|
Grex > Coop > #34: Cyberspace Communications and Grexserver security |  |
|
| Author |
Message |
maus
|
|
Cyberspace Communications and Grexserver security
| 
Jul 26 00:52 UTC 2007 |
In light of recent abusive actions, what are the main security goals of
Cyberspace Communications and the staff of Grex server? We have
primarily seen attacks attempting to compromise the availability or
usability of resources, ranging from access to the usability of the
forums and email. Security is typically looked at in terms of
confidentiality (keeping an adversary from learning a secret), integrity
(making sure something is not changed without permission) and
availability (assuring that a resource is there when you expect it to
be) and the prevention of being used to attack the security of others.
If we have no security goals at all, why not just post the root password
on the web page and put everyone into wheel group? (For the humour
impaired like myself, that was not a real suggestion). In order to
effectively and reasonably defend the security of our asset (Grex
server), we need to define the asset and resources that it provides, and
decide what we are trying to protect about it. If we do not care about
secrecy, we do not need to read-protect files, do not need to use
cryptography. If we do not care about integrity, why write-lock files or
use check-sums or cryptography? If we are not concerned with
availability, we should not take backups or pursue the perpetrators of
DOS attacks or consider redundant storage or have any files schg. If we
have no real security concerns, then we can make our lives much easier
and let staff have some time off (just put the root password on the
webpage and let everyone volunteer to help manage the server).
-maus
|
| 68 responses total. |
cmcgee
|
|
response 1 of 68:
|
Jul 26 01:47 UTC 2007 |
*laugh* OK maus, even we humor-impaired folks can see your point.
Since STeve hasn't had time I will relate my understanding of our
conversation earlier this week.
STeve essentially said that the internet ain't what it used to be, and
that goals like open access to Grex had reached its limits. If I
understood him correctly, he suggested that we implement a version of
social validation for creating new accounts on Grex.
In this case, no one could create a new account without first going
through some kind of process, which could be handled by the semi-staff.
If an account caused a problem, it could be shut off, and the offending
IP address flagged so that no new accounts could come from that address.
Anonymity would no longer be allowed at the IP address level.
This is, in his mind, the best balance we can come to in 2007, between
Grex's founding principles and the reality of the current population of
the Internet.
|
jadecat
|
|
response 2 of 68:
|
Jul 26 12:58 UTC 2007 |
I really have a problem with STeve's paranoid solution. No, the internet
isn't what it used to be- so that means we turn tail and hide our heads?
That we take what's already a slowly decreasing community and takes
steps to insure it continues to decrease?
I really don't like the direction Grex is going with this. As I
mentioned in Agora- mail was supposed to be a temporary solution- but
it's not. I don't like this idea of 'social validation' in order to get
someone to get an account.
Are we trying to kill off Grex here? Or is it simply to keep the current
group here and everyone else out?
|
cmcgee
|
|
response 3 of 68:
|
Jul 26 14:28 UTC 2007 |
I think this solution is trying to stop the "killing off Grex" that
occurred when the only way to use grex was through Backtalk.
Those of us who use ssh or telnet for anything: mail, conferencing,
unix, were totally shut out while the latest attack was going on. It
was not visible to backtalk users, but the vandal had literally shut
down Grex to the point that staff could not get in remotely to do
anything.
In my mind, that will kill off Grex faster than vetting new users. In
addition the previous vandal attack was directed at discouraging people
from using Backtalk. By flooding the conferences with the auto-posting
script, the vandal stopped all conversations on Grex for several days.
I don't see how leaving newuser open will keep Grex alive.
|
unicorn
|
|
response 4 of 68:
|
Jul 26 18:51 UTC 2007 |
#3: "but the vandal had literally shut down Grex to the point that
staff could not get in remotely to do anything."
Actually, there was a way to get in. I didn't know it at the time,
but I've learned a few things during all this abuse. One is that if
something similar should happen again, I could still get in. I wouldn't
be able to use any full-screen programs, like vim or mutt, but I could
still get things done. I could edit files with ed or ex, and read or
send mail with the old standby unix mail program. If necessary, I
could transfer files to my own computer, edit them here, and transfer
them back with rsync (scp still doesn't seem to work, though, for some
reason, or it didn't the last time I tried).
Basically, all the vandal (scholar) did was to tie up all of the ptys
(pseudo-terminals). Each time you log in through telnet or ssh, you
are connected to one of these. There are a fixed number of ptys
available, and once they're gone, further logins are rejected, at least
through telnet. ssh will still allow you to connect and run programs,
if you know how, and scholar knew how, because he was doing it. When
I managed to slip in somehow once, he was connected, but invisible.
He didn't appear when I ran the finger, w, or who commands, and the
"last" command didn't show him there, but ps did. It took me awhile
to figure that out. I saw him with ps, but I didn't recognize what I
was looking at. Someone with more experience may have figured it out
quicker, but I eventually did figure it out, and I'll know next time
(if there is a next time) what to look for.
|
keesan
|
|
response 5 of 68:
|
Jul 26 19:02 UTC 2007 |
If newuser were disabled, would it still be possible to use the conferences
via the web? How would we validate someone that did not already know someone
at grex? Vandals can exhibit rational behavior if they choose to.
|
remmers
|
|
response 6 of 68:
|
Jul 26 19:05 UTC 2007 |
I don't see how closing newuser will help, either, unless and until we
have an alternative *in place* and *ready to deploy*. Otherwise, past
history suggests that we'll repeat the story of mail access and outgoing
internet - we hastily shut it off for new users, throw around some ideas
about putting a system in place for people to request it - and then
nothing happens for *months and months*, and still hasn't as far as I
can see.
The incidents that led to this discussion seem somewhat isolated to me.
I don't think we're dealing with an emergency situation that calls for a
sky-is-falling response. Let's leave newuser open for now while we
discuss what kind of a system might replace it. If we reach a consensus
on what we want, *and* have it ready to go, then we can put changes in
place.
(Resp:4 and resp:5 slipped in. I was responding to resp:2 and
resp:3.)
|