For the World is hollow and the Grid is open – Thoughts about OpenSim Security

When talking about OpenSim- and Hypergrid-security I believe several aspects have to be taken into account it is not enough to secure the server and leave the Hypergrid door wide open or vice versa.

On the local side basically all average grid owners can do, is to take basic measures like a firewall and ensuring their system is up to date. It would be advisable though to go a step beyond the usual and use programs like portsentry or fail2ban to thwart and block the casual hacker. If you really have a determined and knowledgable hacker there is not really much you can do to keep him or her out.

However security measures have to start even before you buy or install a server! Before renting or buying a server people should stop a moment and think about what they want to do and even more important what they can do. If you do not have much experience with running a server it is not advisable to get yourself an unmanaged server (root server). Sure it is often cheaper, but the consequences of a hacked server considering the loss of data and perhaps the financial repercussions can be much more expensive.The choice which operating system to use should also not be underestimated. I personally do not think much of a Windows server and about using it as a webserver, I think Linux is much better in this area. But as I said that is my personal opinion. The average user will find a windows server much easier to maintain, with all the consequences ….

The next step to think about is, what do I really want to do with that server? Instead of installing whatever comes to your mind, install what is necessary (must have) and not what might be interesting to try out (nice to have). If you want to try out stuff get yourself a seperate server, do not do it on your production server.

Once you have your server make sure you either disable the login for your root account or give some serious thought to password security. You would be amazed what passowrds some people use… Nearly every day I bet reports from my servers about people trying to brute force their way into my system by trying to guess users and passowrds. Think about what ports do you really need open and close the rest with a firewall.

Another thing people like to forget are backups …. Once the catastrophy has struck you will be grateful if you can recover at least some of the data.

You see there are a lot of things that come into play when it comes to server security, and if you search the web you will find thousands of articles about that topic.

As for security in OpenSim…. Difficult …. For once OpenSim is still alpha grade software and thus prone to undiscovered security holes. I have every respect of the people who program OpenSim and I do believe they are doing their best to keep it as safe as possible but the sourcecode of OpenSim has become so long that I think we will always see one or the other security flaw.

The biggest problem we are currently facing and will continue to face in the future is hypergrid security. Just a few days ago I read that Fleepgrid and others have been griefed. And. I do not think it was because Fleep does not know what she is doing (I think she knows her stuff) but because atm Hypergrid is too open. The new HG2 concept written by Diva will do a lot to mitigate the problem. But we still have a lot of work to do before HG is really safe. Now do not get me wrong! Since I learned to use the HG I am big fan and enjoy travelling the grid.

While a blacklist might be a good way in a closed environment I do not think it will be very effective with an open structure like the hypergrid. It is way too easy to set up a hg-connected world, create an avatar there and cause havoc across the grid. Once that world gets banned, rent/hack a new server, setup a new world, create a new avatar, and start spreading chaos ….

For a blacklist to work we need something like a trusted Grid-list, a white list of grids that can be trusted to do at least basic user checks. I am awawre that this would in a way close the currently open hg philosophy, but it is in my opinion the only way.

My proposal would be to implement something like a trust list in os and add controls to either allow only visitors from worlds You trust, visitors from worlds on a central trust list, or visitors from everywhere. Always with the option of rejecting users/IPs on an additional blacklist. You could also combine option one and two. This approach would give gridowners the flexibility to choose the level of security and openess they require or want.

2 thoughts on “For the World is hollow and the Grid is open – Thoughts about OpenSim Security

  1. Setting up a whole new world — that’s a lot of work for a griefer. Sure, it’s doable, but are most going to bother?

    In general, griefing-wise, a hypergrid visitor can’t do anything that a local resident can’t do — less, given that the latest version of OpenSim allows you to limit what outside visitors can do.

    Okay, on my grid, Hyperica, the griefer wouldn’t have been able to do anything if hypergrid was turned off, because the only people who have user accounts are those that I’ve added manually. (I.e. my staff and business partner.) But then, the whole point of the grid — to serve as a public hyperport — would have been moot!

    HG2 will add additional content protection measures, but it won’t do anything to help a grid if someone creates self-replicating prims on a region that allows builds.

    The standard advice applies there:

    * Only allow public building on isolated sandboxes
    * If groups are available, use them to manage building rights
    * If groups are not available, use the new Access Controls — more info here: https://lists.berlios.de/pipermail/opensim-dev/2012-March/011046.html

    And backup, backup, backup!

Leave a Comment