Hello,
Peter Lundberg wrote:
> Considering that manufacturers of MR systems slowly appear to
> move from unix to windows, any opinions on any alterations (potential
> or real) of the systems reliability, performance, and in particular
> sensitivity to virus-infections.
As on a Unix or a Linux system, the ways someone on the internet can
affect a PC running Windows is directly proportional to the services
that are running on the Windows box. It is most secure if it is not
connected to a LAN that is connected to the internet. However, that
configuration is not as useful as one which is connected to the
internet.
So, to be more secure don't run Outlook or other mail programs on the
PC running Windows which is running the spectrometer. It is best
to go through the list of services running and stop as many as possible
for your uses, such as: Java, Windows scripting, all mail clients, any
web or ftp servers and etc.
> I suspect that the manufacturers are not really taking the
> Windows virus threat all that seriously. Am I wrong?
I think everybody is taking virus threats seriously, but the trouble
lies in the compromise between security and utility in a world that is
more networked every day. It is not a Windows specific thing. It is
a wonder that with all the NMR instruments being run today by Unix
boxes and Windows that more are not compromised than what we see
today.
> BTW, I don't understand why not Linux is more widely used (or is it?).
JEOL uses Linux and not Windows. We use Linux a lot at Acorn NMR but
for server stuff. All of our web, ftp and mail is on Redhat Linux 7.2.
We have not yet found that Star Office and KDE Office applications
to be as easy to use as Microsoft Office applications. There is also
problems exchanging files from these Linux applications with a world
running Windows. In addition, there are a LOT of other applications
available for Windows that are not available on Linux.
The problem here is that Linux is not easy to use. While it is getting
better, you need a LOT MORE technical expertise to configure a working
Linux box and even more to configure a secure working Linux box. A common
mistake is to believe that you can set up a Linux box in what you think
is a secure manner and then just leave it alone. NOT TRUE !!! You need to
monitor the logs and watch for intrusion attempts at least daily. Our systems
often have more than 100 attempted intrusions each day. So what we have
done is set up a very tight Linux box with IPTABLES that sees the outside
world and creates a more secure LAN with NAT where our main PCs running
Windows, Macintosh and Linux hide. The NAT service means they have full
access to the internet and the IPTABLES stuff is configured to DROP access
to all services we don't specifically allow. As it is dropping incoming
connection attempts it logs them. Daily we inspect the logs and usually
find many access attempts not allowed in. Often these attempts come from
IP address that are repeat offenders, so we add these IP addresses to
our badguys list in the IPTABLES and never hear from them again. We would
be happy to share our IPTABLES script with anyone interested and there are
many example IPTABLES configurations on the internet.
I would recommend that any NMR instrument running Windows (or other OS) be
put behind a Linux box for additional security. This Linux box needs to be
monitored daily in the logs and with security programs like Tripwire. When
problems are found, and there will be problems, rapid action needs to be
taken to address the problem areas. This is and ongoing never-ending and
complex job. The job can, however, be automated somewhat by scripts, but
the scripts can only aid and not replace human visual inspection.
woody_at_acornnmr.com
Received on Thu Mar 14 2002 - 15:35:37 MST