Security on Astronomy Computer Systems
Security on Astronomy computer systems is rapidly changing for the
better. A number of new security features are now implemented on
many platforms:
- Please report any security problem, including any suspicous
activity, IMMEDIATELY to the System Manager at
sysman@sbast3.ess.sunysb.edu
- Restricted connections. All public machines currently
restrict connections in a number of ways. Virtually all of
the public machines do not allow telnet or
ftp connections into
the machines as well as eliminating rsh, rcp, rwho, etc.
connections into the machines. Both telnet and
ftp employ unencrypted password technologies that allow
passwords to be intercepted by sniffers. The rsh, etc
utilities employ a *very* insecure means of authentication that
allows almost anyone to break in.
- All connections to these machines must be done through the
secure shell (SSH) protocol. All of these
machines (with the exception of pandora which will be upgraded soon)
employ the SSH-1 protocol for connections that employs public-key
encryption technology. For more information on the SSH standard click
here. Please note that this
encryption technology is subject to US export control restrictions.
However, the source code for SSH can be obtained via ftp from the
Helsinki University of Technology at ftp://ftp.cs.hut.fi/pub/ssh.
- If you are interested in installing SSH
on your home machine here is some info on ssh
that you may find helpful for both Linux and Windows platforms.
- finger connections are disallowed. The less
information hackers can get the better off we are.
- There will be no anonymous ftp service. Files can be exported
in a more secure fashion through the web server.
- All .rhosts files will automatically be deleted
from accounts on public machines. These severely compromise security
and we have no chooice but to remove them.
- The SSH-2 protocol will soon be implemented on all machines.
The really good news about this is that SSH-2 will support a secure
form of ftp.