DFN Order

Translated with DeepL.com

Rules of Use for the Interaction of Users of DFN Communication Services

- adopted by the Executive Board of the Association for the Promotion of a German Research Network (DFN-Verein) on 16.05.1994 and amended on 09.08.2001 -

The aim of the user regulations is to regulate the cooperation between users. In order to achieve this goal, a number of supporting organizational measures are required by the using institutions and rules of conduct are set up for a reasonable use of the network resources and to avoid misuse.

The user rules are primarily addressed to persons responsible for providing communications services at DFN-Verein member institutions. It is expected that each institution will inform its end users of these user rules. In addition, it is recommended that locally provided communications services establish their own user regulations that are consistent with or reference the guidelines established in this document.

Adherence to these rules is in the common interest of all parties involved, as the waste of network resources or their misuse may lead to an increase in user fees and irregularities in the use of services.

1. scope of application

The user regulations refer to the DFN services which are provided on the basis of the scientific network (WiN) and serve to provide the using institutions with an efficient and trouble-free communication infrastructure.

On the

one hand, these are the WiN with transitions to other networks provided for communication, on the other hand, the infrastructure for electronic mail (e.g. gateways and relays) and information services.

2. requirements for the using institutions

Each institution participating in the DFN takes care of the tasks of the network administrator, the person responsible for network security, the postmaster and the persons responsible for applications as well as for consulting and training. The tasks do not necessarily have to be performed by different persons in the institution. Depending on the size of the facility, one person will perform more than one of the duties described. However, it is necessary for each facility to assign the persons responsible for the above functions to perform the duties.

2.1 Network administrator function
DFN-Verein recommends assigning the following tasks to the local network administrator of the institution: The network administrator shall ensure

the functionality of the customer router (KR),
network administration (router configuration and management, IP address assignment),
domain administration (operation of the name server, administration of zone data and domain name assignment),
structuring of data flows,
error detection, error reporting and troubleshooting,
ensuring uninterrupted operational readiness

contact with DFN-Verein to ensure trouble-free WiN access

2.2 Function of a person responsible for network security

In order to be able to guarantee smooth network access, a person responsible for network security is to be appointed. This person is responsible for:

the security and safety of network access,
contact for notifications of abusive behavior by individual users and for notifications of web pages with punishable content,
administration and maintenance of the firewall systems of the facilities

2.3 Postmaster function
For the smooth operation of the mail service, a postmaster should be appointed to perform the following tasks:

Maintain mail server,
provide mail services at the local level,
maintain address tables,
contact point for mail problems for end users and gateway and relay operators.

2.4 Function of a person responsible for applications and information services

A person responsible for applications shall be appointed for the following tasks:

Maintenance of the services offered (news server, FTP server, WWW server), maintenance
of other communication services,
error management.

2.5 Advisory and training function

The exercise of this function is necessary to avoid incorrect operation by the end users. It is composed of the following tasks:

Providing a telephone counseling service during working hours,
providing information and training materials,
educating end users on the effects of misuse,
educating them on privacy issues

3. Misuse

3.1 Abusive use
Abusive use is the use of DFN services if the behavior of users violates relevant protective regulations (including criminal law, youth protection law, data protection law).

On the basis of their expertise, users of the communications services shall be presumed to be aware of the respective relevance, in particular under criminal law, of computer crime, the distribution of pornographic images and writings, or the theft, modification or other manipulation of data and programs. This expertise also refers to the sensitivity of the transmission of data that is likely to infringe the personal rights of others and/or their privacy, or to violate existing copyrights or licenses based on them.

Usage that fulfills the following, non-exhaustive list of constellations of circumstances is also to be described as abusive

Unauthorized access to data and programs, i.e., in the absence of consent, unauthorized access to information and resources of other authorized users
Destruction of data and programs, i.e., falsification and/or destruction of information of other users - in particular also by "infection" with computer viruses
Network obstruction,
obstructions and/or disturbances of the network operation or other users participating in the network, e.g. by
* massive load of the network to the disadvantage of other users or third parties, e.g. by spamming
unsecured experimenting in the network, e.g. by attempts to "crack" passwords,
* unannounced and/or unjustified massive load of the network to the disadvantage of other users or third parties.

3.2 Recommendations to the using institutions to prevent misuse

In the case of misuse of DFN services, a rough distinction can be made between misuse due to ignorance, negligent misuse and intentional misuse. Depending on the type of misuse, different activities are required to prevent it. They range from educating users, to increased technical security measures, to the threat of exclusion from use and liability for culpably caused damage.

A prerequisite for the clarification of misuse is that the persons who are granted access to the DFN are authorized by name. The institution granting network access may therefore only grant access to natural persons if the persons are authorized to use it.

Misuse due to ignorance and negligent misuse can be counteracted by performing the required training and advisory function and by raising awareness of the effects of incorrect usage behavior on other users. This includes, in particular, requiring end users to keep confidential all passwords needed to access communications services and encouraging them to choose their passwords in such a way that they cannot be decrypted by simple crack programs.

In addition, communications service providers should provide procedures, to a reasonable extent, to preserve and protect the personal nature and confidentiality of messages or sensitive data exchanged electronically. Furthermore, facilities must be technically and organizationally equipped to minimize the collection, storage and use of personal data. Depending on the security relevance of the data, the following is recommended

Use of security mechanisms supplied by the manufacturer (e.g. password protection),
application of topological measures (separation of security-relevant systems by firewall systems),
adherence to security classes (see "Criteria for the Evaluation of Information Technology Systems Security" (ITSEC), Luxembourg 1991)

In cases where users are granted unrestricted access to certain databases, appropriate measures must be taken to ensure that users cannot gain unauthorized access to other, non-public databases via this route. Furthermore, the operators are required to provide reasonable support to DFN-Verein in detecting and preventing unauthorized use.

In addition, end users should be made aware of the permissible use of communications services and the consequences of misconduct (e.g., exclusion from use) or warned of misuse by means of local rules and regulations.

4. consequences of violationsThe

institutions using the German research network are obligated to familiarize their end users with the usage regulations and the contents of the contracts with DFN-Verein that are relevant to them.

In the event of violations of the usage regulations, the using institutions are required to immediately stop the misuse and to inform each other

Should it be necessary to protect the interests of all institutions using the communication services of DFN-Verein, DFN-Verein is free to exclude individual persons or institutions from the use of the services offered or parts thereof due to the unauthorized use

In particularly serious cases where the unauthorized use constitutes a violation of applicable law, civil or criminal proceedings may be initiated.