Security Alert: Removal of Services using
Cleartext
Network programs such as telnet, ftp, and common e-mail protocols transfer
data across the network unencrypted (in the clear) on the network and are
therefore exposed to programs capable of capturing traffic as it flows from
one device to another. Exposing accounts, passwords, and data in this
manner not only makes our systems vulnerable, it puts the University at risk
of violating federal privacy regulations. As a result,
effective August 1, 2005, OIT will no longer provide telnet or ftp services
on any of the following public systems: WAM, Glue, and Deans.>
Effective
October 3, 2005, OIT will no longer provide non-secure e-mail (imap and pop)
services on any of the following public systems: WAM,
Glue, Deans and Mail@umd.
Replacing telnet
The remote terminal capabilities of the telnet program are replaced
by ssh, which is available on all major computing platforms
at no cost. ssh, short for "secure shell,"
encrypts all data transmitted on the network.
OIT provides ssh client programs for the following
platforms as well as a web SSH gateway:
An ssh client is also available on WAM, Glue, and Deans
by simply typing ssh (in lieu of telnet) at the shell prompt.
Replacing ftp
The file transfer capabilities of ftp have been replaced by
sftp(secure file transfer) and scp (secure
copy) clients. OIT provides sftp and scp
client programs at the following URLs:
Secure file transfer clients are also available on WAM, Glue, and Deans
by simply typing sftp and scp (in lieu of
ftp) at the shell prompt.
Securing e-mail
If you are using an e-mail client program such as Outlook or Netscape to
access your e-mail, you may need to modify your configuration to use a secure,
encrypted version of the IMAP or POP protocol, either of which allows you
connect to one of OIT's public e-mail systems. Instructions provided at the
following URLs will take you step-by-step through the process:
If you read your e-mail using a web browser, your e-mail is already
encrypted and no changes are necessary.
OIT announces an SSH gateway on the web.
The SSH gateway allows you to make an SSH connection through the World
Wide Web. This means that you do not have to install an SSH client
program to make a terminal connection to WAM, Glue, or Deans.
Note that the SSH Gateway requires a WAM or Glue login. You can connect to either service via either login.
This service works from any machine that has a web browser that can run Java Applets, including most internet cafes. You can start an SSH connection by clicking on a link. This service provides the same level of data security as a regular SSH client program.
The SSH gateway uses Java applet technology to provide the secure connection. Some operating systems do not have Java installed by default. This page contains a test applet to check whether your system has a functioning Java virtual machine. Below, you should see the phrase "Java Virtual Machine is OK. It may take a moment for the applet code to load and run, and you may receive a security warning. These conditions are normal. If you see the phrase "No Java Virtual Machine Found" it means that you must install Java in order to use the SSH gateway. You can find Java for Microsoft Windows systems at this link on java.com. Java for other operating systems is available at java.sun.com.
From here you can go directly to the:
.
Configuring the Terminal program in Mac OS 10.3 and 10.4 |
Configuring the Terminal program in Mac OS 10.5
Configuring the Terminal program in Mac OS 10.3 and 10.4 for
TerpConnect and
Deans
For the Terminal program in Mac OS 10.3 and 10.4 to function properly while
you are connected to TerpConnect or Deans you must first configure the
client.
- Launch the Terminal program. Click the Terminal menu
and select Preferences....
- A Terminal Preferences window will open. Select the radio
button next to the Execute this command (specify complete path):
field.
- In the Execute this command (specify complete path): field,
type: /bin/tcsh.
- Select vt100 from the drop-down menu next to the Declare
terminal type ($TERM) as: field.
- Close the Terminal Preferences window.
- Click the Terminal menu and select Quit Terminal.
- Re-launch the Terminal program. You will now be able to
properly connect to TerpConnect or Deans.
For information about how to connect to TerpConnect using SSH, see
Use SSH with Terminal.
Configuring the Terminal program in Mac OS 10.5 for TerpConnect
and Deans
For the Terminal program in Mac OS 10.5 to function properly while you
are connected to TerpConnect or Deans you must first configure the
client.
- Launch the Terminal program. Click the
Terminal menu and select Preferences....
- A Terminal Preferences window will open.
Click on the Startup icon.
- Select the command (complete path): radio
button and type:
/bin/tcsh in the field.
- Click on the Settings icon.
- Select vt100 from the drop-down menu next to the Declare terminal as: field.
- Close the Terminal Preferences window.
- Click the Terminal menu and select Quit Terminal.
- Re-launch the Terminal program. You will now be able to
properly connect to TerpConnect or Deans.
For information about how to connect to TerpConnect using SSH, see Use SSH with Terminal.
Used with SSH, the Terminal application in Mac OS X provides a
secure interface for connecting to remote system such as
TerpConnect.
To connect to TerpConnect, you need to configure the
Terminal
application. For information about this, see Configure the Mac OS X
Terminal Application.
To begin using Terminal with SSH:
Double-click the Terminal icon to launch the application.
Terminal is located in the Utilities folders in the
Applications folder.
A Terminal window will appear with a command prompt.
At the prompt, type in ssh
your-login-name@terpconnect.umd.edu.
You will be prompted to type in your Directory
password.
Once you successfully login, a TerpConnect command
prompt will appear.
|
