In English Suomeksi

Personal server software in the CS Department network

Users can fairly easily set up their own services in the CS Department's Linux network by installing and manually starting the server software. In some cases, the department maintenance team supports this (CGI scripts, servlets and databases on the db.cs.helsinki.fi server). It is also often required for exercises and project work that are a part of courses.

However, when setting up services, you should take into consideration that server software is seldom (if ever) fully harmless. The purpose of this page is to consider issues that are not directly related to the technology but that you should be aware of when setting up services.

Security

Every server and all server software constitutes a security risk. To date, security problems have been discovered and will probably be discovered in most internet server software in general use. If very experienced and skilled programmers have not been able to eliminate all security risks in their software, this can surely also happen to a first-year student implementing his first web-based exercise project. This is why server software cannot just be left on its own without regular maintenance.

Please keep in mind that, even though you yourself might not have anything to protect or any important files, other users surely do. Acquiring someone's security credentials is often the first step towards breaking into the system's administration ID, and it is also a useful intermediate step for attacking further into the system.

Though the firewalls of the university and the department protect the department network from outside attackers (to some degree), they cannot protect against the department's own users. There are thousands of valid user IDs at the department; even though the majority of their owners are doubtless honest people, there may be one or two users who would not hesitate to make use of any lack in security. It is also possible that a user ID has leaked to some outside entity.

The default configuration of server software is often very trusting; by default, the Postgres database software creates a new empty database so that anyone with a user ID for the server running the database can access the database as its administrator (this is not true for the wanna-postgres script implemented by the department's maintenance team). In the case of Postgres, this is a documented and often useful feature that certainly makes the administration of the database much easier (users don't have to remember passwords), but it is a reminder that unfortunately, usability and security are often conflicting features, which seldom appear together. When usability and security are in conflict at the department, security usually wins.

This is why we have tried to concentrate the users' own services to the db.cs.helsinki.fi server, which is under the special supervision of maintenance and has a configuration that limits the effects of any security breach on a server set up by a user.

If you discover or hear about some security risk in the department network, please let the maintenance team know about it immediately. Though the maintenance team actively follows security issues, we are only human beings and cannot know or notice everything.

Limited resources

The software requires resources of the operating system and hardware, and these resources are limited. There are hardly any restrictions on user process resources used in the department systems, and there is not much interest in starting to restrict them. Because the department's general servers have many users, you have to make sure that your own server process does not use up all the memory or other system resources (open files, open connections, disk space etc). Using up all the memory and then filling up the process table is an easy and surefire way to bring the Linux server into a state of autism. If the need can be well justified, separate hardware can be obtained.

How do I proceed?

• Preferably use the software already installed at the department. The maintenance team has installed different software for building web services on the db.cs.helsinki.fi server (a web server supported by the CGI script, the PHP scripting language, Postgres and Mysql, plus a Java servlet environment).
• Close down unnecessary services.
• Close your own server processes when you don't need them.
• Remove extra CGI and PHP scripts, or at least disable them.
• If you want to set up servers with other software than the ones already installed, please ask the maintenance team for advice.
• Even if you know exactly what you are doing, the maintenance team will want to know exactly what servers and software have been used in the department's network. So tell the maintenance team what you are going to do before you do it.

How does the maintenance team work?

The maintenance team has the right to close down suspicious services before asking any questions. The following will certainly be closed down:

• Services with obvious or well-known security risks, or which can be suspected for security breaches in the past.
• Processes that use up so much resources (memory, processing time etc) that they interfere with system use.

Depending on the situation, we may close down or ask the process owner to close down processes that:

• function as servers, but we don't know what they do
• don't do anything
• are stuck
• the owner has forgotten to close down