Lab Security Policy: Difference between revisions

From DISI
Jump to navigation Jump to search
No edit summary
 
(33 intermediate revisions by 3 users not shown)
Line 1: Line 1:
* To access the cluster remotely you need to ssh to portal.uoft.bkslab.org using an ssh key. 
No security system is perfect: there is a tradeoff between security and ease of use.  We have tried to find a happy medium that lets you do your work in peace without too much hassleGetting hacked is a big deal, so please read this and be mindful.
** The key used to access the portal can ONLY be used between the user’s remote computer and the portal. 
** A user cannot access the cluster from the portal using a ssh key, they must use a password.   
** A user can use ssh keys to move around within the cluster, but only if they were [[How_to_generate_ssh_keys_securely | created securely]] and only used within the cluster.
** The keys used within the cluster CANNOT be used anywhere outside the cluster.   
** '''Ssh keys must be protected at all times and must never be shared with anyone, even family members or lab mates.'''
** Misuse of sshkeys is a very serious matter. Please guard your ssh key access as you would your bank account.
If you have any doubts about appropriate use of ssh keys, please ask a sysadmin.


= Q & A: =
{{TOCright}}


== Summary ==
Our security policy can be summarized as follows:


== Is it lab policy that I can have an ssh key exchange between UCSF and U of T computers? ==
  '''You can only access our cluster via ssh from a secure machine'''
Yes people can have a sshkey exchange between UCSF and UT computers (only the computers that we maintain, ie monkey.ucsf.edu should NOT have a sshkey).  You '''cannot''' have a ssh key exchange between the portal and the cluster.


== Is there any way into the cluster from home other than through the portal.uoft.bkslab.org machine? ==
What is a secure machine you may ask? Well, ...
No. Currently, there is no other way to access the cluster remotely. Ask if this is a problem for you.


== If I lose my laptop or think my account may have been hacked, what is the correct course of action? ==
"A secure machine is one that we control and can thus protect." This includes:
Send an email to access.bkslab@gmail.com immediately.  
* The portals
* Desktops we control in BH and GH.
* Your laptop, using our own VPN.
* Machines in racks we control.
No other machine is assumed secure. This includes other groups' clusters in BH and GH, the QB3 shared cluster, and connections via UCSF's VPN. To access our cluster from these or any other machines we do not treat as secure, you must use a portal or our own VPN.


== Can I copy the private key to as many computers as I like, or should I have one for each computer I want to use to access the cluster? ==
== Rules ==
You should use a different ssh key for each computer you want to use to access the cluster.   This way, if one of your computers is compromised, I only have to disable one key and you can still use your other laptop/computer.
* You don't need to use the portals if you are sitting at your desk on a secure network.
* When away from your desk, you probably must use a portal to get in.
* You can only access the portals using an ssh key that you set up in advance.
* Insecure ssh keys will be revoked without notice. [[How_to_generate_ssh_keys_securely]].
* If you think your machine might have been compromised, please let us know immediately!


== Can I use the same public/private key pair inside the cluster as I use to access the cluster?  Or should we use two different ones? ==
== Advice ==
You should use two different ones, one within the cluster and one to access the portal from outside. We will enforce this. Please don't try. It is no economy.  
* '''Ssh keys must be protected at all times and must never be shared with anyone, even family members or labmates.'''
* Use different passwords for your bank, your email, and your cluster access. If one is hacked, the damage is contained.
* If you have an account on a system that is hacked, '''please a. tell us you were hacked so we can revoke your ssh key and b. change your password asap if you think it could have been compromised.'''


== Can I use key pair exchange to allow me to log in to my colleague's account?  ==
== Conclusion ==
Thus say I am Brian, and I want to allow John to log in as me without my password, can we use ssh keys to allow this?
* Misuse of sshkeys is a very serious matter. Please guard your ssh key access as you would your bank account.
* NO. This usage is strictly forbidden and will be enforced. Brian must not accept John's public ssh key as ahn authorized_key.
* some people call ssh keys "ssl keys". It is the same thing, and ssl is arguably more correct. Nevermind.
If you have any doubts about appropriate use of ssh keys or passwords, or suggestions about how to improve security, please write the [[sysadmin]]s.


== Do I need to use the portal when I am in the lab? Elsewhere in the university? ==
== FAQ ==
No, the portal is only needed when accessing the cluster from outside "the lab". The university is a big place, and we consider most of it to be "outside"If you have questions about how the borders have been drawn, ask us.
If I lose my laptop / think my account may have been hacked, what is the correct course of action?
* Send an email to John (jir322@gmail.com), Ben (benjamin.wong@ucsf.edu || benjamin.wong@blur.compbio.ucsf.edu), and Enkhjargal (a.enkhja@blur.compbio.ucsf.edu) immediatelyWe will disable the user’s key and check the account.


We've tried to make this policy easy to understand and remember. We have tried to design something that will not be a burden. If you have suggestions on how to improve these practices, please ask us!
Can I copy the private key to as many computers as I like, or should I have one for each computer I want to use to access the cluster?
* You should have a different ssh key for every computer that you want to use to access the cluster. This is because if one of your computers gets hacked, I only have to disable one key and you can still use your other laptop/computer.


Can I use the same public/private key pair inside the cluster as I use to access the cluster?  Or should we use two different ones?
* You should use two different ones, one for inside the cluster and one out of the cluster.
Can I use key pair exchange to allow me to log in to my colleague's account, or is that a forbidden usage? 
Thus say I am Jane, and i want to allow Joe to log in as me without my password, can we use ssh keys to allow this?
*No, we definitely don't allow this.
== See Also ==
* [[Sshkey policy]]
* [[Security Q&A]]


[[Category:Internal]]
[[Category:Internal]]
[[Category:Policy]]
[[Category:Sysadmin]]

Latest revision as of 16:28, 30 June 2016

No security system is perfect: there is a tradeoff between security and ease of use. We have tried to find a happy medium that lets you do your work in peace without too much hassle. Getting hacked is a big deal, so please read this and be mindful.

Summary

Our security policy can be summarized as follows:

 You can only access our cluster via ssh from a secure machine

What is a secure machine you may ask? Well, ...

"A secure machine is one that we control and can thus protect." This includes:

  • The portals
  • Desktops we control in BH and GH.
  • Your laptop, using our own VPN.
  • Machines in racks we control.

No other machine is assumed secure. This includes other groups' clusters in BH and GH, the QB3 shared cluster, and connections via UCSF's VPN. To access our cluster from these or any other machines we do not treat as secure, you must use a portal or our own VPN.

Rules

  • You don't need to use the portals if you are sitting at your desk on a secure network.
  • When away from your desk, you probably must use a portal to get in.
  • You can only access the portals using an ssh key that you set up in advance.
  • Insecure ssh keys will be revoked without notice. How_to_generate_ssh_keys_securely.
  • If you think your machine might have been compromised, please let us know immediately!

Advice

  • Ssh keys must be protected at all times and must never be shared with anyone, even family members or labmates.
  • Use different passwords for your bank, your email, and your cluster access. If one is hacked, the damage is contained.
  • If you have an account on a system that is hacked, please a. tell us you were hacked so we can revoke your ssh key and b. change your password asap if you think it could have been compromised.

Conclusion

  • Misuse of sshkeys is a very serious matter. Please guard your ssh key access as you would your bank account.
  • some people call ssh keys "ssl keys". It is the same thing, and ssl is arguably more correct. Nevermind.

If you have any doubts about appropriate use of ssh keys or passwords, or suggestions about how to improve security, please write the sysadmins.

FAQ

If I lose my laptop / think my account may have been hacked, what is the correct course of action?

  • Send an email to John (jir322@gmail.com), Ben (benjamin.wong@ucsf.edu || benjamin.wong@blur.compbio.ucsf.edu), and Enkhjargal (a.enkhja@blur.compbio.ucsf.edu) immediately. We will disable the user’s key and check the account.

Can I copy the private key to as many computers as I like, or should I have one for each computer I want to use to access the cluster?

  • You should have a different ssh key for every computer that you want to use to access the cluster. This is because if one of your computers gets hacked, I only have to disable one key and you can still use your other laptop/computer.

Can I use the same public/private key pair inside the cluster as I use to access the cluster? Or should we use two different ones?

  • You should use two different ones, one for inside the cluster and one out of the cluster.

Can I use key pair exchange to allow me to log in to my colleague's account, or is that a forbidden usage? Thus say I am Jane, and i want to allow Joe to log in as me without my password, can we use ssh keys to allow this?

  • No, we definitely don't allow this.

See Also