 |
 |
||
 |
||
 |
||
|
|
|
|
Why should I use ENCRYPTION Every time you use unencrypted telnet or ftp to log into a machine, you send your username and password in the clear through every machine between you and your target. Frequently, a machine will be compromised by a hacker and a "packet sniffer" program will be set up on that machine, which allows the hacker to record every username and password that passes through. Every few weeks, MIT's network security group finds a packet sniffer on a compromised machine, and a dozen or so valid usernames and passwords, which are changed to prevent the hacker from accessing the account; the users whose passwords have been changed then have to come to the User Accounts office with a picture ID in order to set new passwords. The less lucky users are the ones who *don't* learn that their password has been sniffed until a hacker removes all their files in order to make room for his IRC ping-bot program, and need to have their files restored from the most recent backup. Encrypted telnet and ssh programs are avilable from MIT for both Mac and PC - see http://web.mit.edu/software for links. For additional informaiton about SSH, including instructions on how to use it, see as well http://web.mit.edu/acs/FAQ/remote_access/ssh.html |
