Security policy for computer use
Firewall
The Internet connection of the MPI is being monitored by an additional computer that controls traffic on the outgoing line and, by default, denies ALL connections. The main purpose for this restriction of service is to keep intruders out of the computer network. Unfortunately the number of misuse attempts in other people’s networks (and also the number of security holes in different operating system software) continues to rise every day. The details of the currently employed rule base for the firewall are listed below. Due to several severe security breaches having taken part in the german internet system, we had to incorporate this settings. We apologize for any inconvenience these restrictions may cause you, but we feel they are an absolute necessity to avoid being compromised.
Connection to the outside world
Connections from a machine inside the institute to the outside world is only granted for: http(s), telnet, rlogin, rcp, ssh, ftp, nntp, RealAudio We will continue to support special connections such as RealVideo or VDOlife. Incoming connections originating from the X11 window system are not allowed because there are lots of security problems connected with that. This means that you will be unable to start an X-Window program at your home university and display it on a screen in the institute unless you use secure shell (ssh) to connect to the remote host; this will encapsulate the X-Window data into the encrypted ssh connection. If an important service seems to be missing, please contact the computer group.
Passwords
To complete this security policy, a check for weak passwords will be done from time to time. Everyone whose password is found to be weak will be notified immediately and asked to change it. Passwords which are not easily compromised should be based upon non-dictionary words, hence any word which might appear in a dictionary, even if it is supposedly an obscure word might be unsuitable as a password. Similarly, any password which is derived from your name, department or other personal information is unsuitable because it can be easily guessed. To change your password use our self service portal.