IS to Change Key-Code Combo In Effort to Increase SecurityBy Oleg E. Drozhinin
Information Systems is in the midst of implementing a plan to strengthen Athena cluster security, according to Brian T. Murphy, assistant manager of computer operations for Distributed Computing and Network Services.
The move comes in response to an increasing number of incidents since May involving cluster use by people not affiliated with MIT, Murphy said.
Trespassers often sneak into clusters alongside students, and get key code cluster combination and root access information from unwitting legitimate users, Murphy said. Armed with the root password, trespassers can use many of the features - such as free Internet access - that are available on Athena, according to Murphy.
"The greatest impact from such people using the workstations is that it takes a seat away from an authorized Athena user," Murphy said.
To preempt such misuse, this summer IS began changing that root password and posting "no trespassing" signs at all clusters, Murphy said. IS also plans to change the key code cluster combination, effective Oct. 1, Murphy said. The current combination is openly posted outside some clusters.
Trespassing hit high in May
IS became aware of the situation during the thesis-writing period in May, when student demand for the clusters is highest. IS staff began noticing people who for various reasons, they said, did not appear to belong to MIT, according to Murphy.
In response, IS began monitoring root access, and questioning people logged in as root about their MIT ties, Murphy said. In addition, IS has increased spot checking of clusters, and has spoken with Campus Police and legal consultants about the procedures for prosecuting trespassers, he said.
If caught, trespassers can be arrested by Campus Police and turned over to Cambridge Police. Under certain circumstances the offense may be punishable by fine and/or imprisonment, Murphy said.
Also in response, administrators have reviewed and modified Athena documentation to rework the description of the so-called "public" clusters, which will instead be called Athena clusters, Murphy said.
As an added deterrent, some staff members will be wearing utility vests with the word "Athena" printed on the back.
Though serious, the measures are necessary step for the security of the clusters and the convenience of their users, Murphy said.
"Having to wait in line [for a machine] when you're paying tuition, while someone else who is not even affiliated with MIT is using a workstation is obviously unacceptable," Murphy said.
"We are very concerned with this situation and take our jobs of providing adequate computing resources to all authorized Athena account holders very seriously," Murphy said.
For security's sake, Murphy advises students not to give out their password or the root password to anyone. The combination to the clusters should be also held confidential, he said.
If they think they've seen an unauthorized cluster user, students can send electronic mail to firstname.lastname@example.org or call the Campus Police at 253-1212.