J A N U A R Y 2 0 0 0
Subscription Information

Computing News Back Issues

Computer Security

Computing Infrastructure Support (CIS)

CIS Services

Computing Standards

Software Downloads

Y2K Info

CIS Computer
Help Desk

CIS Help
Request Form

Unix Services
ISS
IMAP4
Calendaring


Lab Switching to SSH for More Secure Network Connections — Brown Bag on
Feb. 15

Lab employees who use the "telnet" application to fill out their electronic timecards in LETS will need to switch to a new application, known as SSH, by April 15. The switch is part of the Lab's efforts to increase cyber-security.

Because telnet doesn't encrypt information before sending it over the network, Lab employees are possibly exposing their passwords to outside hackers who can "sniff" network traffic looking for vulnerabilities to exploit. Obtaining an employee password offers one possible tool for cyber-breaking and entering.

Unlike telnet, SSH (for Secure Shell), encrypts network data communications end-to-end and is now being adopted as the Lab standard. The Lab has purchased a site-wide license for F-Secure SSH, a commercial version of the application. As of Saturday, April 15, access to the ux10 server will be allowed only by employees using SSH and telnet will be turned off.

To help employees get up to speed on SSH and how to use it, the Computing Infrastructure Support Department is holding a brown-bag session on SSH at noon Tuesday, Feb. 15, in the Bldg. 50 auditorium. All interested employees are invited. You can also click here to learn more about SSH from the Lab's Computer Protection Program's web site. The Lab's computer support Help Desk at X4357 can also provide assistance.

The most common task affected by the change is logging into the ux10 server by employees to record their time in the LETS system. Beginning on Tuesday, Feb. 15, the LETS login will also be simplified. Once opening a connection to the ux10 server, employees will use "lets" as both a user name and login to gain access to LETS.

"In order to enter their time using LETS, employees will need to install and learn how to use SSH," said Andy Kutner, the systems manager responsible for the LETS timekeeping server.

While SSH does require some initial setup and some understanding of how it works, the extra effort is well worth it and will significantly reduce the chance that your data and computers will be tampered with. Installation on a PC or Macintosh is simple, Kutner said, and many UNIX workstations are probably already running the application.

In addition to automatically encrypting all data exchanged between the two computers during the entire login session, SSH can provide much stronger "authentication," so it is more difficult for a hacker to gain access to your account by impersonating you from another computer. Telnet doesn't offer this protection.
Return to Computing News