|
|
**** Computation center news bulletin #3 - Security issues ****
I would like to put your attention to some security issues and why they are
important.
Our system is part of a Israeli wide network (which will become a world-
wide network in the future). In such a large network, there are more than
a few of hackers who try to penetrate into other systems. If you don't
keep your account secured, intruders might enter it and make damage to you
and to the system. I'll first describe the simple measures you should take
to make your account secure and then describe why they are needed.
Security measures:
1. Never use a password which is the same as your username, your name, or
something close. People use the PHONE and FINGER commands from remote
systems to see who works on the system and what is his/her full name.
They then try to login using passwords which are close to your username
or full name, and I saw cases where they succeeded.
2. The system forces you to change the password once every two months. This
is not intended to make you nervous. It's sole intent is that in case
someone got your password (saw it written, stood behind you when you
entered it, etc) he won't be able to use it for a long period.
3. Never leave your terminal logged-in and go away (and two days ago one
user did it and somone came and played with his account). If your
session got stuck due to some reason, hit SHIFT+CONTROL+6 or hit the
BREAK key. You should get the Bridge prompt, and then hit DC (DisConnect)
and watch for a message telling you that you were disconnected (it might
take up to several seconds).
4. Never give your password to someone else. If you want to share files with
other users, there are better ways for it. Call the consultants for more
details.
Now, you may ask why it is important to keep your account secure; you may
say that if someone is playing with your account it is your own problem.
Before I explain why this is not true, I'll give one reason to people who
do not beleive in security: Each user has signed a form in order to get his
account. This form makes you personally charged for any activity that has
been done in your account, and it doesn't matter whether you did it personally
or not. Hence, you will be held responsilble for the hacker's dids...
And the real reasons:
1. The hacker might change your own files. You might find it too late, and
even all the backup copies will be the modified ones.
2. Some users give access to other users to their files because they need it
for their work. This way you may damage others' files, even if the other
user kept his account secured.
3. When the hacker has a direct access to the local system he has much more
oppurtunites to look for breaches than when he has only remote access.
__Yehavi:
|
