![[i/s Home]](/is/isnews/pictures/ishome.gif){kind=small}
![[Distribution]](/is/isnews/pictures/distribution.gif){kind=small}
![[Search]](/is/isnews/pictures/search.gif){kind=small}
![[Back Issues]](/is/isnews/pictures/backissues-selected.gif){kind=small}
![[Publications]](/is/isnews/pictures/publications.gif){kind=small}
![[Feedback]](/is/isnews/pictures/feedback.gif){kind=small}
 |
i/s Back IssuesVolume 12
No. 6 Use Kerberized Telnet When Logging onto Remote HostsJoanne Costello If you use telnet or tn3270 programs to log onto remote hosts, you should be concerned about protecting your pass- word and sensitive data. The usual telnet commands transmit these items in the clear. To protect your password, use a telnet program that has Kerberos authentication (i.e., Kerberized telnet). Authentication proves to a remote host that you really are you, without sending your password over the network. A Kerberized telnet session is secure only when both the client and server support Kerberos authentication. MITVMA/C, EREQ, and Athena are all Kerberized. If you telnet to other machines, check with the system administrator to find out whether the server supports Kerberos. In addition to protecting your password, Kerberized telnet lets you encrypt the data you send during a session. HostExplorer for Windows Telnet clients have been available for UNIX (telnet on Athena) and Macintosh (NCSA Telnet) for some time. Now there's Kerberized telnet for Windows. MIT recently signed a site license with Hummingbird Communications Ltd. for HostExplorer, which includes telnet and tn3270. Tn3270 provides secure access to MITVMA/C over MITnet. HostExplorer is available to MIT community members at no charge. To learn more about HostExplorer, NCSA Telnet, and Kerberized telnet in general, go to http://web.mit.edu/ist/help/ktelnet You can also download the software from this site. Additional Security Measures While Kerberized telnet can ensure that your password and data are not compromised in telnet sessions, there are security risks when you send your password or data over the network via FTP (File Transfer Protocol) or email. There is no standard for Kerberized FTP. If you connect via FTP to a machine that requires a password, your password travels over the network in the clear. Eudora and TechMail use Kerberos authentication, so your password can't be compromised when you use one of these email programs. However, if you use both FTP and email and have the same username and password for both, then your email password can be compromised through your use of FTP. For these reasons, it's important that you choose good passwords, change them often, and never write them down. In addition, any data you send via FTP or email are sent in the clear. The best way to protect data against network eavesdropping is encryption. MIT has a license to distribute the encryption program Pretty Good Privacy (PGP). You can download clients for Macintosh, DOS/Windows, and UNIX at http://web.mit.edu/network/pgp.html Questions? If you have questions about Kerberized telnet or computer security, send email to <net-security@mit.edu>. i/s Home | i/s Back Issues | Volume 12 | No. 6 |
July/August 1997