[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Requirements for LDM / security



Jack,

[Steve Chiswell passed your inquiry to me.]

> >To: "Unidata Support" <address@hidden>
> >From: "address@hidden" <address@hidden>
> >Subject: Re: 20050709: Requirements for LDM and software 
> >Organization: UCAR/Unidata
> >Keywords: 200507181352.j6IDq1jo027758

The above message contained the following:

> Thank you for your help again. A recent concern for the LDM is 
> security. Would I need to set up antivirus software and 
> firewalls for the LDM, or would that interfere? 

Anti-virus software is a non-issue because

    1.  LDM systems run UNIX rather than Windows.

    2.  You would have to execute any viral data-product by having an
        entry like

            <feedtype>  <pattern>       PIPE    -close  /bin/sh

        in your pqact(1) configuration-file.  (Don't do that!  :-)

As for firewalls, lots of sites run them (we do).  The only concern
is that port 388 is unimpeeded so that inside LDM-s can create TCP
connections to that port and outside LDM-s can connect to that port.
It's OK if the firewall restricts the set of hosts that can use this
port.

If the LDM is installed as instructed, then it's impossible for a hacker
to use the LDM to obtain a shell with superuser privileges because if
the LDM crashes (the typical tactic for obtaining such access) then the
connection gets closed.

> Is the LDM susceptible to computer hijackers and what not? (Dont 
> really know what they are called).

"Hacker" is the term most frequently used.  "Cracker" is another.

LDM-s have been in operation since 1994 and are used by the IDD, NOAA,
NASA, USGS, US Army, US Navy, Spain, Australia, Brazil, South Korea,
Canada, Argentina, Costa Rica, and Taiwan.  I've never received a report
of using the LDM to obtain illicit access to a computer (and as the LDM
developer, I would receive such reports).

> Thank you again,
> Jack

Regards,
Steve Emmerson
LDM Developer

> NOTE: All email exchanges with Unidata User Support are recorded in the
> Unidata inquiry tracking system and then made publicly available
> through the web.  If you do not want to have your interactions made
> available in this way, you must let us know in each email you send to us.


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.