J.N. Gamble (CERN Computer Security Officer), IT/CS
The Internet is a hostile place. Hackers, or perhaps more correctly ``crackers'' take pleasure in trying to break into computer systems. More often than not the conquering of computer systems is an end in itself, however, sometimes this is not so and the victim's computers are used for other purposes. We have encountered cases where accounts have been used as a dropping-off place for hacker's software and for a hiding place from which to attack other systems. Normally, we try to limit the access that anyone outside of CERN has to our computers, however, the very nature of the Web and Web publishing is to disseminate information, making it available over the Internet.
What can possibly go wrong? For web-servers hackers are primarily interested in two things: information leaks, and access holes. Information leaks can be to confidential or private information, available on or through a web-server. They may also be to account information, such as the password file on UNIX systems. If a hacker is able to obtain the ``real'' password file, then it is only a matter of time, using commonly available tools, for them to obtain the passwords of users. In general, information leaks can be protected by a well-configured web-server that restricts the information available through it in a sensible way. Access holes, on the other hand, are ways in which a hacker may gain immediate access to a web-server as if he/she were logged in. Access holes appear through either bugs in the web-server software, or through poorly written CGI scripts. The latter is by far the more common and even computer manufactures have distributed example CGI scripts with their standard software that have serious security holes in them. I cannot go into all the details in this article, but the most common problem is that the writers of CGI scripts are too trusting. They often overlook checking that what they expected to be returned from their Web forms is what they receive.
Hackers are also very inventive. They do not rely on "Altavista" to locate their victim Web sites. For many years they have had tools that "scan" the Internet, IP address by IP address, looking for computers that have weaknesses. Recently these have been adapted to look specifically for web-servers and to exploit known security holes. CERN has been the target of at least one such attack.
To conclude, the best defence is to make sure that your web-server is correctly configured. I strongly recommend all who are writing CGI scripts or who manage web-servers to read carefully the WWW security Frequently Asked Questions found at URL:
The CERN Web Office also has documents with guidelines for setting up web-servers, including sections on security at URL:
As a closing remark, this is not fiction. CERN is frequently ``attacked'' from the Internet. You may think that the chance of being burgled is small -- but that does not mean that you do not lock your doors. To be safe, follow the guidelines above in setting up your web-servers and double check all CGI scripts.
If you need any further information, do not hesitate to contact either the Web
or myself at
If you think that you have security problems then contact