1. Nomination of Administrators
Maintenance of information systems is designated to the persons who maintains systems.
When irregularities are found, the decision and the extent of further protective measures are processed by the system administrator/administrator, assisted by the ICT Services Information security team.
2. Maintenance Rule
As a system administrator maintenance personnel have the opportunity “to full rights,” that is, the administrator will be able without breaking protections read the contents of any file, start or stop any program and monitor all running processes and operations. Because administrator rights to technical maintenance at its surroundings are practically unlimited, they are fundamentally at odds with the users of fundamental rights and privacy.
As a result, each admin is obliged to comply with this Code of Conduct, which defines a good approach to the maintenance personnel.
The administrator can not disclose any of things they receive to third parties. The administrator does not use any of the information to non purposes. In particular, the administrator undertakes not to reveal any other users’ private information received in his status and in tasks . (Breach of official secrecy, read the RL 40 § 5).
The administrator does not need to know user’s password for carrying out its duties and shall not inquire it from the user.
2.3 Respect for privacy
The management of information systems take into consideration persons right to privacy and confidentiality of communications. Oamk, however, reserves the right to determine what kind of content in Oamk’s managed information system may be stored, and for what purpose they are used. Same applies to Oamk’s managed data transport in the communication network.
If the user requests to manage their files, the administrator must ensure the user’s identity in an appropriate manner, for example by an official identity card. The administrator may contact you with the phone number or e-mail which are found from Oamk’s information systems. If an administrator suspects that a username is in the wrong hands, the user account will be locked and the user will be contacted by telephone for further investigations.
2.4 Processing E-Mails
The point is that the secret of an individual user’s personal e-mail and other telecommunications network managed over electronic communications is inviolable. In accordance with government information management internet security guidelines, ordinary e-mail is virtually treated like a post card because of the secrecy of communications, since it passes unencrypted network and mail servers. The Finnish Constitution states that the secrecy of letter, telephone and other confidential communications is inviolable. E-mail is confidential, unless it is intended to be universally received. Anyone who has received or otherwise became aware of a confidential e-mail, which is not intended for him, can not reveal the contents of the message or use the knowledge gained from the message in advantage.
Confidential messages are never allowed to read without a permission. Since confidential messages are difficult to distinguish from other messages, you can assume that other person’s e-mails may not be read without the consent of this person.
User mailboxes may be entered in the following situations:
- under of the user’s consent (opening a single e-mail box may be necessary, for example, when the mail file prevents the mail server function and is not transferred intact to remove the fault)
- various disturbances in an e-mail as a user request, to clarify related e-mail problem situation. In this case, the administrator can open the e-mail file to determine whether the information contained includes errors that prevent normal processing or reading e-mail. Such operation is done only with the permission of the user.
- message being delivered trough the postal system may need to be (at least partially) opened in such a situation, when the mail system is not able to deliver e-mail due to insufficient or damaged structure or content. In this case, the administrator will not read the contents of the message. However, the address or the identity of the sender or recipient, or other proxy information may be necessary to check to fix the situation.
Note that handling a bulk spams may be harmful to the system capacity. Mass mailings are hedged with necessary means, for example, the mail server may refuse to accept certain servers or certain other e-mails which meet characteristics. The receipt of the refusal may be necessary to protect users and systems, even when limiting the users’ right to free e-mail traffic. In the possibility of restricting the use of e-mail we maintain as far as possible with the civil service guidelines.
If you want to make sure that the messages will not reach anyone unauthorized, it can be encrypted with PGP. In this case, the situation is clear to the maintenance. Information needed for message transmission and solving problem situation can be found in the message header without a message is revealed to maintenance personnel. (Compare: sealed envelope that has the recipient and sender information on the shell, but the content of the letter does not appear.)
When e-mail is received and transferred from the incoming mail box, it will have the same protection as any other ordinary files of the user.
2.5 Handling of other files
Administrator has no general right to read or otherwise process the contents of files owned by other users if their security will not allow it anyway.
However, the administrator has the right to handle files, for example, if
- the user has given a permission or if the user has requested the administrator to sort out the problem situation which requires reading the user-owned files, or parts of it, in which case the user has realized this.
- has reasonable grounds to suspect that a user ID has fallen into the wrong hands, and that it possesses files or programs that present a danger or threat to the functionality or security of the system. In such a situation, an account will be locked immediately and the user is contacted immediately after this to investigate the matter.
- has reasonable grounds to suspect that a user ID holder himself is guilty of a misdemeanour and may be assumed that certain files owned by the user is evidence of abuse. In this case, the administrator shall notify about suspicions and the justification for the other operators of the same system and the ICT Services and the user will be contacted to clarify the matter.
- the user owns programs, scripts or initialization files that cause serious disturbances in the functioning of the system. In this case, if necessary the administrator can check a file’s contents and prevent its operation. Such a measure will be informed to the other operators of the same system and file owner.
User directory and file settings, and any initialization files may also be changed if necessary as part of normal maintenance activities. The settings and initialization files is reviewed regularly as part of normal security work.
System temporary file directory and the user’s home directory of temporary files can be removed as part of a normal disk space maintenance.
2.6 Monitoring Directories and File Lists
In normal maintenance operations the administrator can not avoid seeing directories and file lists owned by users. Processing directory structures, file names, date of change, size and security level, as well as other information on the file is part of normal maintenance activities.
If it is found that any file or directory protections are too weak, the webmaster has the right to change the security level to necessary levels.
2.7 Monitoring of programs, processes and operations
Administrator follows the programs running on systems as a part of normal maintenance activities. If a process is causing problems or excessive load on the rest of the system, it can be stopped by administrator privileges. Similarly will be done to processes that are found contrary to the instructions and regulations issued by the maintenance. Such a measure is intended to inform the owner.
When detecting disturbance or a substantial burden that hinders the communication network capacity, traffic can be prevented by the administrator.
2.8 Processing of log data
Operation and use of information is stored in the log in the following purposes:
- In order to achieve, develop and to ensure information security of the service,
- privacy protection of information contained in the systems,
- detect and repair possible problems and technical defects, as well as
- to detect the misuse of the service, in order to prevent, investigate and bring to preliminary investigation.
A large part of the systems store various logs of users’ actions and visits in system. These logs are essential when explaining the error situations, or abuse. In most cases, the log files are protected so that only the administrator can view them, but in some systems, ancillary services are offered. Through which for example, operational statistics will be displayed to other users as well as to administrator.
Maintenance personnel use a number of log files continuously as a part of a normal maintenance work. Monitoring logs is process and device oriented, and in normal situations it is not tracking individual user. Detailed log information is treated as confidential and shall not disclose any information to anyone. There are two exceptions:
- If the police authority makes a request for log data, they are released in the extent as the Coercive Measures Act police powers or court order require. The transfer is recorded.
- When combat hacking or protecting against data burglary or other unauthorized use, can be (and it is generally necessary) to co-operate with the administrators or service providers from other systems to determine or isolate the origin of the intruder. In this case, it may be necessary to disclose information relating to an individual user. Disclosure of information is always limited to usernames, which may be expected misappropriated or that the holder can be expected to be guilty of an offense.
2.9 Network load tracking and limiting transmission
Oamk offers information system services and network for users, as a rule, free of charge. Oamk, however, is paying a substantial amount on acquiring and maintaining its own hardware and network connection outside. Since capacity is limited, its use must be monitored in order to obtain any unnecessary load or controlled rationally.
Normal load monitoring only monitors the amount of data transferred, not the content. Monitoring the load is normally only bound to a hardware so the user data is not seen. When the load is monitored, no maintenance can not avoid seeing the sender and recipient’s location online. Likewise, the information is displayed about what is the communication protocol.
Monitoring of load and communication, it is possible that the administrator sees the sender and the receiver’s network addresses, as well as the transport protocol. Individual user activity is usually not monitored; Monitoring is allowed only when resolving communicate interference situation.
(In the basis of the text is used operating rule written by Maintenance of the rule group from Tampere in January 31 2001. Oamk IT Services and IT have specified, and updated those rules of operation in March 23 2014. Oamk’s information security officer’s task were transferred to the ICT Services’ Information security team: this information was updated on this page in June 23 2020.)