Latest Hosting Posts
As OpenSim develops, we're seeing more and more options for securing access and content.
Before we get in to that, though, a quick overview for those who might not already be familiar with "the grid."
"The Grid" or "Hypergrid" is, basically, an open source virtual world that exists within the Internet. You've heard of Second Life, right? Second Life is a great example of the Hypergrid: users can build entire "worlds" and then other "grid" users are able to access that world through their own computers (or not, depending on the world creator's preferences). It's like a big MMPORG only anybody can create an account and build a world of their own within the system.
Another good way to think of it is a network of networks that exists online and are managed through a central hub that allows everybody access to it, which is why security is so important.
Here are five possible security setups that could be right for your grid.
1. Keep Everything Behind Firewalls
If you're a part of a company who absolutely, positively does not want any outsiders on the grid, consider running it on computers that aren't connected to the public Internet.
A really determined hacker might still be able to get in through a combination of traditional computer hacking, social engineering, or physically breaking into your house or computer facility.
That's a lot of effort to go to for copies of next week's lesson plans or next season's virtual fashions, but if your company uses OpenSim for mission-critical simulations and military equipment modeling, then the hackers might well be willing to go that extra mile.
For most applications, however, simply keeping the entire OpenSim installation and all of its users behind a firewall is good enough.
That means that all content and users are within the company, school or home network, and outsiders aren't able to get in.
That only leaves the question of how much you trust your local users. Can your students, colleagues or family members be relied on to keep your content safe? Probably not, but that's more of a human relations issue than a technological one.
Also, though this should go without saying, keep hypergrid connectivity turned off and ports closed. Otherwise, outsiders can simply teleport in, bypassing your locks, security guards, and firewalls. There are security solutions for virtual environments that will set up these types of protection for you as well as maintaining your web reputation.
2. Restrict Account Creation
Say you have a grid, either on your network or hosted externally, and you want to give access to a few outsiders. Your contract employees, for example, or your book club.
That doesn't mean you have to have the grid wide open to everyone.
If you are running the Diva Distro, Sim-on-a-Stick, or New World Studio -- or any other distribution of OpenSim based on the Diva Distro -- you have the ability to control account creation. Read more about it in the Diva Distro Wifi wiki.
For example, you could set it up so that users can create their own accounts, but you have to activate them manually in order for the new users to be able to log in.
Or you could simply create the accounts for the people you want to have access and turn off the Wifi account creation interface entirely.
And, as before, keep hypergrid turned off so that only people with accounts can log in.
3. Allow Unrestricted Logins but No Hypergrid
This is the option chosen by most commercial social grids.
Anybody can create an account but users are only allowed to export items they themselves have created.
In addition, teleports in and out to other grids via hypergrid are disabled; so users can't take content to less restrictive grids.
This doesn't prevent users from logging in with copybot viewers, however, and since anyone can create an account and log in, there is no way to keep these malicious outsiders from getting access.
4. Restrict Access or Building Rights
Another option for school, company, and personal grids is to allow access only to members of a particular group. That allows grid residents to travel to other grids via hypergrid teleport, but prevents outsiders from teleporting in.
The latest version of OpenSim has out-of-the-box support for groups, and that includes hypergrid-enabled groups with members from other grids.
Groups can also be used to allow building for some users. With careful configuration, a grid can be set up so that some areas are set aside for trusted users and other areas are open to the public.
This isn't perfect security and a hacker can still break in and steal content (I'm not going to go into detail as to how.). But for some use cases, it may be a reasonable level of security.
5. Disable Exports
The latest release of OpenSim also supports export permissions. This is a fourth permission setting to go with copy, modify, and transfer.
It requires an updated viewer to show what the permission setting is, since older viewers only show the three standard permissions.
Using an updated viewer, like Singularity, creators can change the export permission setting on their content so that it is allowed to leave the grid.
Creators who don't want their co