OSUnet (formerly SONNET) Network Policies

All users of OSU's network (and by extension, users of the local network serving Chemical & Biomolecular Engineering [CBE] and Materials Science & Engineering [MSE]) are required to abide by these University policies. Where necessary, specific policies regarding the proper use of the local network which serves the aforementioned departments have been instituted, as provided below.

Ignorance of policy is not an excuse to violate it. (In other words, the phrase "...But I didn't know..." is not acceptable reasoning.) It is your responsibility to maintain an up-to-date knowledge of any acceptable use policies provided here or linked here to other resources, directly or indirectly.

Local Networking Policies

The following policies cover any computer attached to the local Ethernet network. Failure to abide by any/all of these terms may result in denial of network service, either through explicit action on the part of local network management, or as the result of maliciousness outside of local control (i.e. "cracking"). Depending on the severity of an incident, academic misconduct proceedings may be initiated. Local network management (hereafter referred to simply as "management") may be contacted by sending E-mail to

Networking equipment, including (but not necessarily limited to) network jacks, cables, and other components of the "backbone" MUST NEVER be modified by users. End-users should never attempt to extend network cables via "couplers", splicing, etc. Contact management if you are having a network problem or you need assistance in network "drop" placement.

So-called "broadband" routers (or routers of any kind, really, including those that provide wireless [WiFi] connectivity) MUST NOT be attached to the network by end-users. Any such device discovered on the local network without authorization by management will lead to the immediate termination of network connectivity for the device and anything attached to it.

Management MUST be contacted before any computer is attached to the local network, to arrange for network configuration.

Network configurations (e.g. IP addresses, computer system names, network protocols, etc.) are not to be changed by the user. All such modifications are to be made exclusively by management, or by someone officially permitted to do so by management. "Borrowing" an IP address from one system to be used on another is prohibited.

Our policies covering local network access for personally-owned computers can be found here.

Desktop computers connected to the network are not to be moved without prior notice sent to management. Notification is also required for any computers which were at one time attached to the network and are being taken out of service, so that any addresses in use can be reallocated.

Any system which is capable of providing a command line (shell) to a remote user (e.g. via the Telnet protocol) is potentially susceptible to "cracking". To minimize such systems' vulnerability, these systems MUST be connected to the network backbone via a network switch (as opposed to a network hub). (Such systems include computers running any variant of UNIX, OpenVMS, etc., which come complete with command line shells, and any other system [e.g. Windows NT] which is configured to run a command line shell [such as a telnet "daemon].) The design of a network switch helps to protect a system attached to it from the common cracker practice of "packet sniffing".

For the best performance and security, when connecting a number of computers/printers within a room to a single network connection, we recommend the purchase and installation of a network switch. For specific vendor recommendations, please contact
If you have more than one computer/printer to be attached to the network, you will need cables to span between your switch and your computer equipment. If the switch is to be located more than 14 feet from the network jack, you will also need a cable to run between the network jack and the switch. (One 14-foot cable is provided free of charge for each network jack. Any cabling provided by management is to be considered part of the network and must not be relocated.)

A network connection may not span between rooms (e.g. through the use of a network hub or switch, a long network cable, etc.), unless the cable run(s) can be individually managed (implying the cabling is part of the departmental backbone). If you require a network connection in a room which is not equipped with the necessary network jack, you will need to arrange for installation of a new "drop". Practically every room in the local building complex is equipped with at least one network jack. Check with management to find out if your room is equipped with a network jack, and its location.

Access must be maintained for management for any system which requires "privileged access" for network (re)configuration. (For example, management must have "root access" for any Linux/UNIX systems attached to the network.) Click here for details.

Physical access to network jacks and network equipment must be maintained at all times without obstruction or obfuscation. For example, it is improper to place furniture in front of a network jack which would limit or completely block the visibility of the jack's identification number. Likewise, direct access must be maintained for any network gear (hubs, switches, etc.), and all network jacks must remain clearly/cleanly identified. (Be careful when painting.)

Computer systems attached to the network are not to be configured with "open" accounts, or other means of acquiring system access without authentication. Similarly, computer accounts are to be maintained only for local users. Anyone who is not affiliated with The Ohio State University (or more specifically, CBE or MSE) is NOT entitled to a local computer account.

Management should be consulted before any system intended as a server is placed into operation. Local computer systems should not be running services which are not required, including (but not necessarily limited to) routing daemons, DNS servers, FTP servers, mail servers (e.g. UNIX sendmail), Web servers, etc.

Operating systems on computers attached to the network are not to be changed without the approval of management. "Dual booting" (i.e. running more than one operating system on a single computer) is NOT permitted, since such systems are notoriously complex to support, and can cause confusion in the maintenance of network security. (In particular, ECR6 Management has no definitive way of determining what OS such a system is running at any particular time.) If you need to run more than one operating system on the same hardware, you'll need to use a virtualizaton product such as VMware or Parallels; in such cases, Windows or Mac OS X must be the "host" operating system.

Any OSU-owned computer is to ONLY be configured with a North American English operating system if/when connected to the local network. All software on such systems must similarly only present an Enlish interface. Operating systems running in a native language other than North American English are ABSOLUTELY NOT PERMITTED on OSU-owned computers.

The following types of programs are NOT PERMITTED on the local network:
- So-called "pay-to-surf" programs: These are applications and/or schemes that offer to pay/reward the user for visiting Web sites. Using the resources of the University for personal monetary gain is not allowed.
- Surfing emulators: These are programs which are often used in conjunction with the aforementioned "pay-to-surf" schemes. The surfing emulator runs on a computer and mimics the bahvior of someone visiting Web sites. Since this is used indirectly for personal monetary gain, use of such programs is not allowed. These programs also consume undue amounts of bandwidth.
- Peer-to-peer (P2P) file sharing applications: These are programs which allow the direct transfer of files between two computers on the Internet. There is no reason why someone on our network should need such ability for academic and/or research needs. Such software isn't allowed to be run on the local network, and it is prohibited on OSU-owned systems connected to the local network. (That is, it must not even be installed on such systems.)
- Peer-to-peer (P2P) media players: A number of programs are available that allow you to listen and/or view streamed media which is "served" across a number of random systems across the Internet. Such programs consume our bandwidth to the Internet and thus restrict access for legitimate purposes.
- Other peer-to-peer (P2P) applications: In general, P2P programs can't be used on the local network, since they generate too much traffic which appears as various forms of prohibited behavior. The one exception is the Internet telephony application known as Skype. To use Skype on the local network, though, you MUST follow these instructions.
- Bandwidth optimizers: These are applications or mechanisms which purport to increase the speed of your network connection. All modern operating systems, by default, are already optimized for Ethernet network connectivity. Using a program to optimize your connection (which is typically designed to optimize slower connections, such as using a MODEM) will only tend to decrease your network bandwidth.
- Download accelerators/managers: These are programs which attempt to increase the speed of downloading files by opening multiple connections to a file server, or by allowing the download of multiple files at once. These applications place an undue amount of strain on the network, since they require more bandwidth than a standard file download request is designed to handle.
- IRC: Internet Relay Chat is a popular means for "trojan horses" and other mechanisms which might compromise a computer's security of spreading. The risk is too high to allow IRC on the local network, so no one should be using it here. Note that many Web sites utilize IRC to provide for real-time "chatting." As such, if you attempt to use such a facility and find it won't work, this is probably due to the blocks on our firewall limiting access to IRC.
- Warez (as in "softwarez" [sic]): These aren't necessarily network-related applications, but are programs that have been "cracked" to allow running them without paying for a license that would otherwise restrict them. The distribution and/or use of such programs is ILLEGAL. Any computer used here that is found to have such software installed will have its network connectivity terminated and the owner/user[s] of the computer will be reported to the appropriate authorities. Please don't steal software, which is what you're doing when you run such programs.
- Network games: Any computer games that call for network communication are not permitted on the local network, due to the large amounts of bandwidth they might require. Games of any sort shouldn't really be installed on any OSU-owned systems in any of the departments/centers served by the computer facility.
Programs that provide for "instant messaging" are another case of network-related applications that can cause problems. Such programs are permitted on the local network, but they are not supported. In other words, you can run such programs if you are able, but no effort will be made to specifically accommodate or maintain this ability.

Nothing connected to the network requires the use of Netware (e.g. IPX/SPX) protocols, and these protocols should not be enabled.

The so-called "welcome screen" of Windows XP is a security risk, since it essentially lists all the accounts available on the machine. "Fast user switching" is also a problem, since it can make determining who is using a system at any particular time difficult, because more than one user can be logged on at once. As such, fast user switching and/or the welcome screen in Windows XP should be disabled. If you are running Windows NT/2000/XP/2003, your computer should be configured to disable the display of the last user to login to the system.
Similarly, the user list login screen under Mac OS X or similar logon mechanisms offered under UNIX/Linux are security risks, since they take one key of security, the username, out of user control. These forms of logon are also not allowed.
All systems which are capable of prompting for both username and password must be configured to do so. No "automatic logins" are permitted on any system connected to the local network (or any part of the OSU network infrastructure).

Operating systems: On PCs, Windows 2000 and Windows XP Professional are supported. (Windows XP Home Edition is not allowed on OSU-owned systems connected to the local network.) Macintosh systems should be running the most recent version of Mac OS X (though, more generally, versions at or later than v10.3.9 are fine). Linux/UNIX is allowed, but not supported. (End-users will need to provide day-to-day maintenance and support, themselves.)

Pre-release or "beta" software is not to be installed on any OSU-owned system without the express consent of ECR6 Management. The local network serves the enterprise comprised of faculty, staff and students in the departments of Chemical and Biomolecular Engineering and Materials Science and Engineering. It is not to be used as a "test bed."

Any decisions which might affect an OSU-owned computer system's operation (e.g. operating system installation/configuration) and/or security (e.g. anti-virus software installation/configuration) should be approved by computer support staff before the fact. If you choose to make such changes yourself without involving support staff, you are certainly welcome to do so, but you also implicitly absolve computer staff of responsibility for supporting your system(s) and incur the full responsibility of maintaining the in conformance with all policies and standards of the local deparments, University, and federal/state law.
NOTE: Windows Vista is now available. No OSU-owned system should be running this software here until Management has thoroughly reviewed its operation. An announcement will be made when this review is complete.

Users should note that resources provided via Windows file sharing or SAMBA under Linux/UNIX are not generally accessible beyond the local network. Windows users should ensure they do not maintain any "Network Places" which refer to such facilities.

Anti-virus/anti-spyware software is REQUIRED on any system where it's available. Management understands that certain computers used for instrument control may be harmed if anti-virus software is installed. Under this unique situation, any other measures available that would protect the system must be implemented (known as "compensating controls"). In any other case, if anti-virus software is not going to be run, the system must not be connected to the network. All systems connected to the network are expected to be maintained and kept up-to-date in terms of patches/updates, ideally through whatever automated process is included with the operating system.

Any system with a built-in "host-based" firewall must have it enabled and blocking access to the system, except that access which is specifically required. If a built-in firewall isn't available (e.g. Windows 2000), the alternatives are to upgrae the operating system or acquire a third-party firewall product.