...
It is the user’s responsibility to ensure that hosts connected to the Pawsey network run up-to-date anti-virus software where possible and appropriate. Incoming traffic is filtered at Pawsey's firewall, and the default posture is that such traffic is blocked unless explicitly allowed. Requests for ports to be opened on the firewall will be considered by Pawsey's Network Management. Some outgoing traffic may also be blocked, for example, email. All incoming email traffic will go via the CSIRO external email gateways, where it is filtered for viruses and spam. Outgoing email will also travel via these gateways. Anyone on the Pawsey network wishing to send outgoing email must send it via the mailserver smtp.ivec.org, which will pass it to the CSIRO gateways. The installation of externally visible servers on the Pawsey network must be approved, and should be part of an Pawsey-related project.
Security Policy
...
By accessing Pawsey information resources you are agreeing to abide by the Pawsey Security Policy.
Pawsey and the Pawsey Facilities may terminate or restrict any user's access to its computer systemsinformation resources, without prior notice, if such action is necessary to maintain computing availability and security for other users of the systems.
Computer abuse includes, but is not limited to:
- Using, or attempting to use, Pawsey computer systems without prior authorization or for unauthorized purposes
- Tampering with or obstructing the operation of Pawsey computer systems, or attempting to do so
Inspecting, modifying, distributing, or copying privileged data or software without proper authorization, or attempting to do so
- Supplying, or attempting to supply, false or misleading information or identification in order to access Pawsey computer systems.
Password Policy
Do not fear losing your password. We can reset it for you.
Passwords must:
- be at least 13 characters.
- contain a mix of alphabet, digit, and special characters. A mix of case for alphabet characters is recommended.
Passwords must not be:
- the original password allocated to you
- a real word with random characters appended or prepended. E.g. "hello!!!"
- the name of a person, place, or thing, from any language.
- a real word with substitution of characters of similar appearance. E.g. "pa55w00rd".
- based on the keyboard layout. E.g. "qwerty!@#"
- based on personal information, such as family birthdays or pets
- any passwords forbidden by this policy but spelled backwards
- shared with anyone else
- the same as on another system you use.
- stored or sent unencrypted. This also includes fax, telephone and written down.
SSH Public/Private Key Pairs
You should use public/private key pairs when using ssh. Putty and OpenSSH have facilities for generating keys. In Putty it is "PUTTYGEN.EXE", and for OpenSSH it is "ssh-keygen". Consult their manuals. The ssh passphrase should be different to your account password.
Use SSH2 encryption, not SSH1. Keep the private key on your own computer, and do not let anyone else have it. The public key you can freely distribute. Insert the public key into ~/.ssh/authorized_keys on the Pawsey machine (and any others that you log in to with ssh) and make it only readable by you. If the file does not exist, create it. Alternatively, send the public key to a system administrator and get them to install it.
Password Managers
We recommend you use a password manager to store your passwords in an encrypted format. There are plenty of these, such as Norton Password Manager (WindowsXP), PwManager (Linux), and Keepass/KeepassX (Windows, Linux, OSX, Blackberry).
When using a password manager, you only have to remember two passwords. One for the machine you have the passwords on, and one for the master password of the password manager. Seeing you do not need to remember the passwords stored in the manager, they can be very random and secure. Most password managers can generate strong random passwords for you.
...