Security Information
Secure Shell:
Keep in mind that programs like telnet, rlogin, rsh, ftp, pop servers, etc
are not very secure. When you type in your password it is sent
in the clear over the network and is therefore very easy for
someone to collect. From now on these services will NOT be
enabled unless there is no other practical solution. All
of the functions can be provided with secure shell (ssh, slogin,
scp, etc) which encrypts not only the password but the entire
session. It's often more convenient too, since it can be set up so
that logins do not require the user to type a password (i.e. like rlogin
with a .rhosts file but with added security due to improved host
authentication). Another benefit is that it automatically sets up
X11 forwarding via an encrypted pipe, so you can do secure remote X displays
without any effort. There are ssh clients available for most operating
systems though it may have to be purchased for MS Windows/NT or
Mac OS. Further information on ssh can be found in this
FAQ
or on the home page.
It is available for free for unix systems. For those
running Redhat Linux at home, get the most recent rpm
here.
Note: For those lab users who run Windows at home, there is
a free SSH client for Windows 95. It may require compilation of
the crytography library (I did the compilation myself, but I believe that
the library may be available pre-compiled). If you are intersted,
there is an ftp site where you can pickup the code
and executables
here.
Other info:
The lab is isolated from outside world by our ethernet switch
so if a machine is collecting packets outside the lab (packet sniffer)
it cannot see traffic within the lab. However if any of the lab
machines are compromised then passwords could be collected if people
are using the insecure clients (ftp, telnet, rlogin, etc) which
actually happened in the recent breakin.
In general the security strategy is to be as secure as possible
without preventing our users from working effectively, detect
breakin attempts early, and maintain excellent backups so
recovery is possible in the event of a future problem (the backup
system was already in place and is working fine). Initially,
there may be problems connecting from remote sites
so if you have trouble send email to help@code.ucsd.edu.
Welcome
· Projects
· People
· Papers
· Calendar
· Links
· Internal
© 1997 Information Coding Laboratory
Send comments to www@code.ucsd.edu
Last Updated: $Date: 1998/03/07 20:43:27 $
![[Information Coding Laboratory]](../../Images/Logo_Small.gif){kind=logo}
