Intended audience: All UK Particle Physics users (this note does not aim to cover detailed technical measures by system managers)
The CNAP notes the dramatic increase in network attacks on computers, necessitating much effort by system managers to defend users from harm. This memorandum is addressed to all computer users, urging them to play an active part in protecting themselves and their colleagues from these threats, and working together with their system managers.
The last year saw a major growth in threats to computer and network security on the Internet. There have been several major penetrations in the Particle Physics community alone; numerous lesser penetrations caught, and most likely others that have gone undetected. System managers report a continual level of probing and attempted penetration.
All these events have to be taken seriously, defences prepared, and anomalies investigated. Some serious cases have forced the shutdown of site network connections for several days, with real consequences for work at those sites and knock-on effects at other sites.
System managers have invested considerable effort over this period, to identify and deploy more-secure methods of working. The CNAP wishes to emphasise the importance of all users playing their part in this effort, to protect themselves, their colleagues and their experiments from harm.
The use of computers and networks in the UK Academic Community is regulated not only by the Law, but also by the regulations of each University and Institute, and by the Acceptable Use Policy of the JANET network.
Where Particle Physics is somewhat unusual is that our close international collaborations lead to users holding computer accounts at several sites: their University, RAL, CERN, DESY, SLAC etc.: it also leads to projects for farming out computations amongst remote sites. These features bring special risks and threats, and prompts the CNAP to draw special attention to the responsibilities that this places on users. Carelessness on one site could deliver to an attacker the direct ability to penetrate other sites. Most computer systems have at least one unidentified vulnerability whereby an attacker, having got access as a normal user, can achieve more-privileged status.
Due to the ever-shifting nature of the threat, it would be neither helpful nor feasible for the CNAP to spell out a detailed list of rules. Rather, this Memorandum draws attention to principles, urges every user to be vigilant, to cooperate with the measures being adopted by their system managers, and above all to consult closely with system managers when setting up systems of working that represent an especial risk, such as multiple-site facilities, unattended operations etc.
The bad news is that many users may need to make some kind of change to the way they are accustomed to working, and that even the more-secure facilities are no magic bullet - vigilance is still needed. The good news is that the replacement facilities are not hard to use; some are an almost transparent drop-in for existing facilities, and some offer additional benefits.
All computer systems have points of weakness, and are capable of being penetrated by particular tricks. The Internet is infested with individuals and groups who dedicate time to locating and exploiting these tricks. Not all attacks depend initially on carelessness by a particular user; but once a computer has been penetrated, the opportunities for further mayhem depend on what users have left lying around, such as pointers to accounts on other systems and, worse, passwords for those accounts.
System managers of course try to keep abreast of the security fixes for loopholes as they are discovered, but each new discovery is a window of opportunity for the attackers, who use automated systems for scanning thousands of hosts, hunting for vulnerable systems on the network and penetrating them. These compromised systems are then used as a base of operations either for collecting passwords ("sniffing") or for attacking other systems.
Every account holder has a vital role to play both in defending themselves and their colleagues from harm, and in minimising the consequences if a penetration should be successful. No system manager, no matter how industrious, can entirely protect users from themselves and from each other; it is especially mischievous if users undermine the measures that are being adopted for their protection.
Some users are heard to remark "I have nothing worth protecting": this attitude is very dangerous. Once a accomplished attacker has access to even one user acccount, the whole system is at risk, and maybe many other systems too.
The CNAP encourages the system managers to continue their work for improving security. This Memorandum concentrates on issues that directly relate to users. It is noted that more and more users want machines that they administer themselves (Linux being of particular note): this brings additional risks.
The following items address issues that have come to particular notice.
This is not, and cannot be, a complete detailed list, nor does it cover extra measures adopted by system managers. It cannot be emphasised too strongly that careless or inconsiderate actions by one user can put an entire shared-user system at risk and, in our kind of environment, can very easily put at risk systems on other sites too. While it is neither feasible nor desirable to turn our systems into Fort Knox, and a certain level of risk must be accepted in order to get our work done, it's a truism that a chain is no stronger than its weakest link. The threat from these network vandals isn't going to go away; the CNAP urges every user to respect the duty of care which they owe to their colleagues and experiments, to remain vigilant, and to adopt safer systems of computing.