security.html 2.95 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
<center>
<h1>
    Security Issues
</h1>
</center>

Here is a brief rundown of some important security issues you should
be aware of. 

<h3>Cookies</h3>

<p>
To enhance operation and security, we make use of a "Cookie" that
holds your login name. Therefor, you will need to enable cookies on
your browser. Please contact us if you have questions about how to do
that in your browser.

<h3>SSL</h3>

<p>
To protect data you submit, SSL is used to encrypt data as it
is transferred accross the Internet. Therefore, you will need to
access these pages with a browser that supports SSL.  We recommend
24 25 26 27 28 29
Netscape 4.0 or later, or presumably a recent IE.

<p>
When you first visit Emulab, you might be asked if you want to accept
the <i>server certificate</i>. Be sure to accept it!

30 31 32 33

<h3>SSH</h3>

We require all users to use Secure Shell (SSH) to log into Emulab
34 35 36
nodes.


37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
<h3>Email Addresses</h3>

<p>
We require all Emulab users to provided current, non-pseudonymic email
addresses. Redirections and anonymous email addresses are not allowed.


<h3>Passwords</h3>

<p>
We employ a password checking library to prevent users from choosing
passwords that could be guessed by the "Crack" library. A few basic
rules are that standard english dictionary words are not permitted, as
well as anything deemed too short or easily guessable. 

52 53
<h3>Firewalling</h3>

54 55 56 57 58 59 60
<p>
Emulab blocks all of the <i>low numbered</i> ports (ports below 1024), with the
exception of ports 20 and 21 (FTP), 22 (Secure Shell), and 80 (HTTP). This is
for the protection of experimentors, as well as to ensure that an errant
application cannot become the source of a Denial of Service attack to sites
outside of Emulab. If your application requires external access to other low
numbered ports, please contact us to make special arrangements.
61

62 63 64 65 66 67 68
<p>
Emulab also prevents machines from using IP and MAC addresses other than their
own on the control net. The control net router blocks all traffic not
originating from the proper subnet, both to prevent IP spoofing and to prevent
experimental traffic from accidentally making it to the 'real world' (say,
through routing misconfiguration.) These restrictions are not present on the
experimental net.
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87

<h3>Accounts</h3>

<p>
We make use of Unix user and group mechansisms to provide protection
between users and projects. Each new user gets a new Unix UID, and
each new project gets a new Unix GID. Users are members of the Unix
groups that correspond to each of the projects they are working on,
and thus may share files with other members of those projects. The
default directory permissions are set so that project files are not
readable by members of other projects.

<p>
Each project gets its own directory hierachy (again, protected by the
Unix group mechanism) that is NFS-exported only to that project's
assigned test machines.  We don't currently protect against spoofing
on the control network, so there are vulnerabilities.  The test
networks are fully separated between experiments by way of VLANs.

88