Helsingin yliopisto Tietojenkäsittelytieteen laitos
 

Tietojenkäsittelytieteen laitos

Tietoa laitoksesta:

 

In English Suomeksi

Personal server software in the CS Department network

Users can fairly easily set up their own services in the CS Department's Linux network by installing and manually starting the server software. In some cases, the department maintenance team supports this (CGI scripts, servlets and databases on the db.cs.helsinki.fi server). It is also often required for exercises and project work that are a part of courses.

However, when setting up services, you should take into consideration that server software is seldom (if ever) fully harmless. The purpose of this page is to consider issues that are not directly related to the technology but that you should be aware of when setting up services.

Security

Every server and all server software constitutes a security risk. To date, security problems have been discovered and will probably be discovered in most internet server software in general use. If very experienced and skilled programmers have not been able to eliminate all security risks in their software, this can surely also happen to a first-year student implementing his first web-based exercise project. This is why server software cannot just be left on its own without regular maintenance.

Please keep in mind that, even though you yourself might not have anything to protect or any important files, other users surely do. Acquiring someone's security credentials is often the first step towards breaking into the system's administration ID, and it is also a useful intermediate step for attacking further into the system.

Though the firewalls of the university and the department protect the department network from outside attackers (to some degree), they cannot protect against the department's own users. There are thousands of valid user IDs at the department; even though the majority of their owners are doubtless honest people, there may be one or two users who would not hesitate to make use of any lack in security. It is also possible that a user ID has leaked to some outside entity.

The default configuration of server software is often very trusting; by default, the Postgres database software creates a new empty database so that anyone with a user ID for the server running the database can access the database as its administrator (this is not true for the wanna-postgres script implemented by the department's maintenance team). In the case of Postgres, this is a documented and often useful feature that certainly makes the administration of the database much easier (users don't have to remember passwords), but it is a reminder that unfortunately, usability and security are often conflicting features, which seldom appear together. When usability and security are in conflict at the department, security usually wins.

This is why we have tried to concentrate the users' own services to the db.cs.helsinki.fi server, which is under the special supervision of maintenance and has a configuration that limits the effects of any security breach on a server set up by a user.

If you discover or hear about some security risk in the department network, please let the maintenance team know about it immediately. Though the maintenance team actively follows security issues, we are only human beings and cannot know or notice everything.

Limited resources

The software requires resources of the operating system and hardware, and these resources are limited. There are hardly any restrictions on user process resources used in the department systems, and there is not much interest in starting to restrict them. Because the department's general servers have many users, you have to make sure that your own server process does not use up all the memory or other system resources (open files, open connections, disk space etc). Using up all the memory and then filling up the process table is an easy and surefire way to bring the Linux server into a state of autism. If the need can be well justified, separate hardware can be obtained.

How do I proceed?

How does the maintenance team work?

The maintenance team has the right to close down suspicious services before asking any questions. The following will certainly be closed down:

Depending on the situation, we may close down or ask the process owner to close down processes that:


itsupport@cs.helsinki.fi