[wplug-internet] WPLUG's information assets (current status - part 1 of 3)

Sat Jan 8 18:58:15 EST 2011

In a discussion earlier today, Beth Lynn expressed concern about
the security of the information retained in the membership rolls.
We are currently storing this information on the WPLUG virtual
server, so this generalizes into a question about access controls
on the server itself.

This three-part series of messages will cover the topic.  This
first message will review the current state of affairs.

Part 2 of this series will talk about my proposal for putting the
membership rolls online so members can access their own details.

Part 3 will cover my proposed backup solution.  We currently have
no backups of the data on the server.

To start off, anyone who has root access (legitimate or otherwise)
to the server has full access to all of WPLUG's information.  This
includes the member rolls, mailing list subscriber lists, mailing
list archives, and the wiki database.  Mail to aliases established
on the server is not stored locally (except for the brief time it
takes to deliver it to its destination).  However, someone with
root access could easily run a background process to capture all
mail transiting the server.  This is all typical - root in general
implies complete access, so I will not include discussion of this
aspect when talking about specific assets.

Those who have legitimate root access on the server are all those
accounts who are members of the "wheel" group.  Currently this
includes myself, Michael Semcheski, David Kraus, Nick Schembri,
and David Ostroske.  It should be noted that direct root login is
disabled on the SSH server, so sudo must be used.

I will also not consider the case of additional copies of files
kept personally by those who had or have access to them on the
server.  They are entirely outside of our control.

There are, essentially, two sets of membership rolls kept.  The
first of these are the full membership rolls, which include the
names, e-mail addresses, and effective dates for each current
member and most former members going back to around 2006.  It also
includes telephone numbers, street addresses, and other personal
information IF AND ONLY IF the individual chose to provide it to
us.  The second membership roll is the wplug-members mailing list
subscriber list, which contains only names and e-mail addresses of
current members.

The full membership rolls are stored in /home/board/membership/.
These files can be read and written by anyone in the "board"
group.  I am currently the only member of this group.

The wplug-members subscriber list is accessible to the list owners
(myself and Beth Lynn) and moderators (none currently) and anyone
who has the sitewide mailing list admin password.  It can also be
read by any account on the server in the "mailman" group
(currently only the mailman user).  In addition, it is visible to
anyone who sniffs an unencrypted HTTP session where the list is
being accessed.

Our general practice has been to give accounts on the virtual
server to those who have volunteered and are trusted to admin the
server (placed in the "wheel" group).  We also offer accounts to
Board members who want them, and place them in the "board" group.
Group membership is revoked once the individual leaves the Board.
I do not think we have actually deleted any accounts as of yet.

Beth Lynn has an account, however at her request I have not placed
it in the "board" group.  I have not gotten a clear indication
from the other board members that they want or need an account.

Vance Kochenderfer        |  "Get me out of these ropes and into a
vkochend at nyx.net          |   good belt of Scotch"    -Nick Danger