CSAIL IT Policy
The purpose of this page is to catenate CSAIL specific computing policies on http://tig.csail.mit.edu into one location. These policies apply to all users utilizing CSAIL computing infrastructure, including students, faculty and staff, and any others granted the use of CSAIL computing resources.
This document is not a guideline for IT acceptable use. The MIT IT accpetable use policy is covered by MIT IS&T here: https://ist.mit.edu/about/it-policies
Accounts
CSAIL Kerberos Account Password requirements
- Minimum Characters: 15
- Minimim Character Classes: 2
(alphanumeric, punctuation, whitespace) - May not contain the username
- Passwords do not expire, but will be locked after 16 failed password attempts
CSAIL Kerberos Account Expiration
CSAIL accounts for certain classes of users—students, visitors, affiliates, guests, alumni, and certain temporary employees—automatically expire at the end of every fiscal year (specifically, at midnight UTC on July 1, which is 8 PM on June 30 local time here in Cambridge).
Users who have changed supervisors should have their new supervisor or supervisor’sassistant notify help@csail.mit.edu to confirm the change. Notifications to supervisors are sent out annually at the beginning of June (usually the first business day). Users whose accounts are not renewed receive a notification email on or around July 1. (Some users have unusual expiration dates set by their supervisors and will not get any notifications.)
Operating system and software security
All servers on the CSAIL network must run up-to-date and supported operating systems. Each version of CSAIL Ubuntu is supported by Canonical for 5 years after its release, with support concluding at the end of April. All users and research groups are expected to maintain their servers on a regular basis, and to keep them upgraded to a supported and secure operating system version. This also applies to software running on servers within the CSAIL network, which must also be kept on a vendor-supported version.
If a system is running an unsupported operating system version, or if the software isn’t upgraded and causes a potential security issue, it may be removed from the network without warning for the security of the lab.
Network
CSAIL host registration policy
All devices on the CSAIL network must use registered IP addresses. An IP address is considered registered if there is a host name associated with it (PTR record) in the appropriate reverse mapping zone of the DNS.
Hosts using unregistered IP addresses may be removed from the network without warning or recourse.
IP addresses on most CSAIL networks are assigned solely by WebDNS; DNS entries which TIG believes to be erroneous are liable to be removed at any time.
Note: Hosts using dynamic addresses do not need to be registered individually, provided that the dynamic pool has been registered. Addresses in a dynamic pool are not registered for specific machines, but for the DHCP server on that network; pool addresses may not be reassigned to individuals without the permission of the system administrators. If your host has a dynamic address and you wish to switch to a static address, you will have to change IP addresses.
MITnet Rules of Use summarizes the rules that apply to all users of MITnet. We expect you to follow all these rules, and we hope you will encourage others to follow them as well.