May 6, 2005  
 

 

Important Security Issue:
Running File Sharing Software at SLAC

By Bob Cowles

On June 28, 2004, a memo entitled ‘Use of SLAC Computing Capability to Illegally Download Material’ was addressed to all SLAC Staff and Visitors (see  http://www-group.slac.stanford.edu/hr/Important/2004-06-28.html).

The memo describes SLAC policy and quotes Stanford University policy on downloading copyrighted or pornographic material from the Internet. Here are some important quotes from that memo.

Stanford University Policy (applies to the entire SLAC community).

Stanford is committed to facilitating access to information through its computer networks as part of its mission to pursue research and create knowledge. However, the university’s research and teaching mission also depends on respect for the rights of intellectual property and the university will not facilitate the pirating of intellectual property through its computer networks. ... Sharing music, videos, software, and other copyrighted material in violation of copyright laws can expose you and others to legal sanctions, as well as sanctions under Stanford’s policies. Please do not put yourself, your friends, or your colleagues in that serious and difficult position.

SLAC Policy

We want to remind you not to engage in illegal downloading of copyrighted material such as music and films or the downloading of pornography from the internet. We also remind you of SLAC’s obligation to follow up, report to the DOE Inspector General, and discipline any individual on site who does engage in such activity. Because SLAC is government funded, SLAC has an additional prohibition on misuse of government property.

Early Detection of Infected Computers

SLAC Computing Services (SCS) uses an analysis program that looks for patterns of network use typical of malicious software. This provides for early detection of computers on site that might be infected. While SCS has detected some infected machines, the more common results have been detection of machines running peer-to-peer file sharing software like Gnutella, Kazaa, Limewire, eMule, eDonkey. Due to the strong association of these programs with illegal file sharing, once the software is detected, SLAC is obliged to ensure that no copyright or other laws are being violated. As a result, computer security staff reports the use of file sharing software to Lab management for follow-up investigation.

From a computer security point of view, use of any of this software can be very dangerous—both to SLAC and to your own personal computing.

The peer-to-peer file sharing networks have been a major vector for distributing software or files that are ’wrapped’ with adware, spyware, viruses and trojans in addition to the program you think you’re getting. Also, even after you close the window, the file sharing software keeps running in the background and is exposing files on your hard drive to the Internet—including files you may not want to be visible.

SCS is asking you not to run peer-to-peer file sharing software on the SLAC networks (including the visitor network), or on a machine that you use to connect to SLAC via VPN or dialup.

Thanks for your understanding and cooperation.  

 

The Stanford Linear Accelerator Center is managed by Stanford University for the US Department of Energy

Last update Friday May 06, 2005 by Topher White