Self Administered Computers
The School of Computer Science and Engineering (the School) provides a large number of wide ranging computing facilities for the use of staff and students of the School. This includes a large number of computing servers, lab workstations, personal workstations, and a large number of devices to support a peripheral and networking infrastructure.
Most of these computers and devices on the CSE network are installed, maintained, and administered by the School's Computing Support Group (CSG). However, the School needs to maximise the number of such systems made available to its user population, while minimising the number of people employed in the CSG to support such systems. To do this, two simplifying decisions have been made:
- The range and variety of software and hardware systems provided and administered by the CSG needs to be restricted to the smallest subset of such systems that can meet the needs of the largest number of the users (or groups of users) within the School. In practice, this means that the CSG is charged with defining and providing the fewest number of systems that can cater to our three primary groups of users: students, academics, and administative staff.
- In order to make the administration of these systems as simple and as practical as possible, these software and hardware systems need to be kept under the full control of the CSG where possible. This generally means restricting system root or administrative access to members of the CSG and to noone else.1;
Nonetheless, some staff and postgraduate students have particular research interests or needs that cannot be met by the general systems provided by the CSG, and who require specific or special software or hardware systems to meet these needs. In general, these staff and/or students will require root or administrative access to these special systems, so that they can install, maintain or administer these software or hardware systems as they see fit. The computers and/or devices hosting such special purpose software or hardware systems are called Self-administered Computers, as they are not considered the responsibility to the CSG to install, maintain or administer.
The responsibility for the installation, maintenance and security of such self-administered computer systems (and of the data held on them), lies entirely with the user (or users) with root or administrative access to such systems. In addition, before such self-administered computers or devices are permitted to have a permanent connection to the CSE network, the CSG requires that these self-administered systems do not behave in ways that interfere with the operation of other computers or systems, either within the School or externally.
This document describes the resources provided by the CSG to those who self-administer their computers, and sets out the requirements laid out by CSE Security Committee's policy on self-maintained computers that these computers and/or devices must satisfy in order to be connected to the CSE infrastructure.
Who This Policy Applies To
This policy applies to all staff and postgraduate students who want to connect to the CSE network, a computer or networked device to which the CSG does not have root access or administrative privileges. It is also recommended that any user who connect to the CSE network via the wireless or dial-up subnets also read this policy and implement, at minimum, the advice on security in the section on Securing computers within CSE
Who Maintains This Policy
The CSE Security Committee.
Concepts and Definitions
The School recognises the following classes of computer:
- School computers:
- Computers (and associated hardware such as printers, monitors and keyboards) which are purchased using the School's Operating Funds.
- Non-school computers:
- Computers (and associated hardware) purchased using research grants or work/study-related funds other than the School's Operating Funds. These computers still remain a `school asset'.
- Private computers:
- Computers purchased from other funds, often paid for by individual academics or students.
- Virtual computers:
- Computers created by such tools as VMware. They have no physical existence but otherwise behave in the same way as real computer hardware. It is possible for a self-administered computer to run a CSG-administered Virtual computer, or for a CSG-administered computer to run a self-administered Virtual computer.
The Owner is responsible for the presence and operation of that computer on the School's network. The CSG owns all School computers and CSG-administered Virtual computers. All other computers (Non-school and Private computers and non-CSG-administered Virtual computers) must be owned by a person who is accountable for the computer and who the CSG and others can contact regarding that computer. Non-school and Private computers are owned by the person who provided or authorised funds for their purchase. Virtual computers are owned by the owner of the computer running the tool that created them. A person may own more than one computer.
The Primary User of a computer will either be the owner, or a person nominated by the owner to whom the computer has been allocated for use on a day-to-day basis. The CSG will ordinarily deal with the primary user (henceforth referred to as the User), however the owner is finally responsible for all issues pertaining to the computer.
Administrative Access: Any computer on the School's network is either CSG-administered or is self-administered. That is, either the CSG or the user has administrative access to the computer. Administrative access confers the ability to perform actions such as: reconfiguring the operating system; installing software or modify files not owned by the user (unless specifically granted access by the owner or by an administrator); affecting the operating environment of users other than themselves; and changing or installing device drivers and modifying the hardware configuration (except for optional or removable components such as external USB or serial devices).
Software support consists of:
- the installation of one or more separately bootable operating systems on the one computer.
- the configuration of the operating systems to allow (at a minimum): connection to the School's Ethernet or wireless networks; use of the School's WWW and FTP proxies; use of the School's printers; sending and receiving email through the School's email system; and the access of the user's home directories on a CSG-administered computer.
- the maintenance of a standard single-boot CSG-installed operating system.2
Hardware support consists of repair or maintenance of a computer or its component parts (including keyboard, video display and mouse), as covered under the warranty agreement, when these break or fail to perform their expected function.
CSG administration of a computer
A computer is deemed to be CSG-administered when its operating system has been installed and configured by a member of the CSG, and administrative access to the computer is restricted to the CSG (ie: only CSG staff have legitimate root or administrator access to the computer). CSG-administered computers have locking or sealing mechanisms to prevent them from being opened and their BIOS and hardware removed or tampered with.
When the CSG administers a computer they ensure that the computer is operational and usable. This means that one of the School's standard operating systems is available on the computer and that standard applications are also available. The operating system and the applications will run and operate correctly; a user on the computer will have reliable access to School network resources such as printers and their home directory; and they will be able to access the Internet.
Any problem or failures during the expected life of the computer will be resolved or repaired by the CSG.
For School computers the CSG will undertake any repairs or upgrades to ensure the computer will operate satisfactorily. For Non-school or Private computers the owner is responsible for any repairs and upgrades.
While being administered by the CSG all aspects and configuration of the computer, the operating system, and any installed applications which can affect the usability of the computer are under the sole control of the CSG. This includes hardware configuration (excepting removable devices such as USB devices), network configuration, installed application software (where such software requires administrative privileges to install).
Users of CSG-administered computers can request configuration changes to those computers. Where practical, and in particular, where such changes are either shown to be of benefit to, or are necessary for, the majority of users, such requests will normally be honoured.
Self-administration of a computer
Administrative access includes `root' (Unix/Linux) and `administrator' (Windows) privileges. Since access to the inside of a computer can often allow administrative access to be achieved, internal physical access is also considered to be a form of administrative access.
A computer is considered to be self-administered (that is, not CSG-administered) when any user other than CSG staff has available, gains or uses administrative access to that computer.
By self-administering a computer, the user takes responsibility for ensuring that the computer is usable for its intended purpose. This includes providing support, updating configurations, upgrading software, ensuring the computer is as secure as possible from internal and external threats, installing the latest security patches and anti-virus updates, and diagnosing problems. The user also takes responsibility for a number of services that the CSG normally provides, such as backups. See the section on Responsibilities of the User for more detail.
Before being initially connected to the School's network, or after any Operating System installation, a member of the CSG may have to conduct a security audit of the self-administered computer.
Gaining and relinquishing self-administration
A user must have the consent of the owner to gain administrative access to a computer. If the user is a student then they must also have the consent of their supervisor. An email from the owner (and supervisor if applicable), affirming their consent, must be copied to the CSG via System Support (or ss). The CSG must also be informed of any proposed changes to the computer that affect its connection to the School's network, for instance the installation of a new interface or operating system.
An owner may relinquish the administrative access of a user at any time and request the computer become CSG-administered. The CSG will then reformat the hard disk (obliterating all data), reinstall a standard operating system and applications onto the computer, and seal the computer. It is up to the user to retrieve any data they require off the hard disk before the computer is turned over to the CSG.
Operating systems and software available for self-administered computers
The CSG can make available a standard operating system and standard applications for any self-administered computer. The standard operating systems include the Debian and Redhat distributions of Linux, Windows NT 4.0 and Windows 2000, and Mac OS-9 and OS-X. Standard applications typically include compilers, editors, database systems, office products (spreadsheets, word-processors, etc.), WWW browsers, email clients and virus checkers. This list of applications varies with different operating systems.
Some of this software is also available for other computers (such as Personal computers), depending on licensing restrictions. Otherwise, procuring, licensing, installing and configuring software on self-administered computers is the responsibility of the owner.
CSG Support of self-administered computers
In general, the owners of self-administered computers are primarily responsible for all aspects of the installation, configuration, and maintenence of their computers. The CSG may be called upon (as a resource of the school) to help the owner with problems, but the CSG is not in any way obliged to provide any help. Any help that is provided will depend heavily on the nature of the problem and on CSG's other priorities. The CSG has many responsibilities and few resources, and it may be that the only support that the CSG can reasonably offer is to reformat the hard disk and reinstall the operating system.
The CSG will ensure that access to CSE infrastructure is available for correctly configured self-administered computers. This includes access to the network, to printers and to home directories on CSG-administered servers.
For School computers, the CSG will ensure that the computer hardware is operational and will repair or replace such computers which fail or break as a result of ordinary usage during the expected lifetime of the computers.
Hardware problems for other computers are the responsibility of the owner. The CSG will rarely be able to assist.
Responsibilities of self-administrators
When gaining administrative access to a computer the user takes on responsibility for tasks normally performed by the CSG. This includes, but is not limited to:
- Complying with School and University rules and policies regarding use of computers.
- Installing and configuring the operating system and application software. This covers all aspects of the system: for instance, creating printer configuration files and ensuring root mail is sent to the user rather than to firstname.lastname@example.org.
- Maintaining and upgrading software. The CSG strongly recommends users join the appropriate mailing lists so they will be apprised of news and alerts concerning their software. Many software distributions have (semi-)automated update mechanisms; these are particularly useful for getting security updates for software.
- Ensuring data and work stored on the self-administered computers and/or external storage media is backed up. The CSG will continue to back up the user's home directories on CSG-administered servers.
- Securing the computer and monitoring and maintaining the security of the computer. This is covered in more detail in the Appendix under the section on Securing computers within CSE
Securing computers and devices within CSE
RationaleSecurity of CSE computers is required for a number of reasons:
- Legislative Compliance:
- There are various laws and regulations relating to the use, storage, interception, and transmission of various types of data and/or information within the University and Australia. The school is required to ensure that its computers and network infrastructure are secured in such a way that they are not used, either directly or indirectly, to contravene any of these laws and regulations or for any criminal purpose.
- Effective use of shared resources:
- The School's computing infrastructure, the campus-wide network, and the Internet beyond, is a collection of shared resources. The effective use of these resources depends on a high degree of co-operative responsibility taken by all users of these resources. Anything that impinges upon the fair use of, or access to, these resources by others is a Bad Thing and much of the security infrastructre is about preventing the misuse of, or denial of access to, these shared resources, whether such actions are intentional or not.
- To maintain the Good Name of the School and University:
- The School of Computer Science and Engineering and the University of New South Wales are held in high regard nationally and internationally. Our continued success as a leading educational and research institute depends on, inter alia, maintaining that high regard. Any activity that reflects poorly on our good name is of itself a Bad Thing.
Fundamental security measures
Most illegal or antisocial activity is instigated by unauthorised users who gain access to the computer or device by exploiting known or potential vulnerabilities in the device or in the systems running on that device. The following security measures will help reduce such exploits and attacks:
- Restricting Physical Access:
- Preventing the devices from being stolen or being opened; having their BIOS or hardware tampered with or removed; or allowing the computer or device to be booted from a floppy or other removeable (and uncontrolled) device.
- Proper Software Selection and Configuration:
- Selecting software and configuration options with security being a primary concern; Installing software from known and trusted sources; Choosing and configuring secure system passwords and permissions for all installed software systems.
- Enabling only essential services:
- This reduces the number of systems or services that can be attacked. Most computers only need to accept SSH connections for satisfactory use. Listening for other connections (NFS, ftp, WWW, etc) increases the number of vulnerabilities that might be exposed and exploited. As a general principle, turn off all services; then only turn on those services that are found to be essential.
- Keeping software current:
Staying up to date with, and installing:
- New versions of software which often patch or fix security vulnerabilities (as well as add new features);
- The latest virus signatures and security updates.
- Eternal Vigilence:
- Monitoring system security is essential. This will vary from system to system, but will include making sure that monitoring tools are running and checking reports and logs from those tools and from other system services.
A compromised computer often provides a more secure and trusted platform from which further attacks may be made on other computers. Thus the security of the whole computer system and network can depend on the security of its weakest member, which is why it is particularly important that all computers and devices within CSE (including self-administered computers and devices) be kept as secure as possible.
Basic steps to securing a computer
The following tips are the bare minimum security maintenance steps that users are expected to take to help protect their computers against compromise. It is also expected that users configure any servers or services that they are running correctly, and with security in mind, but this is too large and wide a topic to be covered here.
- All Platforms:
- Install a good firewall and configure it to block all privileged ports except for essential services. If you don't know what something is doing, it probably isn't essential
- Most Windows and Mac users don't run servers on their computers and therefore don't need to keep ports open; *nix users usually run SSHd
- You do not need to keep privileged ports open at your end in order to access websites, instant messaging or other aspects of the internet.
- Ensure Windows Update is set to automatically install Critical Updates
- Ensure your antivirus definitions are current and being automatically updated, for instance enable Symantec LiveUpdate.
- Ensure that Software Update checks for updates daily from http://www.apple.com/support/downloads/
Breaches of Security
As part of its charter to prevent, detect, monitor, and remedy, any illegal or antisocial behaviours that either: contravene laws, prevent or restrict the effective use of shared resources, or that besmirch the good name of the School or University, the CSG regularly runs security scans of computers on the network, constantly monitors CSE network traffic, and responds to reports from ITS and external parties regarding traffic entering or exiting the CSE network.
Traffic and/or behaviour that will trigger action by CSG include:
- Denial of Service attacks;
- Port scanning;
- Packet sniffing;
- The creation or intentional dissemination of viruses, worms, trojans, or other malware 3;
- The storage, transmission or distribution of restricted or copyrighted material (eg: porn, video, or music);
This includes traffic generated from computers connected to CSE via dialup, wireless or other remote connections as well as ethernet. If traffic from a host is deemed undesirable, whether indicative of a compromise, malice or misconfiguration, then the CSG will generally:
- Disconnect the host from the network
- Disable network access permissions as required or necessary
- Email the recorded owner of the host, and the user (if known), about the incident.
If the computer is self-administered then the owner is subject to the Three Strikes Policy
When a member of the School is responsible for this antisocial behaviour they will be subject to the University's disciplinary proceedings as well as any criminal codes that might apply.
Three Strikes Policy
The Three Strikes Policy applies whenever a self-administered computer or network device that either belongs to CSE, or that is connected to the CSE network, is detected engaging in any of the antisocial or illegal behaviour outlined under the Section on Security.
As soon as such antisocial or illegal behaviour is reported or detected:
- The computer or device responsible is (usually) isolated from the network
- An email is sent by ss to the owner(s) and administrator(s) of the computer or device explaining the situation;
- A strike is applied against the owner(s) and administrator(s) of the computer or device.
These strikes accumulate, and determine the number of steps and the severity of the actions required to be taken by the owner and/or administrator before the computer or device is permitted to be reconnected to the CSE network.
- Strike 1:
- The computer or device will not be re-connected to the CSE network until the administrator has indicated that they have sensibly dealt with the issue.
- Strike 2:
The computer will not be re-connected until the
administrator has assured the CSG that they have removed the
exploit or infection and taken steps to prevent a similar
compromise. Typically this assurance will take the form of a
detailed email sent to System Support stating exactly what
steps were taken, and why. For instance, the
self-administrator will have to have done some (if not all)
of the following:
- Used an appropriate tool (such as Norton on Windows computers);
- Found, identified, and removed one or more pieces of malware3;
- Found and fixed bugs or errors in their scripts, programs, or configuration;
- Loaded appropriate security patches for the operating system;
- Updated virus signatures and security patches;
- Put systems in place that monitor the system, and update patches as they are released.
- Strike 3:
The third incident will lead to permanent disconnection until the computer or device has been completely and demonstrably reset.
In the case of a computer for instance, the hard disk will need to be reformatted, and the operating system reinstalled from scratch, with all the most recent security patches and software installed and operational. System Support will usually need to witness some or all of these steps.
In some cases, the CSG may be able to assist with saving data to a backup device while the disk is being rebuilt. We might also be able to provide disk-wiping tools, or installation disks (eg: MSDN-AA). However, such assistance will probably require that the computer be on-campus.
In extreme circumstances, appeals for less drastic action can be made to the School's IT Manager, to the Chair of the School's Computing Committee, or to the Head of School. However, none of these channels are likely to be sympathetic.
Where possible, the CSG will deal with breaches of security internally, and within the School. However, depending on the nature and extent of the damage and/or illegal activity, other agents within or external to the University may have to become involved.
- Although it might be possible for the CSG to confer to a select subset of non-CSG users, temporary administrative rights over some systems, this will usually be at the discretion of the CSG, and under their full control.
- The CSG may assist in the installation of multi-boot systems but will not subsequently support them.
- ... malware3
- Malware is the common term for ``malicious software'', software intended to damage a computer system or disrupt use of a computer system (including corrupting or stealing information).