LINUX SECURITY --- July 10, 2001
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
__________________________________________________________________________
______
HIGHLIGHTS
* Employee perks, such as personal space on a Web server, can be a
great and cost-effective way to keep your staff around, just make
sure it's done without compromising security.
__________________________________________________________________________
____
Employee Web Servers
By Rick Johnson
Allowing employees a place for free expression, normally in the form of
employee Web pages, is a growing trend in companies. A company will
setup a server on a high-speed connection and issue employee accounts
for personal Web pages.
Silicon Graphics (http://www.sgi.com) hosts one of the most popular
employee servers. This server, hosted at http://reality.sgi.com, has
been online for ten years and, in that time, has been responsible for
hosting a great deal of IRIX and Linux applications. It also allowed
those of us on the outside a glimpse into the inner workings at SGI.
Unfortunately, Silicon Graphics has announced that reality.sgi.com will
be turned off as of August 15, 2001. They say their decision is final
and are discussing options for making the data available elsewhere.
They haven't given a clear decision as to the reason for the shutdown
but I suspect that security or liability concerns are an issue.
The downside to this type of employee benefit is, of course, the
content. Strict internal guidelines must be set and adhered to by every
user. SGI also put the following disclaimer on the site:
"The Reality Server is for employee personal use only and is not to
be used to conduct SGI business. SGI does not endorse or authorize
any content placed on the Reality Server, and in no way should
such content be considered authorized statements of SGI. SGI
specifically disclaims any liability for any content on the
Reality Server."
While useful, this statement does little else other than cover SGI from
a legal perspective. Of course, Silicon Graphics is only one example of
companies offering this service. Many others offer similar services and
each is taking a risk by doing so.
The safest thing is to not offer this at all, but if you are, it must
be done safely. Here are a few guidelines:
* Write an acceptable use policy. Outlines the types of content
allowed, leaving no room for speculation.
* Lock down the server. Since this will be accessible to the
outside world, the server should be secured just like any other.
User access to a cgi-bin should be avoided as well.
* Audit the server regularly. Make someone responsible for checking
the contents' adherence to the acceptable use policy.
Employees really do appreciate having a place on the Internet to call
their own, especially on a high-speed connection. Done properly, it can
be great for morale.
About the author(s)
-------------------
Rick Johnson is the CTO and Head of Development for IPDex Technologies
(http://www.ipdex.com). During his off hours, Rick is a
consultant, writer, and developer for various open source projects.
Rick may be contacted via email at rick@pointman.org or on the Web at
http://www.pointman.org.
__________________________________________________________________________
______
<<attachment: winmail.dat>>