|UHUNIX 2000Looking Back, Looking to the Future|
A View from the UNIX Systems Group
by Julio Polo
It has been five years since ITS deployed the "Access for All" program which allowed all members of the UH community to obtain computer accounts (ITS usernames) on our UNIX systems. Ready or not, we were committed to make this vision a reality by Fall 1994. Since then, we have been advancing to where we now maintain a complex distributed environment of 30 Sun machines running the Solaris operating system to serve 50,000 users. This cluster of machines is responsible for providing DNS, e-mail, Web, news, and general-purpose UNIX computing access for the entire University system.
"Access for All" was an immediate hit as students, faculty, and staff realized the benefits of having information at their fingertips. The UNIX Systems group faced skyrocketing user and system demands due to the explosion of academic applications and the popularity of the Internet. It became quickly apparent that well-defined policies were needed to effectively address abuse of information technology resources. An automated account management system was also needed. Without one in place, a great deal of our engineers' time was spent handling user requests such as creating accounts and restoring files instead of redesigning our server infrastructure to address growing demands.
Great progress has been made over the past five years. Around-the-clock monitoring of system services has been established, allowing quick response to emergencies. The process of delivering user accounts has been improved. A Web page for requesting accounts is available and incoming UH Mänoa freshmen now receive direct mail with their ITS username and password, relieving them of the need to apply. Many other services such as mailing list requests and password changes are now also available through a Web interface. We are currently redesigning our server architecture to ensure high availability. If a machine goes down, the service it provided is still available transparently through another machine. We most recently achieved this with our Web servers, and will soon be applying this design to DNS and e-mail services.
As the new millennium approaches, it is inevitable to think about the future of our systems and how they should serve the University. With personal computers getting faster and relatively inexpensive, the Internet-to-the-desktop vision is now a reality. With just a personal computer connected to the Internet and a Web browser, a user is well equipped to take advantage of nearly all that the Internet has to offer. Most browsers have specialized client components to access e-mail and news via POP, IMAP, and NNTP servers. Nearly all information services will soon be accessible through a Web page. This trend is already seen in Web-based e-mail services such as those provided by Hotmail and Yahoo! and Web-based Usenet news provided by Deja.com.
There are many advantages to performing tasks through Web interfaces. The Web already provides for encrypted transmission of data via secure URLs. Users and their technical support staff do not need to install nor configure client software when using a Web page because they only need the URL, account and password; all other settings are handled by the Web server. Travelling users can use Web browsers from anywhere in the world without the inconvenience of being denied service because of anti-relay measures in their SMTP server. They also do not have to bother with configuring client software in someone else's machine if they forgot to bring their laptops. As Web technology improves, POP, IMAP, NNTP, and TELNET client software will likely be replaced by Web interfaces. And Web browser software is easily updated via the Web itself.
The obvious evolution for our UNIX servers is to ensure that we are able to effectively support such Web access to our services. A complete overhaul in the design of the environment is necessary to accomplish this. A new design will also allow us to address some drawbacks in the current design which make it difficult to delete old accounts, support directory services, maximize security, and streamline system administration. We look forward to a design that will effectively meet user needs as well as provide an environment in which our engineers and users can feel comfortable about its security, capability and manageability.
Specifics of the new environment are still being decided although a few features are definitely desired. Shell access (e.g. telnet) will be minimized, as that is the weakest security point in any UNIX environment, especially one with 50,000 users. If a Web interface can be provided for users to manage their accounts, the majority of user accounts can be created without shell access. Shell access can then be enabled only for those who require it in an environment that minimizes damage should a break-in occur through that shell account. We also want to be able to terminate accounts as soon as a user leaves the University since inactive accounts are a common source of security incidents.
The new environment will also maximize the use of encryption to prevent passwords and other sensitive information from travelling in the clear over the network. We need to complement that with better security guidelines for our users who often are not aware which activities pose a security risk. For example, many uhunix users currently run a program written by a third party to find out who else is logged in on the system. Such a program could easily contain a Trojan horse to enable the author of the program to have subsequent unauthorized access to the unsuspecting user's account. Similarly, third party sites that offer Web access to UH e-mail request our users' logins and passwords. We never know whether such sites are practicing acceptable security measures, nor do we have guarantees that they are not storing such information and increasing the risk of our passwords being exposed. In fact, we have seen some very disappointing cases of lax security in such sites.
Even with security upgrades, it is still possible for someone to exploit a newly discovered UNIX vulnerability and gain unauthorized access to the system. With 50,000 users in a publicly available system, the odds are too great for someone to be careless. Back-end servers with no end user accounts have a much better chance of remaining secure. We realize this and have taken measures to separate systems storing sensitive information from public systems. We are also encrypting as much information as possible so that such data is unreadable even in the event of a break-in. Our UNIX systems encrypt any personal information such as employee or student identification numbers which were used for accounting purposes.
System administration and network security can no longer be casually treated by University individuals who bring up a LAN, a single server, or any UNIX box connected to the Internet. Some departments do an excellent job of administering and maintaining their own servers. Other departments operate servers without an adequate production environment nor the staff to properly configure and maintain them. This can result in security breaches and subsequent denial-of-service attacks affecting the entire University network, not to mention compromising the e-mail and data of all departmental users. As the primary contacts for the hawaii.edu domain, ITS receives all network abuse complaints that result from such neglect and are left with the task of fixing the problems, including cutting off departmental services if necessary to preserve institutional access. For those departments who just need to use e-mail and share files, it makes better sense for ITS systems to provide such services in a production environment that includes 24x7 monitoring, nightly backups, and regular maintenance.
We realize that even our best server configuration is useless if the network is down. The network is foremost in our priorities, which is why we work closely with our colleagues in ITS Networks to maximize the uptime of the University's IT infrastructure. For the unfortunate times when outages do occur, we are working on ways to effectively communicate such events to the entire user population.
|Comments to: email@example.com||