Department of Computer ScienceDuke Security Office
The Duke security office maintains many important security documents including Duke data classifications and standards. For more information visit them at security.duke.edu.
Directory/file permissions
Account Sharing
Reporting suspicious activity
Our system is set up to share files in certain circumstances; we have several temporary spaces and project directories for this purpose. There should not be anyone using another user's directory to store files, or logging in as another user.
Users should always report suspicious activity. If you notice when you login it says that you last logged on from AOL and you do not have an AOL account please contact the Lab Staff. Or if things in your account seem different, or you find strange files in your directories, please contact us. If you have any suspicions that your account has been altered, then please contact the Lab Staff.
Untrusted network
If you have a personally-managed computer on the department's untrusted network, please take the time to shut off ALL unneeded services. These include telnet, rlogin, FTP, syslog, NFS, etc... The only services you should run are ones you have a need for, such as web servers or ssh. If you are unsure of what services are running or how to shut them off, please contact the Lab Staff for more information. One thing is certain: hackers will know what you have running and will find ways to exploit it! In the past, several untrusted machines, and at least one trusted departmental server, were broken into this way.
Passwords
Passwords may be one of the most overlooked keys to UNIX security. Most systems are compromised from within, using accounts that have been cracked. This runs contrary to the common assertion of users that "I have nothing important in my account, so it's not a big deal if someone breaks into it." This attitude compromises the security of the entire network! That is why it is very important to have secure passwords and to change those passwords often. Changing them after a trip where you logged into the CS system remotely is especially encouraged.
Easily-guessed passwords include the following:
Many hackers use collections of foreign dictionaries, movie dictionaries and high-tech dictionaries in an attempt to guess passwords. Any word that might possibly be found in any dictionary is unsuitable.
It is often very easy to guess a password based on the user's personal information, since much personal information is often available on the web. Such information includes names, departments, birthdays, anniversaries, pet names, mother's maiden names, social security numbers, driver's licenses, etc... Therefore, these types of password are unsuitable.
- Dictionary words (of any kind foreign, movie, Latin, obscure, high-tech...)
- Items of personal information
More secure passwords are those that include random strings, two words joined with selective replacement of key letters by punctuation and lyrics or verse joined in interesting ways, For example
random: b4j/C5(* two words: To@)fR0( (toad frog) lyrics or verse: AtW*$@w* (All the world's a stage..)
Do not use any of these examples; please come up with your own.
By choosing difficult passwords, you help to ensure that in the event that our encrypted password file does get out, it is very unlikely that this will help the hacker. This helps to maintain our high level of security, resulting in protection for the department at large.
If you have any questions please contact the Lab Staff.