Some cluster users may have data that is classified as sensitive (e.g. data from dbGaP). Extra care should be taken with this data to prevent unauthorized access.
Specific security requirements for your data may vary depending on the source of the data. The cluster does satisfy some of the standard requirements…
The cluster may not conform to some best practices…
It is your responsibility to ensure that your sensitive data is adequately protected (the system administrators can't determine which data are sensitive): but you can let the administrators know about specific needs and get help with making sure that the data are secure.
One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption “at rest”.) This encryption protects against the server being stolen, or being improperly disposed of (with the disks and data intact) at some point in the future. The backup volumes to which the data on /home1 and /home6 are copied are also encrypted.
If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to an encrypted volume.
The /scratch volume is not backed up, but is encrypted.
If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data, or the data files themselves are not world readable.
For example:
chmod o-rwx sensitive_directory
will stop general users of the cluster accessing files in “sensitive_directory”.