The simple trick I have always been using for the workstation is to
delete the default gateway in the route table. Then the workstation is
only networked within the local ethernet and cut off from the internet.
All the network connections go well locally and if anything happens,
it's easy to solve it in your own department. The script to run in SGI is
#!/bin/sh
GW=128.196.116.1
case "$1" in
'on')
route delete default
route add default $GW
netstat -rna
;;
'off')
route delete default
route add default 127.0.0.1
netstat -rna
;;
*)
echo "usage: $0 {on|off}"
;;
esac
On 07/07/2011 11:21 AM, Wood, De wrote:
> Hi Alex and all,
>
> I'm not really an NMR specialist but ended up in charge of a 18 yr old
> 400 MHz Bruker system when our NMR expert retired three years ago.
>
> Our NMR runs on a UNIX-based Silicon Graphics (SGI) system and is not
> networked and even if it were, there's no good way to access the data
> since no one here has expertise in Unix networking. I have a Windows
> machine next to the SGI computer and I transfer data using a zip disk
> onto the Windows machine which is networked. I have Topspin 2 on the
> Windows machine so I can process the data on that machine and transfer
> data 'til the cows come home.
>
> Anyway, I am also in charge of a scanning electron microscope (SEM) - my
> "real" area of expertise - which only runs on Windows NT. Windows quit
> supporting NT a long time ago so we had to take the SEM off the network.
> What we ended up doing is hooking the NT machine directly to a secondary
> Windows XP computer which goes out to the network. We created a shared
> data drive on the SEM NT computer and only access the SEM data from the
> XP machine. We then copy or move the data onto the XP machine or an
> external storage drive that anyone can access in the building with a
> password. We don't even have a USB port or any type of physical,
> removable storage on the SEM NT computer, we completely access the data
> from the XP machine as if it's a separate folder.
>
> Neither are simple solutions but both are really workable.
>
> Hope that makes sense and helps!
>
> De
>
> Delilah F. Wood
> Botanist
> USDA ARS WRRC
> 800 Buchanan Street
> Albany, CA 94710
> Tel: 510-559-5653
> Email: de.wood_at_ars.usda.gov
>
> -----Original Message-----
> From: ealexwaters_at_gmail.com [mailto:ealexwaters_at_gmail.com] On Behalf Of
> Alex Waters
> Sent: Wednesday, July 06, 2011 1:02 PM
> To: ammrl_at_ammrl.org
> Subject: AMMRL: Network security practices
>
> AMMRL,
>
> I work in a small animal imaging facility with two Bruker MRI systems
> that are operated by workstations running Red Hat Enterprise Linux 4.
> The MRIs do not have an option of running Windows workstations.
> Because ParaVision (which runs on top of TopSpin) is very fragile,
> Bruker will not permit us to install any system updates. Naturally,
> one of our workstations was hacked and used to send out spam. The IT
> department was unimpressed and shut off our ethernet port. After a
> lot of time fixing the network settings, the scanner is operational
> again, but completely offline. Our second workstation is similarly
> vulnerable. I got a few suggestions from our NMR colleagues, but
> would appreciate your input as well.
>
> Questions:
> 1) What strategies do you use to prevent this sort of thing from
> happening, but still enable users to access data?
> Keep workstations on the network and lock down as many ports as
> possible? Does anybody know which ports/services must remain open
> (such as flexlm and the CORBA naming service) and which can be closed?
> Hide them behind a router/gateway computer? How does your IT
> department feel about that? (Routers are banned here, but we could
> maybe argue for a special exemption).
>
> 2) What steps do we need to take to fix the compromised workstation so
> we can get our port back? IT said (in so many words) that they'd
> prefer we just incinerate it. Are we going to have to wipe the disk
> and reinstall everything?... : (
>
> While I do not fear linux and know how to use google, I have no
> sysadmin/networking background and no IT support, so detail is muchly
> appreciated. Security has been discussed in the past on this forum,
> but not in the last several years, so I am hoping for an updated
> conversation.
>
> Thank you very much!
> Alex Waters
>
--
Jixun Dai, Ph.D.
Dept of Pharmacology& Toxicology
College of Pharmacy
University of Arizona
1703 E. Mabel St.
Tucson, AZ 85721
Email: dai_at_pharmacy.arizona.edu
Tel: 520-626-4072
Received on Fri Jul 08 2011 - 10:09:25 MST