Nevis Security Issues This is a general list of security tips at Nevis.

Some tips on mail security can be found here.

As research scientists, we normally don't like to think about system security. We don't do anything "secret" at Nevis; in fact, part of our job is to share our results with the public. However, although we are not as prominate a target as a bank or a government office, break-in attempts do occur. Please do your part to keep the system free of malicious or inappropriate use by following the guidelines below.


Password Protection

Choose a password with care.
Although the user passwords are protected from simple cracking attempts, this protection does not work if your password is easily guessed. Avoid the use of your name, the names of relatives, or any word in any language.

An excellent way to create a password is to start with a phrase that you're not likely to forget. Take the initials of the phrase, and substitute numbers or symbols for letters where appropriate. For example:

Another quick way to generate a password is with the apg program, which generates passwords that are relatively easy to memorize, but hard to guess.

Never give out any password to anyone.
If someone you trust needs to access a system at Nevis, just ask Bill. I will be happy to create a temporary account for them.

In general, we discourage the use of "group" or "guest" accounts, since it's impossible to keep track of who knows the password or who signs on. It takes only seconds for a new account to be created on our systems. If a large number of people need to access data on the system, then there are many schemes for allowing unrestricted access, including FTP and WWW. Please don't give out a password as a shortcut to less restricted access.

Use ssh instead of telnet, rsh, or rlogin

Note: When this section was originally written, the use of ssh was optional. As of 11-Oct-1999, this is no longer true: it is no longer possible to telnet, rsh, or rlogin to any machine on the Nevis Linux cluster.

ssh, (which includes slogin and scp) uses an encryption scheme to create secure connections between two computer systems. ssh only works if both computer systems are running sshd, the ssh daemon. It performs two basic functions:

Use scp or sftp instead of ftp

ftp has a major security flaw: an account name and password may be required to access a remote system, but the password is transmitted in clear text. A system cracker who is monitoring network traffic may be able to intercept your password.

If you use sftp or scp instead, your password will be encrypted before it goes over the network. A casual system cracker will not be able to intercept it.

Never put a "+" in a .rhosts file

If always you use ssh on all computer systems as suggested in the previous guideline, then this section does not apply to you.

The ~/.rhosts file in your local account contains a list of "trusted" systems and accounts. When you add an entry to this file, you allow a particular account on a particular system to log in (via rsh, rlogin, rcp, rdist, etc.) to your local account without typing in a password.

This is fine, as long as the account on the remote machine remains secure. Of course, if your account on one machine becomes compromised, all of your accounts on all the other machines listed in your ~/.rhosts file are compromised as well. And if the systems cracker is skilled, or is using a good cracking kit, then all the machines on which you have an account may be brought down. Therefore, please think carefully about using a ~/.rhosts at all. There are more secure ways to get your work done than using the rexec command.

What you must never do is put a "+" as an entry in either the system or account field of the .rhosts file. A "+" in the system field means that any system can access your local account as long as their account name matches the account field in the .rhosts file. A "+" in the account field means that anyone from the system listed in the system field can access your account. And if you put a "+" in both fields -- anyone from any system has full access privileges to your account.

Think about this for a second. Assume I'm a system cracker with a Linux box sitting on my desk. I'm the root user of my own box, so I can create any account I want. Seligman has an account on nevis1, and he's got 

+ seligman
in his ~/.rhosts file. So all I have to do is create a seligman account on my own Linux box and rlogin to seligman on nevis1.

Please consider scenarios like this before creating a .rhosts file.

Do not put any passwords in your .netrc file

If always you use scp or sftp to transfer files, then this section does not apply to you.

The ~/.netrc file in your account is used to speed up the ftp program: if you put a system, account, and password in this file, and ftp to that system, then the program will automatically log into that account with that password. The ftp program will only access the .netrc file if its access privilege is set by the command chmod go-rwx, that is, only your account and the root account can see the file.

This seems fine, unless the root account is compromised. Well, this has happened... and so all the passwords to other computer systems were visible to some system cracker. This meant that not only did people have to change the passwords on all the computer systems listed in their .netrc file, but they had to change their Nevis password if it was the same as that on any of those other systems.

Warnings

We do occasional security scans of our own systems to look for issues like those described above. If we spot a security hole associated with your account, we will contact you immediately. If there are any questions, please contact Bill Seligman.

Back to the Nevis Computing Page.

Up to the Nevis Home Page.

E-mail: Send any comments or questions to the webmaster.