I an enclosing a plan for the organisation of the computer systems to avoid further intrusions and break downs such as the ones in the past.
Roughly my plan (which is a revamp of earlier plans) is this.
Server machines for DNS, mail, NIS, NFS, Proxy, Web and External login gateway should be configured with the minimal possible software to make these operations work smoothly. This means that in case an upgrade is required due to security problems in existing software that can be done within half a day. This does mean that these machines will probably not have enough software for general users; so to avoid confusion we should not allow user logins --- but so be it! Other than the specific services assigned to these machines there should be no network connections possible. The console will run a chooser i.e. the common user will see these as "dumb" Xterminals. Only these machines will use the VSNL addresses. A Break-in to any machine other than these should never lead to a compromise of the network as a whole. Candidates are obvious
- NIS, NFS, backup, UPS, printers
- DNS, mail, NIS (secondary)
- DNS, mail (secondary)
- External access telnet, ftp, modem logins (at some stage this may be the firewall machine).
- mirror software.
Logging for these machines should generate human readable short logs that are regularly monitored. Ideally all these machines should be in one room. The security sites for the software installed should be regularly monitored. The maintainence of the services provided by these machines must take priority over all other activities of the system administrators.
The access level machines need to have enough memory to provide for most users' normal (X, Pine, Netscape) needs. Thus the natural candidates are hsparc4, imsc4, imsc6 and the new Linux machine(s) (all have 128 MB of RAM or more). The software on these machines need not be up-to-date as long as it "works". That is to say it can be upgraded without urgency. At about 8-10 users per machine this should handle all the load that is not handled by smart X-terminals --- provided our users are sensible and do not all log in to one of the machines!
The remaining machines (other than compute servers) in the computer rooms should be treated as smart X-terminals similar to those in the offices --- in particular, they should not have non-console X-logins. The software should as far as possible be kept in sync with the software on the access level machines. Each of these machines should thus take away the load of one user. The machines are imsc1, imsc2, pori, indy.
User handling capacity = (roughly) 16 PC's used as smart X-terms + 4 server console + 4 smart X-terminals + 32 (=4*8) remote xdm logins = 56 users logged in at any given time.
We should implement this by re-installing(!) all the linux server machines one by one since those were the ones broken in to. In principle, we should also check the integrity of the software on the solaris machines in some way... Let us give ourselves a deadline of August 15th to finish this.