Security
There is no firewall between the SCS network and the internet (Why?). As a result, our network gets scanned several hundred times per day. Every year, there are numerous break-ins to SCS hosts. The vast majority of these break-ins happen because of the following, mostly preventable, causes:- Unpatched software. Unpatched hosts are often quickly (meaning within minutes/hours of being placed on the network) broken into.
- Poor passwords.
- Passwords that are sent over the network unencrypted and get sniffed.
- Viruses/worms on Windows hosts.
- Poorly configured software (open shares on Windows hosts, unrestricted NFS exports, etc).
How to
- Compute securely:
- on Windows (including antivirus information)
- on Unix/Linux
- Protect yourself against internet hoaxes and scams
- Prevent adware and spyware on your SCS Facilities-supported Windows PC
- Choose good passwords
- Protect your passwords when they go over the network
- Use Kerberized telnet to login securely to Facilitized Unix hosts
- Create an ftp Kerberos instance and use it for FTP
- Use SSH for secure login, file transfer, and network connections
- WebISO authentication controls access to SCS and campus web-based services
- Configure your X server software to prevent snooping
- Deal with a Windows break-in
- Deal with a Unix/Linux break-in
Related documentation
- Kerberos
- About Kerberos and Kerberos instances in SCS.
- SCS password overview
- An overview of the various types of passwords in SCS.
Additional information
The following offsite links will open in a new browser window:
- CMU Computing Services Information Security Office
- Guidelines for secure computing at CMU
- CERT
- Security advisories and lots of good information.
- Security Focus
- Security news, and home of various mailing lists, including bugtraq archives.
- SANS Institute
- See their reading room for a large collection of security-related articles.
- Insecure.org
- The home of Nmap, along with other security-related resources, including some good lists of security tools.