Security and Privacy Policies for moffatig.com

Introduction
Server security policies
Unix Shell User security policies
Mailing List security policies
File Hosting security policies
End User security policies
Privacy policies

Introduction

This document sets out the security policies for the web and mail servers at moffatig.com. This is a public document so the detailed implementation of technical security measures is not appropriate here. Please contact the site owner or your e-mail list moderator if you wish to discuss these directly.

Please note that moffatig.com is hosted on virtual servers and backed up on cloud-based storage. As such it is no more secure than the providers of these services. End Users are advised not to post anything containing personal data through e-mail lists or upload any files containing personal data to servers @ moffatig.com. This system must hold in order to function end user's e-mail addresses and in the case of list or web administrators a username and password. The IP addresses of all connections to this system are logged and retained for the life of the system or until disk space runs out.

Nothing in these policies is intended to take on the responsibility or organisations using services hosted by moffatig.com to consider their position as data controllers under the UK data protection act and to notify in their own name and implement appropriate security privacy and data access policies for data hosted elsewhere than on the moffatig.com servers.

Server Security Policies

The basic security model shall be Deny All / Permit when necessary
All admin access to moffatig.com servers shall be password protected
All admin access will be by SSH if technically possible or secured by IP address restrictions to trusted hosts if not.
A check for the availability of new patches will be done at least weekly and any found will be installed.
Other than Web and SMTP Mail all network services will be restricted to access from trusted IP addresses.
Access to all web applications will be password protected.
All shell level users will have personal accounts and no shell or FTP accounts will be shared.
Any application requiring a shared password may only be reached by logging in to a personal shell or web account first.
A host intrusion detection system will be installed with alerts sent and logs backed up to a remote machine.
E-Mail access shall be managed on a deny all/permit trusted basis
SSH trust relationships will be constructed so that access to one server does not provide root access to the other without authentication.
The root password will be held by the owner alone.
FTP accounts will provide access to the owner's file space and subdirectories thereof
All FTP Uploads will be logged.
All Passwords will be at least 8 characters and not dictionary words
The root password shall be changed from time to time
Security violations leading to data loss or a risk to end users shall be reported to the affected end users without delay.
Attacks on the system which require amendment to the security policy or implementation will be notified to file hosting and list administrators.
Planned outages will be notified to the file hosting and list administrators at least a week in advance. They should decide whether to notify their end users.
As much notice as possible will be given of unplanned outages to the file hosting and list administrators. They should decide whether to notify end users.
Good practice in UNIX security will be followed by the owner having regard to RFC2196 and the NSA Guide for the secure configuration of Red Hat Linux 5 http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf with adjustments for this being essentially a single host and the restrictions imposed by the virtual server environment in which it is hosted.
A technical file will be prepared documenting departures from the NSA standard and the reasons for them which will be available to parties with a legitimate interest on request.

Unix Account Security Policies

Access to UNIX accounts will be granted for specific purposes
Access to UNIX accounts is limited to the purpose for which they were set up as notified in the welcome message.
Users will be notified of the password and the purposes for which their account can be used at the same time
Users should not keep the username, server address and password recorded in the same way in the same place.
All logins will be recorded along with the time and remote IP address
The operating system keeps a history of recent shell commands
UNIX users may upload only content relevant to the purpose for which their account is issued, which is lawful to publish in the UK, and which will not create issues of privacy or consent if made available to the internet as a whole.
UNIX users are prohibited from accessing, or attempting to access, other users' data.
UNIX Users are responsible for what they upload.
The owner reserves the right to suspend or remove any UNIX shell or FTP account without notice if any security risk or legal risk is suspected, and to delete any content presenting such risk.

Mailing List Security Policies

Mailing List administrators shall have personal web logins to ensure an audit trail for changes to the MailMan configuration and user base
Users should not keep the username, server address and password recorded in the same way in the same place.
All access to the MailMan configuration is logged
An archive is kept of all messages sent through MailMan
All E-Mail addresses registered in MailMan are the private property of the end users and must not be published outside the list membership.
Protection of E-Mail addresses or lists downloaded from the server is the responsibility of the list administrator. Use of password protected files or storage in locked furniture is advised.
Mailing List Administrators are prohibited from accessing, or attempting to access, other users or list's data and messages
Mailing list administrators are responsible for placing abusive users on moderation, preventing the posting of inappropriate, illegal, or abusive messages through their lists
Mailing list administrators must notify the system owner immediately if any configuration changes are needed to maintain the security of their lists and if any end user is banned or suspected of illegal use of the service.
Mailing list administrators are solely responsible for adding new users to their list. All known means of self subscription by end users have been blocked.
Mailing list administrators are expected to be the first point of contact for their members in case of technical problems.
Mailing list administrators are requested to get agreement from the owner before passing his personal contact details to end users.

File / Web hosting Security Policies

Access to FTP accounts will be granted for specific purposes
Access to FTP accounts is limited to the purpose for which they were set up as notified in the welcome message.
Users will be notified of the password and the purposes for which their account can be used at the same time
Users should not keep the username, server address and password recorded in the same way in the same place.
All logins will be recorded along with the time and remote IP address
All FTP file transfers will be recorded
FTP users will be prohibited from interactive (shell) login
FTP users may upload only content relevant to the purpose for which their account is issued, which is lawful to publish in the UK, and which will not create issues of privacy or consent if made available to the internet as a whole.
FTP users are prohibited from accessing, or attempting to access, other users' data.
FTP Users are responsible for what they upload.
The owner reserves the right to suspend or remove any UNIX shell or FTP account without notice if any security risk or legal risk is suspected, and to delete any content presenting such risk.

End User Security Policies

End users must not:

Share any usernames, passwords or password-protected URLs for moffatig.com
Upload or send anything that is:
- Unlawful to publish in the UK
- Abusive or threatening in any way
- An actual or potential copyright violation in UK law
- Another person's personal data without their consent
- Likely to be considered as advertising or "SPAM" by other users
to or through moffatig.com services
Attempt to bypass the security policies of the moffatig.com system
Forward emails received through a list @ moffatig.com to people who are not list members
Distribute files downloaded from a non-public website or file hosting service on moffatig.com to anyone who is not already authorised to download those files themselves

Any user in violation of this policy can expect their account to be suspended or deleted without warning.

End users are advised not to post personal data beyond that necessary for the correct operation of the system to or through moffatig.com servers. Currently this is limited to e-mail addresses for most users.

End users are advised to consider before posting or uploading anything that it will be available to everyone in the list or file hosting community to which they have subscribed, and may be distributed by email or download to personal computers operated by any or all of them. Do not expect that, once posted, it can ever be completely deleted or traced. Any personal financial data found on the system will be removed immediately by the system owner. I don't store my card numbers here and I certainly would not recommend that anyone else does so !

Privacy Policies

All access to authenticated web services, FTP, and shell accounts is logged including the username and remote IP address
All FTP file transfers are logged including the file, username and remote IP address
All web page accesses and errors are logged including remote IP address
All e-mail transactions are logged and all list messages are archived
The UNIX, FTP, MAIL and WEB logs can be read by the owner and unix shell users
The Mailing list archives and membership list can be read by the server owner and by the administrators of that list only.
Uploaded files can be read by the server owner and full UNIX users in addition to the FTP account owner who uploaded them.
Event notifications (such as trusted IP registration and logins) are notified by the system to a private e-mail address of the owner and may be used as evidence in case of any civil or criminal proceedings
System log files are copied to a remote file storage service and may be used as evidence in case of any civil or criminal proceedings
Logs will in general be retained as long as disk space permits with a minimum of at least 6 months.
Data subjects may request access to their data on the system from the owner by sending a stamped, self addressed envelope or an e-mail to
.
There will be no charge for the first request in each calendar year. Subsequent requests will be charged at the maximum rate permitted by UK law.
The owner has access, as unix 'root' or super-user to all data stored on the moffatig.com servers. The owner undertakes to maintain confidentiality of all data on the system to the greatest extent possible under English Law. This means that any reasonable request for access to data or logs by a competent authority will be accepted once they have proved that they are legally entitled to it. Otherwise data is only available to the data subject or those to whom the data subject has provided the data for the uses it was provided for (in the context of this system, this is to permit the management and operation of e-mail lists and file hosting only).
The owner undertakes not to use data from the web and file services in ways that he is not authorised to do as an end user of these services.