Security Alert: Removal of Services using
Cleartext
Network programs such as telnet, ftp, and common e-mail protocols transfer
data across the network unencrypted (in the clear) on the network and are
therefore exposed to programs capable of capturing traffic as it flows from
one device to another. Exposing accounts, passwords, and data in this
manner not only makes our systems vulnerable, it puts the University at risk
of violating federal privacy regulations. As a result,
effective August 1, 2005, OIT will no longer provide telnet or ftp services
on any of the following public systems: WAM, Glue, and Deans.>
Effective
October 3, 2005, OIT will no longer provide non-secure e-mail (imap and pop)
services on any of the following public systems: WAM,
Glue, Deans and Mail@umd.
Replacing telnet
The remote terminal capabilities of the telnet program are replaced
by ssh, which is available on all major computing platforms
at no cost. ssh, short for "secure shell,"
encrypts all data transmitted on the network.
OIT provides ssh client programs for the following
platforms as well as a web SSH gateway:
An ssh client is also available on WAM, Glue, and Deans
by simply typing ssh (in lieu of telnet) at the shell prompt.
Replacing ftp
The file transfer capabilities of ftp have been replaced by
sftp(secure file transfer) and scp (secure
copy) clients. OIT provides sftp and scp
client programs at the following URLs:
Secure file transfer clients are also available on WAM, Glue, and Deans
by simply typing sftp and scp (in lieu of
ftp) at the shell prompt.
Securing e-mail
If you are using an e-mail client program such as Outlook or Netscape to
access your e-mail, you may need to modify your configuration to use a secure,
encrypted version of the IMAP or POP protocol, either of which allows you
connect to one of OIT's public e-mail systems. Instructions provided at the
following URLs will take you step-by-step through the process:
If you read your e-mail using a web browser, your e-mail is already
encrypted and no changes are necessary.
OIT announces an SSH gateway on the web.
The SSH gateway allows you to make an SSH connection through the World
Wide Web. This means that you do not have to install an SSH client
program to make a terminal connection to WAM, Glue, or Deans.
Note that the SSH Gateway requires a WAM or Glue login. You can connect to either service via either login.
This service works from any machine that has a web browser that can run Java Applets, including most internet cafes. You can start an SSH connection by clicking on a link. This service provides the same level of data security as a regular SSH client program.
The SSH gateway uses Java applet technology to provide the secure connection. Some operating systems do not have Java installed by default. This page contains a test applet to check whether your system has a functioning Java virtual machine. Below, you should see the phrase "Java Virtual Machine is OK. It may take a moment for the applet code to load and run, and you may receive a security warning. These conditions are normal. If you see the phrase "No Java Virtual Machine Found" it means that you must install Java in order to use the SSH gateway. You can find Java for Microsoft Windows systems at this link on java.com. Java for other operating systems is available at java.sun.com.
From here you can go directly to the:
.
|
