[i/s Home] [Distribution] [Search] [Back Issues] [Publications] [Feedback]


 

i/s Back Issues

Volume 15

No. 2   November/December 1999

Protect Network Transmissions with Secure Connection Tools

Susan B. Jones

If you use telnet or tn3270 programs to log onto remote hosts, you should be concerned about protecting your password and sensitive data. The usual telnet commands transmit these items in the clear. To protect your password, use a telnet program that has Kerberos authentication (i.e., Kerberized telnet). Authentication proves to a remote host that you really are you, without sending your password over the network. In addition to protecting your password, Kerberized telnet lets you encrypt the data you send during a session.

The Kerberized telnet programs that IS recommends are Better Telnet and HostExplorer, for Macintosh and Windows, respectively.

Kerberized tn3270 is a special version of telnet that enables Macintoshes to connect to IBM mainframes--such as mitvma/c. HostExplorer includes a secure tn3270 connection.

Note: A Kerberized telnet session is secure only when both the client and server support Kerberos authentication. Athena, mitvma/c, and mitsis are all Kerberized. If you telnet to other ma- chines, check with the system administrator to find out whether the server supports Kerberos.

Better Telnet for Macintosh
Information Systems is replacing NCSA Telnet with Better Telnet from Sassy Software. Better Telnet is based on NCSA Telnet 2.7b5 from the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign. This new release runs on Macintoshes with Ethernet or with PPP dial-up connections such as MIT's Tether. Better Telnet is as easy to install and use as NCSA Telnet, and includes new features and bug fixes for greater stability. And it is free.

HostExplorer for Windows
For several years, IS has distributed a beta version of HostExplorer. A new version, 6.0.2, is now available to MIT community members at no charge. This customized MIT version includes preset profiles for connecting to mitvma/c, mitsis, Athena, and net-dist (IS's anonymous software distribution server).

Downloads
To learn more about HostExplorer, Better Telnet, and Kerberized telnet in general, go to http://web.mit.edu/ist/help/ktelnet/

By following links from this site, you can also download the software.

Additional Security Measures
While Kerberized telnet can ensure that your password and data are not compromised in telnet sessions, there can be security risks when you send your password or data over the network via File Transfer Protocol (FTP) or email.

If you connect via nonsecure FTP to a machine that requires a password, your password travels over the network in the clear. However, for Macintosh users, Dartmouth College now offers a Kerberized version of Fetch, its free FTP application. To find out more, see http://web.mit.edu/ist/help/ftp/

A Kerberized FTP solution is not yet available for Windows; however, an interim solution uses a HostExplorer connection and Kermit. For details, see
http://web.mit.edu/cwis/faq/kermit.html

Eudora uses Kerberos authentication to protect your password. However, if you use a non-secure FTP application and email and have the same username and password for both, your email password can be compromised through your use of FTP. (Even if you use Kerberized applications, it is still important to choose good passwords, change them often, and never write them down.)

In addition, any data you send via email is sent in the clear. The best way to protect data against network eavesdropping is encryption. MIT has a license to distribute the encryption program Pretty Good Privacy (PGP). You can download clients for Macintosh, Windows, and Unix at http://web.mit.edu/network/pgp.html

Questions?
If you have questions about Better Telnet, HostExplorer, or Kerberized FTP, get in touch with the Computing Help Desk. For contact information, see the Getting Help chart.


i/s Home |  i/s Back Issues |  Volume 15 |  No. 2