Privacy Issues

This draft is under construction. Comments welcome

An account on a networked unix machine is quite different from an isolated, non-networked personal computer. There are a few issues of which all users should be aware.

File protection

Each file and each directory can have permissions set to specify who may read, who may write (or modify) and who may execute (in the case of a program) or search (in the case of a directory).

Commands to know:

ls -l List directory and permissions
chmod Change permissions
umask Set default permissions

Quick reference:

To set a file read/write by owner, read by others:
```
	chmod 0644 file
```
To set a file read/write by owner, unreadable by others:
```
	chmod 0600 file
```
To set a directory read/write/search by owner, unreadable by others:
```
	chmod 0700 ~/letters 
```
To set your top-level directory so no one may see anything:
```
	chmod 0700 ~
```
To set your default file protection so no one may see anything: Add a line to your file ~/.cshrc
```
	umask 077
```
N.B. The default mask of 022 (if you do nothing) allows others to read but not modify.

Suggestions:

If you are uncomfortable with all this unix nonsense and want to be sure to be left alone, do the preceding two steps and protect everything.
Many users choose to keep their top level directories readable (chmod 0755 ~ ) and to protect selected subdirectories.

Information available to local users

The following information may be available to users with an account on the system:

Who is currently logged in and where
When a user last logged in, where he or she logged in from, whether there is any unread mail for a user, when a user last read mail
All previous logins and locations for any user
Processes currently running for each user
Parameters of those processes. Note that this can include information like file names and directory names even if the contents of the files and directories are protected. (E.g., textedit letters/gripe/badcookies.tex.) It also includes shell environment variables.
Who you are sending mail to if the recipient's machine is down. (Anyone know how to block this?)

Commands to know:

ps -aux Show all processes
finger Who is logged on
w Who is logged on
last Last logins (try last -10)
xlast - Last logins from an X terminal
mailq - Unsent mail in the outgoing queue
netstat All open network connections

Information available to outsiders

Some information about you and your activities is available to anyone on the internet. This can be useful. If you want some information about you to be public if you are "fingered" put it in a file "~/.plan" and/or "~/.project" in your home directory. N.B. This doesn't work if the top level directory is protected.

In addition, it is possible that virtually any network activity you initiate could be logged by remote computers. It may be logged by originating host only or by host AND user. This includes all transfers by WWW, anonymous FTP and e-mail servers. It certainly includes telnet and regular FTP connections; it could included finger requests, name lookup requests, anything. While most servers treat transaction information confidentially, as do libraries, they are under no obligation to do so.

Commands to know:

finger yourname@het.brown.edu Info about you

Information available to system administrators

A very limited number of individuals responsible for system maintenance have "root" or system-level access. Anyone acting as "root" has in principle access to almost anything on the system, including the contents of protected files, unless the files are encrypted.

As a matter of strict policy, our system administrators never examine the contents of any file without the express permission of the owner at the time it is inspected. There are a few technical exceptions:

"Dot files" that affect system configuration and security shouldn't be considered private property: think of them as shared between you and "root".
Files such as ".rhosts", ".forward", ".vacation", ".login", ".logout" can compromise security and privacy for all users. They will be scanned without notice. In fact, ".rhosts" files may be removed unless you've made prior arrangements. Other files affecting individual setup (".cshrc", ".xsession", for example) may on rare occasions have to be modified for changes in system software.
Mail that "bounces" back due to a bad address sometimes ends up in the root mailbox.

Bad Guys

All of the above referred to legitimate users. Unfortunately the Internet, like any community, has its share of criminals, vandals and jerks.

If they get in the door at all, expect that they will get hold of root privileges and then some. They may destroy data or lock users out or just booby trap the system software and come back later.

At the very least, a confirmed break-in may require disconnecting every machine in the group for one or more days until all software can be reinstalled from scratch and all files can be checked for trap doors. This happened not long ago at SLAC.

Keeping the bad guys out depends on EVERYONE. This can't be overemphasized enough.

Passwords

The first line of defense is your password. Choose it well. You might want to read this about passwords and how to select them.

Packet sniffers

A powerful tool in network "cracking" is the use of "packet sniffers." Information sent over the network is bundled up in little packets, addressed to the destination machine, and sent out over a big party line called Ethernet. Every machine that shares a wire along the route of the packet can read it. They're not supposed to if it isn't addressed to them, of course. But that is what packet sniffing programs do. They read, for example, the password you type when you telnet to Brown over the Internet from a remote site. They read everything going between an X terminal and its host.

This means that if one machine in the department is broken into and a packet sniffer is installed secretly, everything from every computer (on the same subnet) is potentially vulnerable to being read.