User Policy of the Corvinus University of

Budapest network

(Acceptable Use Policy)

Version 2.2
Last update: 20.09.2019

János MOGYORÓSI
Director
Corvinus University of
Budapest
Information Technology Service Centre

1
Table of contents

I. Introduction ..................................................................................................................... 3

II. Definitions ........................................................................................................................ 3

III. Connection options, scope of available services ............................................................. 4

IV. The purpose of the CORNET network .............................................................................. 5

V. The use of the CORNET network ..................................................................................... 5

VI. Users’ obligations............................................................................................................. 7

VII. Compliance with the Policy; Penalties for Policy breaches ............................................. 7

VIII. Rules applicable to users and services............................................................................. 8

IX. Scope of the Policy ........................................................................................................... 9

2
I.
I. Introduction

(1) The present document (hereinafter referred to as Policy) regulates the use of the
Network of Corvinus University of Budapest (CORNET) for the users of the services. This
Policy follows the principles established by Gov. Decree No. 95/1999 (VI.23.) and the User
Policy of the NIIF Program.

II. Definitions

“ISZK”: The independent central organisational unit of the Information Technology Service
Centre (in Hungarian: Informatikai Szolgáltató Központ). The director of ISZK is entitled to
represent and manage the Information Technology Service Centre.

“KALK”: Department of Central Applications (in Hungarian: Központi Alkalmazások Osztály)

“FTO”: Department of User Support (in Hungarian: Felhasználótámogatási Osztály)

“Reliable computer”: all devices which are in the domain of the university (BCE), and which
are operated and maintained by the workers of the ISZK. The security of the computer is
guaranteed by automatisms. Users cannot get administrator access to these computers, and
users cannot install programmes.

“Unreliable devices”: all devices which are not in the domain of the university; the
maintenance and administration of such devices shall be carried out by the users.

“System administrator”: a worker of the ISZK, who is responsible for the operation of the
university information technology systems.

“Content administrator”: a person responsible for the supervision of one university

application – e.g. Neptun, Gólya, Poszeidon, common storage -, a person who maintains a
user database, grants authorisations, but who is usually not responsible for the operation of
the server servicing such application. The identity of the content administrator shall be
decided by the head of the organisational unit concerned.

“User”: any person who uses any service of the information technology systems of BCE.

“Internal user”: any person who has employment, lecturer or student legal relationship with
the university.

3
“External user”: any person who does not have any of the above legal relationships with the
university; such persons may use the services only for fixed periods, e.g. library registration
holder, person with service contract, guest professor, etc.

“Cusman identifier”: the university information technology systems may be accessed

through application; the person granting access shall be the head of the organisational unit
concerned. The head of the organisational unit concerned shall decide the systems to which
the user may have access. Only those users have Cusman identifiers the legal basis of use of
whom is verified and confirmed.

“CORNET network”: the network of Corvinus University of Budapest, which is operated by

the Information Technology Service Centre (in Hungarian: Informatikai Szolgáltató Központ;
ISZK).

“CORNET institution”: the institutions served by the CORNET network (faculties,

independent organisational units not attached to faculties)

“CORNET user circle”: the end-users served by the CORNET network

“NIIF services”: The network connection, network and information services provided to the
NIIF member institutions by the NIIF Office or the NIIF member institutions, in the
framework of the contract concluded with the NIIF Office, as well as the infrastructure
provided for the services directly by the NIIF Office or its contractual partners.

III. Connection options, scope of available services

(1) The central applications of the university may be accessed through Cusman username
and password, after which the services may be accessed depending on the
authorisations given by the content administrators.

(2) The identification is carried out by name. In cases where this is not possible – e.g.
library day pass – the authorisations related to the user identifier will be restricted.

(3) The entire range of the authorised university services may be accessed with the help
of reliable devices and if the user has proper user authorisation, after user
identification.

(4) The network may be connected with unreliable devices only after user identification,
thus access to the public services and to the Internet will become possible for those
university citizens who have VPN access.

4
(5) The list of services behind the VPN are included in an annex. Critical services may be
accessed via protected VPN. The scope of critical services will be decided by the ISZK,
while the scope of users will be decided by the content administrator.

(6) In order to access the servers, we provide special VPN service to the developers of
the internal systems operated at the university.

(7) The ISZK shall decide the list of unauthorised ports, services and software in its own
discretion, while bearing information technology security in mind.

(8) In order to ensure the security of the university common storages, these files may be
accessed from reliable computers only.

(9) The university user passwords shall be replaced from time to time, as specified by the
ISZK.

IV. The purpose of the CORNET network

(1) The purpose of the CORNET network is to ensure local, national and international
computer network connections and information services to the CORNET users for
educational, scientific and cultural purposes. The end-users may use the network for
the above purposes.

(2) This also includes the use of the network for purposes connected to the
administrative and informational tasks related to the basic activity of the institution.
Use of the network for private purposes (e.g. private correspondence) is allowed to a
restricted extent, provided that such use does not constitute use for business
purposes.

(3) Within that the network may be used for all activities which are not prohibited by
Section IV. Anybody who connects to another network through the CORNET network
is using an outsider service provider and shall also comply with the rules applicable
for the outsider network. Accordingly, with respect to traffic outside of the
University, the rules of the NIIF network shall be taken into consideration primarily.

V. The use of the CORNET network

(1) The network shall not be used for the activities specified below, and shall not be used
for attempts aimed at such activities.
(2) Act in violation of the valid Hungarian law, including, but not limited to the following:
infringement of the personality rights of others; acts aimed at earning prohibited

5
 gain (e.g. pyramid scheme, Ponzi scheme); copyright infringement; wilful and
conscious illegal distribution of software.

(3) Managing the transit traffic among parties who do not belong to any CORNET
institution.

(4) Activities in violation of the rules of other – Hungarian or international – networks

related to the CORNET network, provided that such activities concern such networks.

(5) Transferring – including transferring in good faith - the services of the CORNET system
to non-CORNET institutions, users. The users shall endeavour to make the systems
managed by them prevent this (e.g. open mailing gateway).

(6) Direct business activity aimed at earning profit, distribution of advertisements.

(7) Activities disturbing, jeopardising the normal functioning of the network or other
networks, the distribution of such information, programmes.

(8) Activities using the network or the resources thereof without justification or wilfully
excessively, in a wasteful manner (e.g. mail bombs, network games), unauthorised
access or unauthorised use of the resources of the network or the data available on
the network, the excessive, systematic testing, trying of the computer/services, even
if for testing purposes.

(9) Activities aimed at the unauthorised modification, damage or destruction of the

resources of the network or the data available on the network.

(10) Activities defamatory others, activities offending or harassing the religious, ethnic,
political or other sensitivities of others (e.g. hardcore pornography, distribution of
paedophile materials).

(11) Disturbing or hindering the work of others without justification and excessively (e.g.
unsolicited letters, advertisements).

(12) The excessive use of the network resources for private purposes.

(13) Using the network resources or services for purposes which are foreign to the original
objective of the resource/service (e.g. sending messages to news groups/mailing lists
which are not related to the topic of the group/list).

(14) Forging network messages, network devices: giving the impression as if a message

6
 originated from another computer or another user (spoofing).

(15) It is prohibited to connect the network to any non-client network device (e.g. router,
switch) or to divide the network further.

(16) At the university it is prohibited to disturb those devices installed by the university
which use radio frequencies (e.g. WiFi, sound system).

(17) Only those devices may be connected to the network which align with the network of
the BCE and which do not jeopardise the functioning thereof. Workers of the ISZK
may deny connecting any device, provided that the device concerned is dangerous to
the information technology system of the university.

VI. Users’ obligations

(1) The user of CORNET are obliged to read and understand the present Policy.

(2) Any user who uses the services of other network through the network of CORNET
shall be obliged to comply with the rules applicable to the outside network as well.

(3) The users of CORNET shall be liable for all damages caused by them according to
general rules of civil law.

(4) If the Code of Ethics is breached, the users of CORNET shall help the Information
Technology Service Centre in detecting the damages and in eliminating the
consequences of the damages occurred.

VII. Compliance with the Policy; Penalties for Policy breaches

(1) Users shall be personally responsible for the network traffic generated by then or their
devices.
(2) The enforcement of the terms of use shall be task of the network manager. In case of
dynamically distributed addresses (e.g. DHCP), the organisational unit (group)
distributing the addresses shall be liable for the address range and shall keep records
of the related user physical addresses.

(3) Penalty for the wilful and serious breach of the Policy shall be temporary or
permanent exclusion from the network services. If the breach of Policy is minor or

7
 cannot be considered wilful, then the perpetrator shall be given a warning and shall
be notified of the Policy. Any repeated offence after a warning shall be considered as
wilful. If necessary, the ISZK may initiate legal procedure; in case of students the ISZK
may refer to the Vice-Rector for Education, and to the head of the organisational unit
in case of employees.

(4) In case of disputes the opinion of the Ethics Committee of the NIIF shall prevail.

(5) In order to avoid the larger damage, the ISZK network management may restrict or
suspend the traffic of the sub-system concerned. If it knows the address of the
person breaching the rules, the ISZK may also carry out the partial or complete
screening of the address specified.

(6) The ISZK endeavours to prevent damages and to eliminate the consequences of
damages occurred, however, the ISZK is unable to undertake liability for the possible
damages arising from the breach of the Policy. In accordance with the prevailing
technical opportunities, the network management endeavours to prevent
unauthorised persons from accessing the information and data transmitted through
the network or accessible on the network. Until the technical opportunities do not
enable this to be guaranteed, the users should place or send information on the
network in awareness of this fact.

(7) In the Information Technology Service Centre, the persons responsible for the
operation of the network and the services may access the data of the users only for
technical or security purposes, as well as if there is any suspicion of any Code of
Ethics violation. Access to the data is allowed to the extent necessary and only with
the proper notifications of the parties concerned. They shall not disclose the
information acquired in this manner to anybody, and shall not publish such data. An
exception is if there is suspicion of any Code of Ethics violation, in which case the
information may be disclosed to the competent persons authorised to investigate.

VIII. Rules applicable to users and services

(1) The ISZK shall have the power to implement further measures reasonably regulating
the traffic of the network, which measures will be announced. Compliance with such
measures is mandatory.

(2) The institutions related to the University (Central Library) may operate their own
servers on their own sub-systems. These servers shall be operated and configured so
that they are appropriate from the data security point of view. This means that
everybody shall ensure the protection of their own data and resources. The owner of

8
 a server has the obligation to prevent the unauthorised use of the server, as well as
unauthorised access is gained to the services of CORNET and the confidential data of
the University through such unauthorised server access.

IX. Scope of the Policy

(1) The present Policy shall be valid from the announcement and until the withdrawal
thereof.