Guarantor: ICTC UPJŠ Ref. No.: 3360/2014
In Košice on 17/09/2014
Rector’s Decision No. 16/2014
issuing the Rules of Operation of the SAUNET computer network
at Pavol Jozef Šafárik University in Košice and its units
1.1. These Rules of Operation of the SAUNET (Šafárik University NETwork) computer network at Pavol Jozef Šafárik University in Košice “UPJŠ KE” (hereinafter the “Rules of Operation”) shall govern the operation of the computer network, rights and obligations of the computer network administrators, access rules for authorized users of the network services of the computer network, rights and obligations of those users, and shall set out the rules for the network services and special computer networks.
1.2. These Rules of Operation are based on the following documents:
• Law Act No. 351/2011 Book of Statutes on Electronic Communications
• General rules for the use of the SANET network
1.3. The computer network shall be constructed and operated to support the activities
carried out at UPJŠ KE in accordance with its major role and mission in the provision
of higher education, science and research activities, economic and administrative
operation, and may only be used for these purposes
1.4. The Rules of Operation shall be binding for all the users of the SAUNET computer
1.5. The Rules of Operation are divided into 3 parts:
a) computer network administration,
b) use of computer networks,
c) special computer networks.
Definition of Terms
2.1. For the purposes of these Rules:
a) under the SANET computer network one shall understand the Slovak Academic Network administered by the SANET civic association with a view to ensuring access of academic and commercial institutions to the Internet global computer network in accordance with the approved Statute and the rules for the use of the computer network;
b)under the local computer network one shall understand the part of the computer network, for the administration of which the relevant part of the University shall be in charge;
c) under the wireless network one shall understand the electronic communications network generated by electromagnetic means;
d) under the electronic service one shall understand a service rendered electronically through information and communication means;
e) under the electronic communication network one shall understand operatively interconnected transmission systems and, where applicable, switching or routing devices and other resources that permit conveyance of signals by wire, radio, optical or other electromagnetic means, including satellite networks, ground circuit-switched networks and packets including the Internet and mobile terrestrial networks, networks for the distribution of electricity to the extent that they are used for transmitting signals, networks for radio and television broadcasting, and cable distribution systems irrespective of the type of information conveyed;
f) under the IP address one shall understand the numeric identifier of the entity for the TCP /IP network enabling a multi-party communication network;
g) under the SAUNET network IP address one shall understand the IP address from the address range of 220.127.116.11 – 18.104.22.168 or the IP address of the address range of 22.214.171.124-126.96.36.199;
h) under the end-user one shall understand a person who uses or requests a publicly available service, and that person shall not provide this service to third persons, nor shall that person provide additional services through the service in question;
i) under the end-user device one shall understand an electronic communication device or its technical part, which enables communication and is intended for direct or indirect connection to computer network connection points;
j) under the location data one shall understand the data processed in the computer network or via the network service, which indicate the geographic location of the end user devices;
k) under the MAC address one shall understand the hardware address, a unique number that is assigned by the device manufacturer;
l) under the computer network one shall understand an electronic communications network, in which the data are transmitted by using fixed or wireless communication links;
m) under the operational data one shall understand the data relating to the end-user and the actual transfer of information within the network and arising in that transmission, which are processed for the purposes of the transmission of a message in the computer network;
n) under the connection point one shall understand the part of the active network element, in which the end-user device is connected to the local computer network;
o) under the server one shall understand a utility or programme computer, on which the operation of network applications and network services are provided to end-users.
p) under the network application one shall understand a computer programme that provides pre-defined network services to a group of end users;
q) under the network service one shall understand the ability to meet the pre-defined user requirements by using network resources.
Administration of the Computer Network
Organizational Structure of the SAUNET Computer Network
3.1. SAUNET is a computer network distributed in the territory of the Slovak Republic, whose communication core is formed by the SANET network. The SAUNET network serves as a communication system of the UPJŠ KE information infrastructure covering the requirements of the basic and applied research, the needs of the educational process at UPJŠ KE, and the needs of access to information for the UPJŠ KE staff.
3.2. SAUNET is part of the SANET computer network whose administration shall be carried out by the SANET civic association (hereinafter referred to as the “SANET CA”) through its member organizations that operate the SANET computer network nodes. UPJŠ KE is one of the CA SANET members.
3.3 The UPJŠ Information and Communication Technologies Centre (hereinafter “ICTC) at Šrobárova 2, 041 80 Košice, shall operate in charge of the administration of the SANET CA network node.
3.4. SAUNET is assigned the upjs.sk domain.
3.5. The SAUNET network central node is located in the ICTC premises, where the SAUNET backbone network and the ns.upjs.sk primary domain server of the IP address 188.8.131.52 are located.
3.6. The SAUNET computer network is of a hierarchical structure. It is divided into:
a) the SAUNET backbone network with the University SANET node, and
b) the SAUNET local computer networks.
3.7. The SAUNET computer network comprises the following local computer networks:
a) the UPJŠ KE ICTC Local Computer Network,
b) the UPJŠ KE Rectorate Local Computer Networks,
c) the UPJŠ KE University Library Local Computer Network,
d) the UPJŠ KE Student Dormitories and Canteens (SDC) Local Computer Network,
e) the UPJŠ KE Faculties local computer networks,
f) the UPJŠ KE Institute of Information Science and the Institute of Physical Science Experimental Computer Network.
Connecting to the SAUNET Network and the Green Border
4.1. Each of the UPJŠ KE units shall have the right to connect to the SAUNET Computer Network by at least one inlet to the switch or the router in the next information switchgear, which is located either in the SAUNET network or the SANET network.
4.2. Only the ICTC shall have the right to provide third party access to the SAUNET computer network free of charge or for reward.
4.3. Organisations outside UPJŠ KE may connect via the SAUNET computer network to the SANET network only on the condition they are members of the SANET CA and simultaneously fulfil the conditions laid down in that civic association.
4.4. We refer to the connecting point between the SAUNET backbone network and the local computer network as the green border. It divides the responsibility for administering the SAUNET network among the UPJŠ KE units.
4.5. The green border includes a manageable network active element (the network switch or the network router), for the administration of which the relevant administrator of the local computer network shall be in charge.
4.6. The local computer network administrator shall provide access of the ICTC to the
green border in cases necessary for ensuring integrity and security of the SAUNET
Computer Network Administrator
5.1. The SAUNET computer network administrator (hereinafter referred to as the “computer network administrator”) is a UPJŠ KE employee in charge of the operation of the backbone part of the SAUNET network (hereinafter referred to as “central administrator”), or for the operation of the local computer network (“local administrator”).
5.2. Each of the UPJŠ units shall have their own local computer network administrator whose expertise or experience in the field corresponds to the scope of that work.
5.3. The local computer network administrator shall be the first consultant to all the eligible users of the relevant local computer network of in the field of functional operation of the network and in resolving any resulting fault conditions.
5.4. The computer network administrator is a member of the Virtual Information Centre (hereinafter referred to as “VIC”) and the contact person for the ICTC for the corresponding local computer network in resolving any problems in the SAUNET computer network.
Responsibilities and Obligations of the Computer Network Administrators
6.1. Responsibility for the SAUNET computer network administration shall be with the ICTC.
6.2. Responsibility for the SAUNET local computer networks administration shall be with the following UPJŠ units:
- Local Computer Network – Local Computer Network Administration
- University Library Network – UPJŠ University Library
- Rectorate Network – ICDC
- SDC Network – SDC
- UPJŠ FS Experimental Network – FS UPJŠ Institute of Informatic Science
- UPJŠ Faculty Network – UPJŠ Faculty
- ICTC Network – ICTC
6.3. The central computer network administrator shall be in charge of the following:
a) the SAUNET networking,
b) development, technical and system administration of the SAUNET network backbone part, the UPJŠ Rectorate local computer networks, and the faculty-wide information systems (excluding the Library Information System).
6.4. The computer network central administrator shall be in charge of the following:
a) ensure coordination of network services, consulting and advisory services in the areas covered by these Rules of Operation,
b) ensure integrity and availability of the SAUNET computer network.
6.5. The local computer network administrator shall be in charge of the following:
a) technical and system administration of the local computer network of the UPJŠ KE individual units from the green border up to the connected user device,
b) correct setting of communication parameters of user devices connected to the local computer network,
c) compliance with the conditions for connection to the SAUNET computer network under Article 9 of these Rules,
d) immediate disconnection from the local computer network of such user devices whose performance violates these Rules of Operation,
e) investigate the causes of breaches of these Rules of Operation and their removal,
f) security of the local computer network.
6.6. The local computer network administrator shall:
a) assign IP addresses from the range as allotted to the local computer network from the ICTC,
b) keep records of user devices, including the details of authorized users, keep these up to date and provide it to ICTC for the purpose of central registering of end-user devices,
c) monitor and receive information from the ICTC on the status of the SAUNET computer network and inform the authorized users in the relevant part of UPJŠ KE,
d) use monitoring and diagnostic techniques,
e) ensure the training of authorized users in the relevant part of UPJŠ KE so that their computer skills match the requirements of the Rules of Operation,
f) enhance his/her qualifications by studying and attending courses and professional ventures,
g) acquaint oneself with the new features of the SAUNET network under the VIC guidelines
h) consult fault conditions and communication problems of legitimate users of the UPJŠ KE units in the local computer network,
i) wherever the problem or fault exceeds the green border, notify the ICTC on that condition,
j) in the identification and subsequent removal of the cause of the fault condition cooperate with the local computer network administrator or the ICTC staff,
k) maintain documentation on the local computer network.
Authorizations of the computer network administrators
7.1. The central computer network administrator shall be authorized to the following:
a) In the case of ensuring the integrity and security of the SAUNET computer network disconnect the specific end-user device or a SAUNET computer network segment.
7.2 Local computer network administrator shall be authorized to the following:
a) require cooperation from the ICTC to resolve the problem in the local computer network,
b) be informed about the concepts, plans, and innovation of the SAUNET network,
c) propose innovation to the SAUNET computer network ,
d) ensure integrity and security of the local computer network to restrict or prohibit the use of the network services.
Coordination in the computer network administration
8.1. The computer network administrators shall cooperate with each other in ensuring the operation of the SAUNET computer network and removing any potential problems.
8.2. Any disputes between an authorized user and the computer network administrator shall be addressed by the department management, which administers the relevant network element, due to the use of the dispute emerged.
8.3. The UPJŠ KE units shall cooperate with ICTC in addressing the conceptual issues of the SAUNET networking and participate in the preparation of proposals to address them.
8.4. The personnel departments of the University units and departments of study affairs shall report any changes affecting the authority to use the SAUNET network to ICTC on time. In the case of staff, the issue of concern is a change in employment relations, in particular the emergence, change, and termination of employment or another employment. In the case of students, the issue of concern is any change in their study, especially their enrolment for study, interruption of the study, exclusion from the study, or completion of the study.
8.5. Any verification and implementation of new network services in the SAUNET network, which may adversely affect the operation of the SAUNET backbone network, shall only be possible with the consent of the ICTC. On the local networks, validation and deployment of new network services shall only be possible with the consent of the department, which administers the local computer network concerned.
8.6. The computer network administrators shall communicate with each other by using the conference firstname.lastname@example.org.
Telecommunications Operation and Privacy
9.1. Under telecommunications operation for the purposes of these Rules one shall
• traffic data,
• location data.
9.2. Any details regarding the extent of retention of the telecommunications operation shall be regulated by the methodological guidance issued by the ICTC.
9.3. Only the ICTC shall be authorized to issue the telecommunications operation data. Any application for the issue of such data addressed to the local computer network administrator shall be forwarded to the ICTC.
9.4. The generally binding regulations and the UPJŠ KE internal by-laws governing the protection of privacy shall apply mutatis mutandis to the use of the SAUNET computer network.
Using the Computer Network
10.1. The authorized user of the SAUNET computer network (hereinafter the “authorized user”) is an end user who is:
- a staff member in employment relationship with the UPJŠ KE (hereinafter referred
to as “employee”),
- a student at UPJŠ KE in any form and at any level of study (hereinafter referred to
as “student”) or
- another individual.
10.2. A student at UPJŠ KE is an authorized user from the date of the beginning of their
study to the date of the completion of their studies.
10.3. An employee of UPJŠ KE is an authorized user from the date of emergence of their
employment contract to the termination of their employment contract.
10.4. Another physical entity is an authorized user, if so provided by these Rules of
10.5. A guest of the University may be an authorized user only after granting the
authentication data, information on the terminal equipment, and after the approval by
the UPJŠ KE central/local computer network administrator and only for the duration
of their being a host at UPJŠ KE.
Rules for Connection to the Computer Network
11.1. The authorized user shall obtain authorization for access to the SAUNET network on registration with the competent local computer network administrator. On registration, the authorized user shall undertake to comply with these Rules in writing or in any other appropriate form. Details regarding the registration shall be governed by the relevant rules of system operation of local computer networks or by the guidelines issued by local computer network administrators.
11.2. The authorized user shall be authorized to connect their end user device to the SAUNET computer network.
11.3. For the purposes of these Rules of Operation, the server shall be considered the end user device.
11.4. Connecting any user device of the authorized user shall be subject to registration requirements with the local computer network administrator, who is in charge of the relevant part of the SAUNET computer network, which includes the connection point for such a device.
11.5. The user device shall not be connected directly to the router or the switch of the SANET computer network.
11.6. Only an end-user device may be connected In the SAUNET computer network, which device:
a) contains the application equipment and application settings to ensure adequate security protection (e.g. anti-virus protection, use of secure passwords),
b) contains a legal operating system for which there exists official support from the manufacturer of that operating system.
11.7. Details regarding the conditions imposed on the end user device may be regulated by the methodological guidance issued by the ICTC.
11.8 The local computer network administrator shall also keep records of end-user devices in the central database of user devices of the information system administered by the ICTC (hereinafter referred to as “central database”).
11.9 The end-user devices are identified in the SAUNET computer network by the following details:
a) IP SAUNET address,
b) MAC address,
c) the name of the authorized user who is in charge of the user device,
d) the UPJŠ KE unit having the user device registered in its records.
11.10 The end user device, lacking any of the identifying information mentioned in the preceding paragraph of these Rules shall not be connected in the SAUNET computer network.
11.11 An exception to the previous rule is an IP address of the following ranges:
a) 10.0.0.0 – 10.255.255.255,
b) 172.16.0.0 – 172.31.255.255,
c) 192.168.0.0. – 192.168.255255.
11.12. Each server shall have an administrator who shall be in charge of the operation of the server, and all the servers shall be registered at the UPJŠ KE ICTC. Connecting the server to the SAUNET network shall be subject to approval by the UPJŠ KE ICTC or by the local computer network administrator regarding the location of the connection point of the server.
Authorizations and Obligations of the Computer Network Users
12.1. The authorized user of the SAUNET computer network shall be entitled:
a) to use the SAUNET computer network and the network services provided under it,
b) to inquire into the reasons for unavailability of the SAUNET computer network,
c) to inquire into the manner of operation of the SAUNET computer network.
12.2 The authorized user of the SAUNET computer network shall:
a) protect their user permissions and not to provide these to other persons,
b) follow the instructions of the central or local computer network administrator,
c) when working in other computer networks, the user shall observe the rules that apply in those networks,
d) behave in the SAUNET computer network in accordance with these Rules of Operation,
e) take adequate care for their terminal device so that it meets the conditions imposed on the end user device under Articles 10.6 and 10.7 throughout the entire period of staying connected in the SAUNET computer network.
Penalties for Violation of the Rules of Operation
13.1. It is illegal to use the SAUNET computer network for activities that are contrary to the law in force in the territory of the Slovak Republic or good morals.
13.2. In addition to the above activities, the activities are specifically prohibited that:
a) annoy other users,
b) create or transmit illegal materials, or allow such activities,
c) allow or implement the transmission of unsolicited commercial or advertising
d) allow or implement any intentional unauthorized access to devices and services
accessible via the computer network,
e) lead to network congestion, overloading the servers, and reducing the availability
f) provide authentication data to third parties.
13.3. In the event that the network identifies the end-user device that fails to meet the requirements of these Rules of Operation, or the authorized user of these devices carries out activities under Articles 13.1 and 13.2 of these Rules, the local computer network administrator or the central computer network administrator shall have the right to disconnect the device from the SAUNET computer network. In case the end-user device is disconnected by the central computer network administrator, the latter shall notify of the fact the local computer network administrator in whose local computer network the user device equipment has been identified.
13.4. The end user device disconnected under Article 13.3 of these Rules of Operation may be re-connected to the SAUNET network after removal of the reasons for the disconnection of the device.
13.5. The local computer network administrator shall be in charge for the removal of disconnection of the end user devices, with whom the device in question has the connection point.
13.6. In extremely serious threats to the SAUNET computer network, the central computer network administrator may disconnect the local computer network, which is a source of threat to the SAUNET computer network for a period of time strictly necessary to remedy a serious threat to the SAUNET computer network. The central computer network administrator shall inform the local computer network administrator of such disconnection.
13.7. Upon repeated violation of these Rules of Operation, the local computer network administrator or the central computer network administrator shall have the right to temporarily or permanently disconnect any end-user devices of the authorized user of the computer network, given the scale and intensity of activities that are not in accordance with these Rules.
13.8 In case of a serious breach of these Rules, notably in the case where there are reasonable grounds to suspect the commission of crime, the local computer network administrator or the central computer network administrator shall have the right to propose disciplinary proceedings against the authorized user who performs any such activities.
Special Computer Networks
UPJŠ KE Wireless Computer Network
14.1. Under the UPJŠ KE wireless computer network (hereinafter referred to as “wireless computer network”) one shall understand the part of the SAUNET backbone network that meets a set of standards for a wireless network (IEEE 802.1).
14.2. The previous sections of these Rules shall apply mutatis mutandis to the wireless computer network.
14.3. The authorised users access the wireless network through the access points (“the AP devices”).
14.4. Requirements for technical and operational characteristics of the AP devices shall be regulated by the methodological guidelines issued by the ICTC.
14.5. Before using the wireless computer network, authentication of the authorized user shall be required by their identification particulars (e.g. name and surname, e-mail) and the password assigned to them.
14.6. The wireless EDUROAM UPJŠ KE computer network (hereinafter referred to as ” EDUROAM computer network “) is part of the wireless computer network, which is part of the EDUROAM project (education roaming) and allows access to the computer network for users of the institutions involved in that project. By connecting to the EDUROAM computer network, these users become authorized users during the time of their being connected to the EDUROAM computer network.
14.7. In addition to these Rules of Operation, the authorised users of the EDUROAM computer network shall also observe the roaming policy determined by the SANET CA computer network coordinator.
14.8 Creating and using one ́s own local wireless computer network is prohibited.
Virtual Private Network
15.1 The Virtual Private Network (hereinafter referred to as “VPN”) is part of the SAUNET computer network whose purpose is to make the SAUNET computer network and its network services available to authorized users for the purposes referred to in Article 1.2 of these Rules of Operation.
15.2 For VPN, other parts of these Rules of Operation shall apply mutatis mutandis.
General and Final Provisions
16.1. Rules of operation of local computer networks shall comply with these Rules of Operation. These operational rules govern in greater detail the administration of local computer networks, they shall specifically regulate logging of user devices to the local computer network, the rights and obligations of the local computer network administrator, and the rights and obligations of the computer network users.
16.2. The network services provided by the SAUNET computer network shall be governed by specific rules of operation.
16.3. These Rules of Operation cancel the Rules for the Administration and Use of the UPJŠ KE SAUNET Computer Network dated 01/2/2004 within the meaning of Amendment No. 1 dated 20/02/2007.
16.4. These Rules of Operation shall become effective as of 01/10/2014 and shall be binding on all the users of the SAUNET computer network.
In Košice on 08/09/2014
Prof. MUDr. Ladislav Mirossay, DrSc., m.p.