Wireless Acceptable Use Policy

Contents

Section 1.0  Overview
Section 2.0  Purpose
Section 3.0  Scope & Access
Section 4.0  Policy
Section 4.1  General Use & Ownership
Section 4.2  Security & Proprietary Information
Section 4.3  Unacceptable Use
Section 4.4  System & Network Activities
Section 4.5  Email & Communications Activities
Section 5.0  Enforcement
Section 6.0  Terms & Definitions
Section 7.0  Recommended AntiVirus Software Products

1.0 Overview


McKinney Christian Academy's (MCA) intentions for publishing a Wireless Acceptable Use Policy are not to impose restrictions that are contrary to MCA, but to establish a culture of openness, trust and integrity, in order to promote MCA's mission and vision. MCA is committed to protecting its employees, students and community from illegal or damaging actions by individuals, either knowingly or unknowingly. Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, Internet browsing, FTP, and other services are the property of MCA. These systems are to be used for business/educational purposes in serving the interests of the school, and of our students and community in the course of normal operations. For employees, a complete guide of all of MCA's technology acceptable use policies is in the Employee Handbook, and for parents and students these policies are included in the Parent-Student Handbook. Effective security is a team effort involving the participation and support of everyone who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

Return to top

2.0 Purpose


The purpose of this policy is to outline the acceptable use of MCA's wireless network. These rules are in place to protect the school and its employees, students and community. Inappropriate use exposes MCA to risks including virus attacks, compromised network systems and services, and legal issues.

Return to top

3.0 Scope & Access

  1. This policy applies to employees, students and visitors who wish to use MCA's wireless network. This policy applies to all equipment that is owned or leased by the school, including the various wireless access points (WAP's) to which users will be connecting.
  2. MCA's public wireless network, "MCA-PublicAccess", is available to students, parents and other visitors while on the school's campus. This network is password protected for security and encryption purposes. Signs are posted in various locations of the school with instructions on how to access and log into this wireless network.
  3. MCA's private network, "MCA-PrivateAccess", is only accessible to MCA computers, laptops, and mobile devices; and to approved laptops and mobile devices of MCA. This network is also password protected for security and encryption purposes.

Return to top

4.0 Policy


4.1 General Use and Ownership
  1. Users are responsible for exercising good judgment regarding the reasonableness of personal use.
  2. For security and network maintenance purposes, authorized individuals within the school may monitor equipment, systems and network traffic at any time.
  3. MCA reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.
4.2 Security and Proprietary Information
  1. Employees should take all necessary steps to prevent unauthorized access to the school's proprietary and confidential information. Examples of confidential information include, but are not limited to: company private information, corporate strategies, competitor sensitive information, trade secrets, specifications, customer lists, and research data.
  2. Employees and students must keep passwords secure and may not share accounts. Authorized users are responsible for the security of their passwords and accounts. Users will be required to change their passwords annually.
  3. All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 15 minutes or less, or by logging-off when the computer is unattended.
  4. Each Wireless Access Point (WAP) is password protected and MCA's Technology Dept. reserves the right to change the password for either the public or private wireless networks at any time, if it deems necessary for security purposes.
  5. For security purposes, MCA encrypts all traffic between the user's host device and the WAP that the user is connecting to.
  6. Because information contained on portable computers is especially vulnerable, special care should be exercised. Each user is responsible to protect his/her own computer or mobile device, following methods as stated in 4.2.2 and 4.2.3.
  7. Postings by employees from a MCA email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of the school, unless posting is in the course of business duties.
  8. All devices that are connected to MCA's computer network, whether owned by the user or by MCA, must have an approved virus-scanning or Internet security package with a current subscription and a up-to-date virus definitions database installed. For a list of recommended software, see section 7.0.
  9. Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail/logic bombs, Trojan horses, worms or other forms of malicious software.
  10. MCA does as much as it can to protect the user and the school from inappropriate websites. However, the user must also understand that it is impossible to completely block all of these websites and must therefore be responsible to immediately close out of such websites when opened inadvertently.
4.3. Unacceptable Use
The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to monitor or disable the network access of a computer/laptop/mobile device if that host is disrupting production services). Under no circumstances is an employee or student of MCA authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing this company-owned resources. The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

4.4 System and Network Activities
The following activities are strictly prohibited, with no exceptions:
  1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by this company.
  2. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which this company or the end user does not have an active license is strictly prohibited.
  3. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.
  4. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
  5. Revealing your account password to others or allowing use of your account by others. This includes letting a fellow student or co-worker use of your assigned account. This also includes family and other household members when work is being done at home.
  6. Revealing passwords to MCA's wireless network to outside users without the consent of the Technology Dept.
  7. Using one of this company's computing assets to actively engage in procuring or transmitting sexually pornographic material or any material that is in violation of laws in the user's local jurisdiction.
  8. Making fraudulent offers of products, items, or services originating from any of MCA's accounts.
  9. Making statements about warranty or guarantees, expressly or implied, unless it is a part of normal job duties.
  10. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
  11. Port scanning or security scanning is expressly prohibited unless prior written request and approval is made of MCA's Technology Dept.
  12. Executing any form of network monitoring which will intercept data not intended for the user.
  13. Circumventing user authentication or security of any host, network or account.
  14. Interfering with or denying service to other users (for example, denial of service attack).
  15. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
  16. Providing confidential information about our students, employees, families, or school proprietary information to parties outside of MCA.
4.5 Email and Communications Activities
  1. Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
  2. Any form of harassment via email, telephone, paging or text messages, whether through language, frequency, or size of messages.
  3. Unauthorized use, or forging, of email header information.
  4. Solicitation of email for any other email address, other than that of the user's own email account, with the intent to harass or to collect replies.
  5. Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
  6. Use of unsolicited email originating from within this company's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by this company or connected via this company's network.
  7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

Return to top

5.0 Enforcement


Any employee or student found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or expulsion from school, and possible legal action.

Any visiting guest found to have violated this policy may be subject to their device being blocked from use of our wireless network and any other possible legal action.



Return to top

6.0 Terms & Definitions


MCA - McKinney Christian Academy
AntiSpam Software - any program that is created for the sole purpose of scanning a user's email for unsolicited email moving it to a protected location, or deleting it altogether.
AntiVirus Software - any program that is created for the sole purpose of scanning, detecting, and removing viral threats on a user's computer.
Bomb - coming in many forms, an email bomb is the unlawful sending of massive amounts of email to a user or multiple users, with the intent of crashing the user's system. A logic bomb is a piece of code hidden inside another program, that when certain conditions are met, it becomes active and begin to delete files the user's system or perform some other form of destructive action.
Host - Refers to any computer, laptop, workstation or mobile device that a user is using to access MCA's wired or wireless networks.
Phishing – The act of designing an email message or website to look like another company’s website in order to solicit confidential information, like address and phone numbers or bank account information.
SPAM - unsolicited email
Spoofing – The process of faking someone else’s computer IP address, email address or website for the purposes of tricking the recipient into conducting an action that he/she would normally not perform.
Trojan Horse - a piece of malicious software that is hidden or embedded inside a seemingly benign or useful program or file. It may also be used as a backdoor for crackers to gain unauthorized access to systems.
User - Any person accessing MCA's wired or wireless network, whether it be an employee, student, or guest on campus.
Virus - a program or piece of code written by a cracker that infects one or more other programs by embedding a copy of itself in them and/or damaging files on the user's computer.
WAP - Wireless Access Point
Worm - a piece of malicious software that is programmed to reproduce itself without the user's interaction.


Return to top

7.0 Recommended AntiVirus Software Products

AVG Anti-Virus
BitDefender
CA Anti-Virus
ClamAv
ESET
Fortinet
Kapersky Anti-Virus
McAfee VirusScan
Panda Antivirus
Sophos Anti-Virus
Norton AntiVirus
Trend Micro AV
ZoneAlarm Antivirus


Return to top