(Birgit Lewendel, 13-Aug-1998) Beginning of August we had again a hacker attack on at least two of our PCs and we should loose no time to increase the security. On 25 August 1998 the DESY computer center changes the access to all Hera-B computers with the already described measures: - Port filtering on all subnets for access from outside DESY. The subnets are closed for everything except ssh (secure shell) access. The advantage of ssh is the encryption of the password and whole session before transmission. The port filtering is done at a central DESY gateway. A reconfiguration of each computer is not necessary. You can find more information on ssh on the Hera-B computing web page. - One computer stays open for unsecure access like telnet, finger, ftp, rsh,... for users who are not able to use ssh and for mail access from outside, e.g. during conferences. This computer will be the SGI hera-b. - To minimize this security hole, a monitoring program runs on the open computer and logs each access. It is strongly recommended to all institutes to install ssh on their computers. Not only because of the DESY access but also to make the institute computers a little more secure. --------------------------------------------------------------------- (Birgit Lewendel, 29-Jul-1998) After the hacker attack at Desy mid of July 98, the Desy Director of Research requested Hera-B to copy the security system of Hermes and H1. This security system consists of: - Port filtering on all subnets for access from outside Desy. The subnets are closed for everything except ssh (secure shell) access. The advantage of ssh is the encryption of the password and whole session before transmission. The port filtering is done at the gateway of a subnet, no reconfiguration of each computer is necessary. You can find more information on ssh on the Hera-B computing page. - One computer stays open for unsecure access like telnet, finger, rsh,... for users who are not able to use ssh, because it is forbidden by law in their country (as far as I know this problem should not exist for Hera-B institutes) and for mail access from outside, e.g. during conferences. - To minimize this security hole, a monitoring program runs on the open computer and logs each access. If there are no strong arguments against it, Hera-B will install a security system in the near future.