Policies and Procedures

Policy for VPN Use

İSTANBUL KÜLTÜR UNIVERSITY POLICY FOR VPN USE

DEFINITIONS  

 

  1. İKÜ BST:   İstanbul Kültür University Information Systems and Technology Department
  2. İKÜ-VPN:  Name of the VPN service provided by the İKÜ Information Systems and Technology Department
  3. USER: The person who activates the İKÜ-VPN service for their own İKÜ user name and password

TERMS OF SERVICE

  1. The remote connection resources and services allocated to members of İstanbul Kültür University and authorized employees should be used within the framework of the "İKÜ Internet Usage Policy," the full text of which can be found at https://www.iku.edu.tr/8/1355/internet-kullanim-politikasi.html. 
  2. The remote connection-VPN connection service is personal, and it cannot be transferred to another user. Users who receive this service are responsible for the device they are connecting with and any unauthorized activity on this device. 
  3. The university's computer network investments are made to serve primary academic, administrative, educational, and research purposes. Personal use via a remote connection/VPN service should never interfere with other users' primary network access requirements (academic, administrative, training, and research).
  4. İKÜ IST cannot be held responsible for any weaknesses and vulnerabilities that may arise in the protocol and service standards used in the İKÜ-VPN infrastructure. İKÜ IST is obliged to meet such deficits as soon as possible. 
  5. The user may experience unexpected interruptions in access to the İKÜ-VPN service due to scheduled maintenance or system malfunctions.
  6. İKÜ/IST does not provide any speed guarantee when the İKÜ-VPN service is being used.
  7. İKÜ/IST reserves the right to restrict and limit the speed of access to İKÜ-VPN while it does not restrict access speed.
  8. The general rules and prohibitions that should be complied with when using remote connection/VPN resources are as follows:
    • Peer-to-peer (P2P) file sharing programs (μTorrent, BitTorrent, BearShare, etc.) are prohibited. The remote connection/VPN user must close these applications before connecting to the system. The user should not allow the automatic opening of such applications.
    • The use of the remote connection/VPN service for personal gain and profit is prohibited.
    • Mass mailing, mail bombing, spam, and allowing third parties to send these by using through the remote connection/VPN service is prohibited. The remote connection/VPN user should run a virus scan before connecting to the system.
    • Unlicensed software, movies, and music files cannot be distributed via the İKÜ-VPN in any way. All legal liability belongs to the user in this matter. 
    • Activities that threaten network security (DoS attack, port-network scan, etc.) are prohibited.
    • Every user who uses the remote connection/VPN service is primarily responsible for the use and security of resources allocated to him/her by the university and for the prohibited activities that may occur if these resources are used consciously or unconsciously by a third party.
    • No services (Proxy, DHCP, BOOTP, DNS, etc.) can be provided and no routing protocol announcements can be made via the remote connection/VPN resources.
    • Users must use an operating system with ongoing security and technical support (For example, security and technical support for Windows XP devices is terminated by Microsoft) on the devices they use while using this service, and complete the updates and patches of their operating systems, anti-virus programs and security programs. İKÜ IST can check the security of the device before allowing a user's remote connection/VPN connection. Failure to comply with the above conditions may result in an interruption of the user's access, without the user's permission, and until the requested security conditions are complied with.
  9. In case of failure to comply with the above rules, the user may be subject to one or more of the following penalties:
    • Termination of remote connection/VPN service access,
    • Switching off or changing password of the central user code on server systems,
    • Mobilization of investigative mechanisms within the university,
    • Mobilization of judicial mechanisms.
  10. The user who fails to comply with the rules is notified online. The user who does not receive the notification can obtain information from İKÜ IST via kultur@iku.edu.tr.
  11. These rules apply as of the date of publication. These rules will be reviewed periodically and revised as necessary. İKÜ IST may announce any updates or changes related to these services on the İKÜ IST web page and by sending an email to the İKÜ mail addresses of users. It will be assumed that the announcements have reached the user. 

İstanbul Kültür University

Department of Information Systems and Technology

Internet Usage Policy

The internet service offered by our university - including service providers outside UlakNet – is based on the "ULAKBIM Use Policy Agreement."

Anyone who benefits from the internet service of our university is deemed to have accepted the "ULAKBİM Use Policy Agreement" listed below. The internet access of users who violate these articles is terminated and, if necessary, traffic records are shared with judicial institutions under Law No. 5651.

 

National Academic Network and Information Center (ULAKBIM) Use Policy Agreement

Definitions

1. This acceptable use policy defines the rules applicable to all "UlakNet" users.
2. User organizations are universities and research institutions; users are their students, faculty members, researchers, and other employees.
3. UlakNet is the name given to all services and the infrastructure through which the users' communication requirements are met over a network running with the TCP/IP protocol.
4. UlakNet is operated in accordance with the Scientific and Technological Research Council of Turkey (TUBITAK) regulations by ULAKBIM, an institute of TUBITAK.
5. UlakNet is a network that reserves the principals and liabilities stated in this document, in which the signatory party is informed and fully responsible.
6. The rules in this document are primarily applied to user organizations. User organizations are responsible for ensuring that their users comply with these rules and regulations and take the necessary measures.
7. For this reason, it is recommended that user organizations prepare and sign their own use policy contracts.
 
 
Use Policy
 
8. Appropriate cooperation between different users is required for appropriate network use and security. This cooperation is particularly based on the below commitments of the signatory party who accesses UlakNet directly or indirectly on behalf of its responsible users:
8.1. The UlakNet Network is only for professional purposes: education, scientific research, technical development, technology transfer, dissemination of scientific, technical and cultural knowledge;
8.2.  The information transfer and access on the network may be provided in accordance with the relevant legal regulations;
8.3. UlakNet may not be accessed by any unauthorized third party or organization, whether commercial or non-commercial, whether for a fee or free of charge;
8.4. The technical facilities and human resources are used to ensure a sufficiently continuous level of security and to prevent any unauthorized access to the network through their own organizations;
8.5.The mail servers of institutions should be turned off for relay mails;
8.6. In general, this use policy agreement must be complied with.
 
Prohibited Use
 
9.The violation of system and network security is prohibited and may result in criminal and legal liability. ULAKBIM examines cases of such violations and cooperates with law enforcement personnel if a crime is suspected. UlakNet cannot be used for the following purposes:
9.1. Sending junk mail (SPAM) such as commercial advertisements and news announcements;
9.2. Using another user's mail server to send messages without the explicit permission of that user;
9.3. Creating disruptive flow regulations that will damage or affect the quality of service on UlakNet;
9.4. Producing and distributing inappropriate, obscene, and disturbing material in defiance of the intended purpose (except for academic and research purposes); 
9.5.Producing and distributing material that is unrealistic, distressing, uncomfortable, and unnecessarily scary;
9.6. Producing and distributing slanderous and defamatory material;
9.7. Distributing copyrighted material (including but not limited to texts, articles, books, films, and musical works) that infringes on others' intellectual property rights;
9.8. Intentional unauthorized use of national or international services through UlakNet;
9.9. The following intentional application types:
9.9.1. The destruction of others' data;
9.9.2.The violation of personal information belonging to others;
9.9.3. The destruction and distortion of others' works;
9.9.4. The creation of traffic on UlakNet that will not allow others to use it;
9.9.5. The use of software that is prohibited to be used by ULAKBIM because it prevents the operation of UlakNet and creates unnecessary traffic;
 
 
Compliance
 
10. The party signing this use policy is informed and acknowledges that ULAKBIM may control the proper use of network in accordance with the rules stated in the 8th and 9th articles, reserving the personal rights of the user.
11. The signatory party acknowledges that ULAKBIM may take urgent measures in case of a problem, including the decision to temporarily prevent access to UlakNet at the national or international level, in order to provide security. However, these measures shall be taken only after communication with the relevant organization and for a certain period of time, provided that the condition specified does not affect the operation and safety of the general network.
12. In the event that the User is harmed by the repeated hostile actions of another user, upon the request of the Signatory Party or any related user, ULAKBIM shall have to take restrictive measures under the aforementioned conditions.
13. The signatory party is informed and clearly acknowledges that ULAKBIM may amend this use policy with due regard to legal developments that may arise in the sector; ULAKBIM has the right to change the policy and the contract at any time. The amended contract enters into force as soon as it is published on http://www.ulakbim.gov.tr/dokuman/kullanimpolitika.html.
 

Information Security Policy

1 - Purpose

Article 1 -The purpose of this directive is to determine the rules and principles regarding the use of İstanbul Kültür University's information resources.

2 - Scope

Article 2 - This directive covers all activities of our university’s academic and administrative staff and students carried out with all kinds of information and communication means. Every user at our university must comply with these provisions.

3 - Information Resources and Principles of Usage

Article 3 -

a)      In order to protect the legal entity of İstanbul Kültür University and to ensure the safety of the system, the Information Systems and Technology Department can inspect, monitor all kinds of services, and take restrictive measures on all machines when required, within the scope of the laws and regulations of this directive.

 b)     The Information Systems and Technology Department may prevent users from accessing certain harmful sites on the internet and may prevent the use of some file types and programs in terms of content (such as image files, audio files, kazaa, e-donkey, etc.).

 c)     The e-mail account passwords and the sharing and program use passwords of the computers on the network are a control tool that allows the users to see whether they have permission to access the information they want to access. When choosing a password, be careful that it is of sufficient length (at least 8 characters), never choose a word that can be found in any dictionary, use symbols (@, $, !...), use a separate password for each account, and be sure to change passwords at intervals. The user acknowledges that the right for service belongs only to the user; that the private and confidential password and username for the use of this right shall not be transferred to or used by anyone else; it will be immediately changed when there is even a doubt that someone may have learned it; otherwise, the user will be responsible for all processes and cannot claim that they have not used it.

 d)     In the e-mail service provided by IST, attachments are filtered, the IP addresses of computers that send spam and virus are blocked, and e-mail attachments with the extensions ".pif, .scr, .vbs" are automatically blocked. The IST can change these file extensions or add new file extensions if it deems it to be necessary.

e)    The IST only supports Microsoft Outlook. Users must use this software to send messages. The Outlook Web Access is a service that allows users outside the campus to read their mails easily. Outlook Web Access is not a service in the same category as the above programs.

 f)     Users may not use the e-mail account of another system's e-mail server or another user's e-mail account to send messages without the explicit permission of the person concerned. They cannot conduct activities, such as intentional unauthorized use, destroying others’ data, harming personal information, destroying others' work, or sending unwanted messages such as commercial advertisements and news announcements.

g)      Legal responsibilities which may arise from the documents contained in the users' e-mail accounts and computers and the broadcasting rights of any information belong entirely to the user.

 h)    Users cannot multiplex by connecting a Switch, Access Point, Router and similar devices to the ports outside the network centers determined within the campus network beyond the knowledge of the IST.

 i)     Users cannot duplicate an IP on a single computer by performing IP duplication at the network center in their unit or behind their own ports and cannot assign IP numbers to their computers other than the IP groups that the IST specifies.

 j)    The installation and use of any unlicensed and illegal software is strictly prohibited.

 4 - Implementation and Sanctions

Article 4 -  In case the information resources are used contrary to the General Principles, İKÜ authorities may implement one or more of the following processes with or without adherence to the below order, based on its intensity, the extent of the damage to resources or persons/institutions, and repetition.

■ Busyness

■ The extent of damage to resources or people / institutions

■ According to the repetition, the following procedures (one or more) may be applied in/out of order.

■The user is warned verbally and/or in writing,

■ Information resources allocated to the user may be closed for a limited or unlimited period,

■ Academic/administrative investigative mechanisms within the university may be mobilized,

■ Judiciary mechanisms may be mobilized.

Conditions in which usage and user definitions are inadequate and conditions that are not defined within the "Information Resources Use Policies" document are evaluated by the university. 

5 - Privacy

Article 5 - The information of the person who is subject to legal action is confidential and is not shared with anyone other than the Rectorship and the University Executive Board. Legal action is taken against those who violate this rule.

 6 - Execution

Article 6 -These rules are executed by the İstanbul Kültür University Rectorship.


Last Update Date: Tue, 10/01/2019 - 16:03