Nixsys Public Access UNIX System

Our Take on Security:

Overview

There is no such thing as total system security and any person or organization professing "hacker safe" systems are pushing a con and inviting trouble. Systems can be made as secure as possible, relatively secure, or more secure than normal, but not impervious to all threats. The best any system has to offer is a false sense of security, which a user can choose to accept or not.

So, when we use the term "secure" in relation to resources on this system, as in the Secure WebMail interface for example, we mean "relatively secure". Not "more secure than normal", because it actually takes very little to boast such a statement, considering how horribly insecure most systems are by default. Not "as secure as possible", because just having an interface which accesses SMTP over HTTP, for example, is a security risk. We tend to err on the side of security, while at the same time allowing options for the convienence of our users (such as the Secure WebMail interface).

The choice of software packages, the configuration, integration, and interoperability of subsystems, the access restrictions to certain resources, our policies, the enforcement of quotas, etc all contribute to our firm commitment to a good security policy. "Relatively secure" is not a harsh criticism to this system, but, in comparision to most systems on the Internet, a compliment. We pull no punches and make no promises.

When new features, resources, and / or options are being considered for this system, their impact on system security plays a huge role in the decision making process. Software packages for subsystems are researched thoroughly before implementation and their configurations are optimized for security. Some may find the user environment restrictive at times, however, the resources found on this system far outweigh the limitations... and we're always open to suggestions.

Shifting the focus from the administration to the user, a good part of account security depends on the level of knowledge and involvement of the user. Therefore, it's our intention to provide the information necessary for users to educate themselves in regard to account security. Even with our security policy, a level of responsibility is expected from users. Failure to read and understand policies, procedures, and other site documentation (setting up TLS / SSL on local machines, for example) absolves the administration of any culpability for account compromises due to user irresponsibility. If users are so focused on security, then they should take time to understand methods which make their ideals more real.

One of the driving reasons for creating and maintaining this system is the obvious lack of security and encryption software packages and mechanisms on many Internet servers. Nixsys PAUS, however, is designed and committed to serving the needs of its users. The administration has received and fulfilled the requests of users asking for software packages like Secure WebMail, GPG, apg, and other security packages and mechanisms. We've been asked to host Direct Action Group and Peace Action Group mailing lists and users and provide access to software packages which will make their dealings safer for them. It is very important to these groups that their communications are relatively secure.

In conclusion, every attempt is made to secure this system. It's not rock hard as if a global security organization built it, but it's not one of those "h3y we can h4ck" jobs either. Definitely exponentially more secure than many school, business, and application servers and has more to offer. Our Security Team attacks Nixsys PAUS periodically to test it and evolve its configurations. It's like a wargames server, only incredibly more difficult.

Back to the top!