the resources under their control, such as access passwords, computers, and data they download.
4. Comply with requests from IT staff to address security concerns.

II.  Accounts.  Campus computer users will:

1. Refrain from sharing their password or account with friends, associates or family members
2. Choose a secure password, five characters or greater, avoiding dictionary words, guessable personal information and including numbers, symbols and/or punctuation. You may be asked to change an insecure password.
3. Refrain from storing ID & passwords in your computer or client software in a way that allows access to your computer or services without the use of a password.

III.  Systems.   Campus computer users will:

1. Secure their systems against unauthorized use while unattended.  Strategies for achieving this include setting a password protected screensaver, logging out, and locking your office door when you leave.
2. Log out after using a public computer.
3. Maintain their anti-virus software (PC) and keep their systems up-to-date with security patches and other system updates.
4. Personal computers that cannot have their malware removed with standard tools must be verified as clean by the ITS Help Desk through either verification of the user's reformatting of the system or by having one of the ITS Student Technology Assistants reformat it.
   

IV.  Data.  Campus computer users will:

1. Take responsibility for safeguarding institutional data.  Strategies include physical security for your system, encryption, utilizing campus storage and backup systems, shredding paper documents before disposal, avoiding downloading confidential data to remote systems, and mobile devices when possible.
2. Avoid treating email as a secure medium (since it isn't).
3. Strive to maintain the accuracy, completeness and integrity of institutional systems data.  (See the GC Privacy Policy)
4. Refrain from storing credit card information on GC servers and databases.
5. Avoid storing sensitive data on laptops or find reasonable ways to encrypt or otherwise safeguard the data.

V.  On Campus Wireless Access.  Campus computer users will:

1. Treat the campus wireless network as insecure (since it is), using SSL or a Virtual Private Network (VPN) for authenticated sessions and transmission of confidential data.
2. Maintain their anti-virus software (PCs) and security patches on notebook computers.

VI.  Personal Wireless Access Points. Campus computer users will:

1. Acknowledge that they are wholly responsible for all traffic that originates from or behind a wireless access point that they have registered.
2. Appropriately secure and restrict access to their wireless access point. This could include WEP, WPA, WPA2, and/or MAC address filtering.
   

VII.  Remote Access.  Campus computer users will:

1. Understand that they are connected to the campus network when using GC dial-up services.
2. Maintain their anti-virus software (PCs) and security patches on home computers.

Related Policies

• GC Computing Code of Conduct
• GC Directory Information Privacy Policy
• GC Network Privacy Policy

Secure Password Policy

Choosing a secure password is necessary for protecting data on the Goshen College network. Hackers have developed very powerful password-cracking tools that incorporate extensive word and name dictionaries. Their cracking tools also check for words that are spelled backwards or are simple substitutions of characters.

In an effort to bring Goshen College security in line with best password practices, ITS has developed a system so that when you change your password, your new password will be checked to make sure it is a secure password and not one that can be easily guessed. If your new password fails the test, you will receive feedback on what is wrong with the new password and will need to try again.

 
Weak Password Examples

Here are a few examples of passwords that should be avoided:

• Avoid passwords that can be found in the English dictionary, or in the dictionary of another language. For example, don’t make your password the word “password” or “secret”.
• Avoid passwords that are the reverse of a word in a dictionary. Don’t create a password of “drowssap” (which is “password” spelled backwards).
• Avoid passwords that are too short.  Always make your password at least 8 characters in length.
• Avoid creating passwords where the same characters are repeated.  Don’t create a password of “mmmmmmmm” or “12345678”.
• Avoid using passwords that contain personal information or names.  Don’t create a password using your first name, middle name, last name, login name, pet’s name, family member’s name, or computer’s name, etc.
• Avoid using a password that is something familiar to you that someone else might know. Don’t create a password using  your phone number, street address,  social security number, student or employee ID number, GC related words (Mennonite, maple, leaf, etc.) favorite music band, office location, etc.
   

Remember, if your password wasn’t hard for you to think up, it won’t be hard for someone else to figure it out!

 
Create a Strong Password

Creating a passphrase is the best way to have a strong password that cannot be easily guessed. A passphrase is a sentence that you can easily remember, like “My dog Buddy loves to eat carrots but not celery.”  Make your password out of the first letter of each word in the sentence. For example, mdbltecbnc. Then, make this password even stronger by changing some of the letters to uppercase, and incorporating numbers and special characters.  For example, using the same sentence, your password could be mdBL2e^b0c

You can also create a strong password by selecting a word or a combination of words, and then drop vowels, replace some letters with numbers, replace spaces with punctuation marks and insert extra punctuation marks.
For example:    "Fred's boy" can be made into fRd5-6y!

 
With the password checking system we have deployed, your password will need to contain the following required criteria:

• Minimum of 8 characters
• No dictionary words
• No spaces
  
• At least one capital letter
• At least two numbers
• At least one punctuation mark from the following choices:
  !   #   $   ^   *   _   -   =   +   {   }   [   ]   :   ,   .   ?
  

 If any one of these criteria are not met, your attempt to change your password will fail and you will need to try again.

 
Store Your Password Securely

Great care should be taken to ensure that your password is secure. Do not leave your password on a post-it on your desk or write it down in any place where someone could easily find it. The best place to store your password is in your head, but if you absolutely must write it down, keep it in a securely locked place.

Never Share Your Password

It is essential to the security of the GC network that you never share your password, as outlined in the GC Computing Code of Conduct.  Nor should you log onto a computer and then allow someone else to use the computer under your login session. If you are an employee with a student assistant who does not have access to files or services they need to do their job, please contact the Help Desk.  In most situations, ITS can create a student assistant account to solve this problem without having them login as you.

In order to protect the integrity of not only GC data, but also your personal or financial information, do not use your GC password as the password for your personal accounts such as bank accounts, external email accounts, secure login on non-GC web sites, etc.

You may receive email messages that appear to be from legitimate businesses such as EBay, Amazon or your bank asking you to click on a link to their webpage and login.  This practice is referred to as Phishing and is used to steal usernames and passwords for identity theft and other criminal activities.  Don't login to a website unless you have initiated the contact and typed in the URL.

 
Change Your Password Regularly

Regularly changing your password is a good idea as it can prevent misuse of your account if your password was somehow accidentally disclosed.

If you need assistance, contact the Help Desk at extension 7700 or email helpdeskgoshen.edu

What ITS can do to help fix your PC

Problems ITS CAN Fix

1. Problems connecting to the campus network
2. Problems connecting to campus via dialup
3. Problems installing or upgrading the Sophos anti virus software we provide free
4. Problems installing or upgrading the anti-spyware software.
5. One virus/spyware infestation per computer/user per year. (See definition below of virus/spyware infestation.)

Problems ITS CANNOT Fix

1. Computers that don’t turn on or don’t start up at all.
2. General Windows problems. Symptoms include:
   • Windows hangs or crashes
   • Errors on startup or shutdown
3. More than one virus/spyware infestation per computer/user per year. (See definition below of virus/spyware infestation.)
4. Any other problems not mentioned specifically.

In many cases, the ITS Helpdesk CAN provide advice, documentation and free software to help you solve these computer problems or at least diagnose what the problem is.

ITS recommended local computer repair options

If neither you nor ITS can fix your computer we recommend one of the local computer repair options below.

• ITS Approved Student Consultant: As available, you can hire an ITS approved Student Consultant. Click here for more information.
• TechTable: http://www.techtable.net
• Mapletronics: http://mapletronics.com
• Micro Source of Michiana: http://www.micro-source.net

ITS Approved Student Consultants

Sometimes the quickest way to make a Windows PC clean from viruses and spyware and fully functional again is to erase the hard disk and re-install Windows using the factory restore disks provided with most PCs. This process is more involved than some users feel comfortable with. For that reason ITS is "approving" certain students to act as student consultants. As available, student consultants restore a Windows PC using factory restore disks and bring the PC up to campus network connection requirements. The cost for this service is $50.

Student consultants will charge an additional $15 for up to 50 GB over the 50 GB limit.  Thus someone with 120 GB of personal data to transfer would be charged $50 + 2x$15 for the extra 70 GB for a total of $80.  Obviously students could do the transfers themselves and save the charges.  We would limit it to 400 GB of personal data.  If they have that much they need to be buying their own external drive and backing it up themselves plus it would save them money.

Requirements for the User:

1. The user must request the service from ITS Support who will determine if the service is advisable.
2. The user must sign the waiver at the bottom of this document.
3. The user must provide a list of the PCs behavior problems including text of error messages.
4. The PC must have no known hardware problems.
5. The user must make available factory restore disks made for that PC.
6. At the student consultant's discretion, the user will either give the PC to the student consultant or be in the user's dorm room while the student consultant is working on the PC.
7. Payment (cash or check) will be expected when the service is provided.
8. If the PC has not yet been added to the campus network, the user will be provided with an access code and will be responsible to complete the final registration before gaining access to the campus network.

What the Student Consultant Will Do:

1. Help the user save any important information from their PC to their M: drive.
2. Restore the user's PC from factory restore disks.
3. Run Windows Update until all service packs are installed and there are no critical updates available.
4. Install Sophos Anti-Virus. (If the user prefers Norton Anti-Virus, has an update subscrition through May and has Norton Anti-Virus properly installed and configured for automatic updates, then they can use that instead.)
5. Install Microsoft Anti-Spyware using all the defaults and scan the PC.
6. Install and/or run any additional software required by ITS for connection to the campus network.
7. Collect the $50 payment (*Note this could be more depending on the amount of files being backed-up).

Understandings:

1. The rebuild process will eliminate any virus or spyware. The installation of anti-virus and anti-spyware software is intended to prevent re-infection. However, ITS cannot guarantee that the PC will not be re-infected by user actions including but not limited to: installing or using peer-to-peer file sharing software, allowing any webpage to install software, clicking on links received via email, opening files attached to email. Therefore, there will be no refunds of the service fee if the PC becomes re-infected or the problem reoccurs.
2. Waiver of Liability
   "I authorize the Goshen College (GC) ITS staff or students assistants to perform work on my computer. I understand that the GC ITS staff and students assistants have been trained to perform computer software work, but GC ITS is not an authorized service dealer. Further, I agree to release, indemnify, and hold harmless GC ITS from liability for any claims or damages of any kind or description that may arise from any computer work performed on my computer, even if caused by negligence of GC ITS or its agent. I understand that GC ITS is not responsible for any data loss which may occur as a result of work done on my computer."

Name:____________________________ Signature:________________________ Date:____________

GC Email and Official Communication

1. You will check your GC email regularly
   
2. Students may forward their GC Email to a working account they check regularly.
3. You will not share your GC password with others
4. You will follow the GC Acceptable Use policy

ITS Data Backup and Retention Policy

Goshen College Computer Lab Usage Policy

1. GC Computer labs may be used only by members of the Goshen College community, including current students, staff, and faculty. If you wish to use a computer, but you are not a member of the Goshen College community, please ask the ITS Help Desk for assistance.
2. Please carry your Goshen College ID card with you while using the lab. You may be asked to present it at any time, and if you don't have it with you, you may be asked to leave the lab.
3. You must have a valid Goshen College network account in order to use lab computers. If you are new to the college you should have received information information about your account from Admissions (students) or Human Resources (employees).
4. You may not share your username or password with another user, and you may not use your network account to log another person into a lab computer, even if that person is a trusted friend or family member. To do is a violation of the college Acceptable Use Policy, which is binding for all users of the Goshen College Network.
5. Academic work by current Goshen College students takes precedence over all other uses of the lab, including but not limited to non-academic games, chatting, email, or web surfing. A user engaged in non-academic activity may be asked to give up his/her computer to allow another user to carry out legitimate academic work.
6. Equipment is first come, first served, and cannot be reserved. Please do not attempt to reserve a computer by leaving your belongings around it. If a station is left unattended for 15 minutes or more, ITS staff may log you out of the computer, move your belongings, and another user may have access to the computer.
7. Please do not leave your personal belongings unattended. ITS staff are not responsible for lost, stolen, or moved items. It is your responsibility to keep your own property safe and secure.
8. Lost & Found items are stored for a short period of time at the Help Desk, and then are placed in the campus lost and found,
9. You may not install software on lab computers, including but not limited to games, ICQ or instant messengers, media players, etc. If you need a specific piece of software for academic purposes, please talk to a staff at the Help Desk to find out the appropriate procedure for having it installed.
10. Please do not reconfigure computers, personalize desktops, or alter another user's files. Please do not move computers or tamper with their cables. If you have a legitimate reason for wanting to alter a computer station, please ask a staff member at the Help Desk to find out the appropriate procedure.
11. Lab computers are rebuilt periodically, wiping out all locally saved files. To ensure that your personal files do not get destroyed, please do not save them to lab hard drives. Instead, save them to your Home Directory (M: Drive) or a removable media such as a flash drive or writable CD.
12. Use of the computer facilities should not hamper or interfere with the ability of other students to do academic work. Activities to be avoided include but are not limited to excessive computer volume, loud conversation or laughter, use of offensive language, viewing of offensive or explicit imagery, cell phone calls, and other disruptive behavior.
13. Be courteous to your fellow lab patrons by turning off your pager or cell phone ringer, and by taking all personal conversations and/or cell phone calls outside the lab.
14. Please do not put special paper into the paper trays of the lab printers. The wrong paper can cause printer problems. If you would like to print on special paper, please ask a staff member at the Help Desk for assistance.
15. Keep our computer lab clean! Please dispose of your own trash, and pack out any items that you brought in.
16. Food and drink are not permitted in the lab. Items can be stored at the Help Desk until you leave the lab. 
17. Children under 10 years of age are not permitted in the lab without adult supervision.
18. Viewing of pornography or other sexually explicit materials in the lab is not appropriate. If anyone in the lab sees you engaging in such activity, you may be asked to stop the activity immediately and/or leave the computer lab. If you have legitimate academic need for viewing such materials (as verified by your instructor), please ask a staff member at the Help Desk about arranging a more private location where other lab patrons will not be disturbed by your activity.