Kerberized Telnet Keeps Your Userid and Password Secure Teresa MacRae, Network Services Susan B. Jones, Publication Services Computer security is a growing concern at MIT. In the recent past, security breaches have been posed from within and outside the Institute. Among the breachers are snoopers who use "packet sniffing" tools, which are widely available and impossible to detect. These tools let snoopers capture userids, passwords, and other data transmitted across a network. Snoopers can then gain unauthorized access to accounts and files on the Internet. If you use telnet to log onto remote hosts, you should be concerned about protecting your username, password, and sensitive data. The usual telnet commands transmit all of these items "in the clear" (without protection). Taking Protective Measures To protect your userid and password when you telnet, use a program with Kerberos authentication (i.e., Kerberized telnet). This proves to a remote host that you really are you, without sending your password. Use Kerberized telnet whenever possible; that is, when both client and server support Kerberos authentication. If your telnet software has encryption options (see table below), you should also encrypt sensitive data before it traverses the network. (Encryption implementations use a draft version of standards set by the Internet Engineering Task Force, and may need to be updated as new standards emerge.) Telnet client software that can kerberize and encrypt is available for Macintosh and UNIX. A DOS/Windows client application is being developed. NCSA Telnet for Macintosh For secure telneting from a Macintosh, use NCSA Telnet 2.6. Copy the files Kclient1.1b1 and ncsa-telnet 2.6 to your computer in one of the following ways: * By anonymous ftp to the server net-dist.mit.edu in the directory /pub/mac/ncsa-telnet * From TechInfo, via the path Computing->Network Software Distribution (net-dist)->mac->ncsa-telnet * From the AppleShare zone IS-DCNS, on the server net-dist. Log on as a Guest, and double-click on the folder /pub/mac/ncsa-telnet. Also get the IS publication, NCSA Telnet 2.6: A Quick Guide to Installing and Using Telnet 2.6 on a Macintosh (NS-35); call x3-5150 to request a copy. On Athena To Kerberize and encrypt your telnet session from Athena, use the "telnet -safe hostname" command. You must be running release 7.7 of Athena and be telneting to a machine that has Kerberos and encryption capabilities. If you use UNIX on a non-Athena workstation, look in /mit/telnet/README.athena to see if any client is available for your operating system. More in the Months Ahead In the future, this column will cover the encryption program, Pretty Good Privacy (PGP), digital signatures, and other ways to secure your data. If you have questions about computer security, call the Network Help Desk at x3-4101 . ------------------------------------------------------------------------ Telnet Applications By Platform ############################### Platform Client Kerberos Encryption =================================================================== Athena telnet yes yes Other Unix telnet yes yes Macintosh MacIP no no (old MIT Standard) NCSA telnet yes yes DOS/Windows LAN Workplace no no IBM TCP/IP no no OS/2 IBM TCP/IP no no VMS Multinet telnet yes no VM/CMS telnet (tn3270) no no .