Computer Systems Security
Because of the nature of the research done at the Martinos Center,
keeping security in mind is of utmost importance. All users should
have a good understanding of the basic issues involved with
account security, network security and data security.
Account Security
The first rule of computing systems security is:
NEVER SHARE YOUR PASSWORD WITH ANYONE
This means others in your research group, your family and even
the administrators in the IT Support Group. Occasionally in the latter
case you may need an administrator to debug things with your account.
In this case you should reset your password to a temporary password
and share it only in person or by phone,
NEVER BY EMAIL.
Every unique person using the computing systems at the Martinos
Center needs to have their own account. This is very easy to get
using the Account Request Form.
Other "best practices" include:
- Setup your screensavers to lock your desktops
- Change your password every six months or less
- Use a different password at the Center than you do at
other locations to minimize the damage if one gets compromised
It is important to note that if a malicious individual gains access
to your account, it is more than your files on our systems that become
exposed. Most likely they have write access to your group's files and
the typical default is read access to all other accounts. Also, anyone
who can get any kind of login on a computer then has many more vectors
of exploitation to attempt in their hacker toolbox.
Malicious Email: Trojans and Phishing Scams
We often get questions from users wondering whether a suspicious
piece of email is a scam of some sort. It nearly always is, which
means your intuition about strange email from unknown addresses is
usually correct. The most common scams involve asking you to open
an attachment of some sort (this is a way of getting you to execute
a
"trojan horse" program which will try to take over your computer)
or to send private information about an account you may have, either on a
computer, or with an online retailer or bank. We try to block these
emails before they reach you, but it is not possible for us to filter
out all of them.
NMR staff will NEVER ask you for your password via
an E-mail message. Anyone who does this or asks for any personal
information is trying to perpetrate a crime
of identity theft. DO NOT RESPOND TO SUCH E-MAIL,
EVER. This form of attempted identity theft is refered to as
phishing.
The sender of the message is trying to steal your account or other
personal information
with which they can do other damage to whatever system that account
and password controls or to the rest of your life.
Any such E-mail asking for a password or personal information should be ignored.
Network Security
With the ever increasing tide of spam, viruses, worms, phish and
other scams, it is extremely important to maintain proper defenses on
all your computers whether they be workstations or laptops or running
Windows, Linux or Mac OSX. On Windows machines it is especially important
to be running an anti-virus and anti-spyware program as well as making
sure your machine is kept up to date with security patches released
by Microsoft. OSX is less of a target but running an anti-virus program
is still recommened and keeping up to date with security fixes is
still critical. The Linux systems at the Center are kept up to date
by the IT Support Group, but if you have a Linux laptop, you should
consult with the IT Support Group about how to best keep up to date.
Information on installing the McAfee anti-virus packages for Windows
can be found
here.
Data Access Security
Data Access Security concerns who has access to read and/or write
your files. For the most part, access permissions work the same
whether the files are local or mounted over a network system such as
NFS. However, the mere fact data is available over a network makes it
inherently less secure and this will be discussed in more detail
later. Even for local only data, security is related to who can login
to the computer where the data is stored, either locally or via remote
methods such as ssh or even the Web.
It is important to note that NO NETWORK ACCESSIBLE DISK SPACE in the Martinos
center is safe for HIPAA sensitive files.
Basic File Permissions
When dealing with file access security in UNIX, it is critical to
have a good understanding of the standard permission settings. These
are shown when using the -l option to the 'ls' command. For example:
$ ls -l
drwxr-xr-x 2 raines raines 4096 Oct 7 13:29 hosts
-rw-r--r-- 1 raines raines 129 Aug 16 08:44 NOTES
-rw------- 1 raines raines 798 Jan 15 2003 private
The critical access information is in the first column of 10 characters
which holds the permissions and the third and fourth columns that have a
user (aka owner) and group name respectively.
The first characters of the permission settings is the file type. Mostly
you will see either '-' for regular files or 'd' for directories. There
are other possibilities that are beyond the scope of this intro. The next
three characters are read, write and execute permissions for the owner.
The next three characters after those are read, write and execute
permissions for the group. Run the command groups to see what
groups you are in. The final three characters are read, write
and execute permissions for "other" (somtimes refered to as "world" but
this just means anyone with a login to the
system, not really anyone in the world).
An 'r' at the read permission position of any of the three categories means
that category has read access. In the example above, all categories have
read access to both the hosts directory and NOTES files while only the
owner 'raines' has read access to private file. Read access to a directory
means you can list (with 'ls') the files in it.
A 'w' at the write permission position of any of the three categories means
that category has write access. In the example above, only the owner
raines has write access to the given directory and files. Write access to a
directory means you can create new files in it and also delete files
it contains. IMPORTANT: This means the ability to delete a file
is NOT controlled by the permissions on the file itself, but by the
permissions of the directory it is in.
The execute permission position can actually have several values (besides
the '-' meaning not set). Typically it is 'x' which for files means you
can run that file as a program/script. For a directory, 'x' means you
can change directory (i.e. 'cd') into it. You may sometimes see an 's'
instead of 'x' which is an advanced feature called setuid/setgid. We
will not discuss that here but it is vitally important to group file
sharing for which I direct you to more information on our
Group Permissions page.
Local login implications
No operating system is perfectly free of security holes. If someone can
remotely login to your system and knows a security hole to exploit, they
can get root access and then have complete access to the files no matter
what the permissions settings. So if you have local data you have to keep
extremely secure, you should ask us to put user login restrictions on your
desktop so only a given set of users (maybe only you!) can login. By
default, since we are an open academic environment here with lots of cross
collaboration, new Linux boxes we setup have no user login restrictions.
Network mountable data implications
The primary method of network sharing of data in UNIX in NFS. This
makes things much less secure as each machine in the network of trust
depends on the "security" of every other machine. If someone breaks
the security of just one of the machines (we have hundreds now), then
they can bypass the file permissions. So to make any data extremely
secure, you should not share data over the network. In certain case,
we can have volumes share to a limited subset of other machines. This
step is not something we want to do in general as it significantly
adds to our administrative load. Also, though it makes things more
secure, it is not a complete solution. If just one of the machines in
the trusted subset is down, some knowledgeable hacker can bring up
their laptop with that offline machine's IP address and then be inside
the trusted group.
Because of this,
it is important to note that NO NETWORK DISK SPACE in the Martinos
center is safe for HIPAA sensitive files.
| 
