Security

Network Security

We have adopted a "deny by default" network security stance. Please let us know if you have specific access needs beyond surfing, checking e-mail, downloading files from other sites, etc.

Macintosh

1. If your Mac doesn't need to share files to other computers, turn off File Sharing. If you need help with this procedure, e-mail Scott ( ).
2. Turn off Web sharing on newer Macs. You don't need it. If you want to publish web pages, ask Scott for space (conditions may apply). Do not use Web Sharing on the Mac.
3. If your Mac is on the network, it must have anti-viral software. We will install it for you. While Macs are less susceptible to virii and worms, they are susceptible to macro virii (Word, Excel, PowerPoint, etc.) and can even act as carriers. Don't get a bad name with your correspondents: have us install antiviral software and enjoy the moral high ground!

Windows

Windows security is an oxymoron, but you can do things to help yourself.

1. If you do not need to share files or printers from your computer, turn it off in the Networking Control Panel. This eliminates the worst of the problems. If you need to share files, consult with Scott on how best to configure your share so only your intended collaborators have access.
2. If your computer is on the network, it must have anti-viral software. We can install it for you. Windows boxes are susceptible to some of the most virulent and destructive virii, worms, Trojan horses, etc. ever developed. These worms can span the globe in a single day (remember Anna Kournikova?)! Don't get a bad name with your correspondents: have us install antiviral software and enjoy the moral high ground!

Linux/AIX/Solaris/IRIX/OpenBSD/other UNIX flavour

1. Have the firewall rules reviewed so that people external to the Dept. have only the access you intended (see Larry or Scott). Really consider if the service you're running is necessary (Web, FTP, e-mail, etc). Remember, many of those services can be hosted on the Dept'l servers, and you can relax and exjoy the maximum performance of your server or workstation.
2. Turn off everything in /etc/inetd.conf (or /etc/xinetd.conf) that is unnecessary. Replace those that are (telnet, rlogin, etc?) with secure versions (ssh).
3. Ask Scott to review the patch levels of your OS and software to determine if the known security holes for your system are patched.
4. Ask Scott to configure your box to send logs to the log server. We have software running on the log server that allows us to know when suspicious activity is occuring. If your box is sending its syslog messages to our log server, we'll know what's happening to your box in real time.
5. If you don't need NFS, don't run it. The same is true of automounting, RPC, sendmail, etc. Yeah, this is similar to #2. But it is that important!