Secure Credential Initiative
- Do you use FTP to transfer files to the University network from off campus?
- Do you telnet into campus on a regular basis?
- Do you map network drives using SAMBA from an off campus machine or through the wireless network?
- Do you use Mozilla or Netscape Messenger for viewing your email off campus?
- Have you even heard of LDAP or REXEC?
All of the applications above (FTP, telnet, SAMBA, email clients, REXEC, LDAP) have one very important connection: they all transmit credential information--usernames and passwords--in clear text form. That is, your password is not encrypted before it is sent over the network. This constitutes a very serious threat to the integrity of the network in general and to your personal data in particular. If your credential information is somehow stolen, then an impostor can literally steal all of your data and cause other mischief on the network, all the while posing as YOU!
IT is committed to providing a safe and secure network for all customers. Applications that transmit clear text passwords are a severe security risk. Note that this pertains to all insecure protocols attempting to access the data center to protect University credentials.
IT does not directly support the following inbound applications for our off-campus and wireless customers:
- IMAP / POP3 -- email protocols used by Mozilla and other email clients. These email clients often use "unsecure" IMAP by default. However, it is a very simple procedure to check a box within the application that will enable "secure" IMAP (see the secure alternatives below).
- Telnet -- gateway into UNIX operating system
- FTP -- file transfer protocol used to move files from off-campus to
on-campus and vice-versa
- SAMBA -- maps network drives to local machine
- AppleTalk -- Mac version of SAMBA, used for the same purpose
- REXEC -- old UNIX remote command execution already disabled on campus
- LDAP -- directory service lookup utility
Users on campus will still be able to utilize all of the applications above freely.
Off-campus users who wish to use the services above will be required to use a secure alternative. If you would like assistance with downloading/installing any of the secure alternatives below, please contact the Help Desk at 573-341-4357 (HELP).
|IMAP / POP3||Ensure that the email client (Mozilla, Netscape Messenger, etc.) is configured to use SSL encryption to transmit data|
|Telnet||Windows (PuTTY), Mac, Linux, or VPN connection|
|FTP||SFTP, WinSCP (Windows), Cyberduck (MacOS X) or VPN connection|
|SAMBA||Samba is no longer supported by IT. Instead, customers should create a VPN connection and map drives to the desired Network File Storage location.|
|AppleTalk||VPN connection for Mac|
|REXEC||Mostly disabled on the network, may be able to use PuTTY X-tunneling|
Off campus users who initiate a Virtual Private Network (VPN) connection will be able to use their normal applications because VPN "tunnels" inside the campus firewall and the user is, for all intents and purposes, afforded the same protection as an on campus user.
IT customers are also encouraged to engage in safe password usage. Guidelines for passwords are located here.
The password changing utility is located here.
If you have any questions or comments regarding IT's Secure Credential Initiative, please contact the IT Help Desk at 573-341-4357 (HELP) or submit a Help Desk Ticket . Help Desk technicians can also assist in installing and configuring secure alternatives to the unsecure applications.