Lab Security Policy: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
No security system is perfect. There is a tradeoff between | No security system is perfect. There is a tradeoff between security and ease of use and we have tried to find a way to let you do your work in peace. Getting hacked is a big deal. Please be mindful. | ||
Our security policy can be summarized as follows: | Our security policy can be summarized as follows: | ||
| Line 14: | Line 14: | ||
* You can only access the portals using an ssh key. | * You can only access the portals using an ssh key. | ||
* Use different passwords for your bank, your email, and your cluster access. If one is hacked, the damage is contained. | |||
* If you have an account on a system that is hacked, '''please a. tell us you were hacked and b. change your password asap if you think it could have been compromised.''' | |||
* You can only access the clusters from the portals using a password, never an ssh key. | * You can only access the clusters from the portals using a password, never an ssh key. | ||
* You can use ssh keys to move around within the cluster, but only if they are [[How_to_generate_ssh_keys_securely | secure]]. | * You can use ssh keys to move around within the cluster, but only if they are [[How_to_generate_ssh_keys_securely | secure]]. | ||
Revision as of 15:19, 23 April 2014
No security system is perfect. There is a tradeoff between security and ease of use and we have tried to find a way to let you do your work in peace. Getting hacked is a big deal. Please be mindful.
Our security policy can be summarized as follows:
You can only access our cluster via ssh from a secure machine
What is a secure machine you may ask? As of Monday, April 21, our answer is as follows. This will change in the coming months.
- A secure machine is one that we control and can protect, as follows:
- The two portals are secure.
- Desktops we control in CCBR 650, 940 and BH 501 are treated as secure. Subject to change.
- Laptops in the lab are currently treated as secure. Subject to change.
- No other machine is treated as secure. This includes the Sali cluster, the QB3 shared cluster, and if you connect via a VPN or ssh tunnel.
- You can only access the portals using an ssh key.
- Use different passwords for your bank, your email, and your cluster access. If one is hacked, the damage is contained.
- If you have an account on a system that is hacked, please a. tell us you were hacked and b. change your password asap if you think it could have been compromised.
- You can only access the clusters from the portals using a password, never an ssh key.
- You can use ssh keys to move around within the cluster, but only if they are secure.
- Ssh keys must be protected at all times and must never be shared with anyone, even family members or labmates.
- Misuse of sshkeys is a very serious matter. Please guard your ssh key access as you would your bank account.
If you have any doubts about appropriate use of ssh keys, please ask a sysadmin.