Self-managed machines, particularly with firewall holes

Users of self-managed machines are reminded that School policy requires that they should make all reasonable efforts to secure those machines.  This applies particularly to those which have firewall holes.

Machines must be running a current OS version, and patching must be kept up-to-date.  If you have any services running, please make sure that you have turned off unnecessary options, and have changed all default passwords.  For example, in one recent hack to a self-managed machine a default tomcat manager account was used to install botnet modules which were then used to attack other systems.

You should not assume that just because your system is not actively advertised (e.g. in the DNS or through links on the web) that it won’t be found.  On the contrary, scanning is widespread.  Our own logs show that any IP address, even one which has never been used for externally-visible machines, is likely to be probed several dozen times per day.

The University has subscribed to the JANET ESISS penetration-testing service. We now use it to scan all managed and self-managed machines with external firewall holes, and will be following up its warnings with machines’ managers.  However, it won’t catch everything, so you should still take care with your configurations.

Please contact Support in the usual way if you would like to discuss your self-managed machine.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply