Lab Security Policy: Difference between revisions

From DISI
Jump to navigation Jump to search
No edit summary
No edit summary
Line 2: Line 2:


Our security policy can be summarized as follows:
Our security policy can be summarized as follows:
> '''You can only access our cluster via ssh from a secure machine'''
 
  '''You can only access our cluster via ssh from a secure machine'''
 
What is a secure machine you may ask?  As of Monday, April 21, our answer is as follows. '''This will change in the coming months.'''
What is a secure machine you may ask?  As of Monday, April 21, our answer is as follows. '''This will change in the coming months.'''



Revision as of 13:40, 23 April 2014

No security system is perfect. There is a tradeoff between safety and ease of use. Getting hacked is a big deal. Please be mindful.

Our security policy can be summarized as follows:

 You can only access our cluster via ssh from a secure machine

What is a secure machine you may ask? As of Monday, April 21, our answer is as follows. This will change in the coming months.

  • A secure machine is one that we control and can protect. This includes:
    • The two portals are secure.
    • Desktops we control in CCBR 650, 940 and BH 501 are treated as secure. Subject to change.
    • Laptops in the lab are currently treated as secure. Subject to change.
    • No other machine is treated as secure. This includes the Sali cluster, the QB3 shared cluster, and if you connect via a VPN or ssh tunnel.
  • You can only access the portals using an ssh key.
  • You can only access the clusters from the portals using a password, never an ssh key.
  • You can use ssh keys to move around within the cluster, but only if they are secure.
  • Ssh keys must be protected at all times and must never be shared with anyone, even family members or labmates.
  • Misuse of sshkeys is a very serious matter. Please guard your ssh key access as you would your bank account.

If you have any doubts about appropriate use of ssh keys, please ask a sysadmin.

Security Q&A