Skip to content Accesskey=4Skip to sub-navigation Accesskey=3View our Accessibility Options MIT Information Services and Technology Home About IS&T Contact IS&T Site Map Search Advanced Search
Getting StartedGetting Services by Topic or Alphabetically Getting Help

On This Page

Overview

Why Use Kerberized FTP?

Obtain Kerberized FTP

Other Options
Related Links

Secure File Transfer at MIT

 

Kerberized File Transfer Protocol (FTP) at MIT

Overview

Kerberized FTP programs are file transfer programs that run on Windows and Macintosh computers with Ethernet or PPP dial-up connections such as MIT's Tether. Kerberized FTP provides secure authentication of your FTP sessions without passing your Kerberos password in the clear across the Internet.

When you are not protected intruders can gain unauthorized access to files and accounts on MITnet and the Internet by intercepting a cleartext userID and password. With this userID/password pair, an intruder can log in to various machines and wreak havoc. Sending your password over the network in the clear is a grave security risk.

You can avoid this kind of theft by using secure FTP, whenever possible. It is important to remember that both client and server must be running Kerberos in order for the connection to be secure (most servers at MIT are Kerberized, contact your server administrator if you are not certain).

Why Use Kerberized FTP?

Computer security is a concern at MIT. Security breaches have been posed from within and outside the Institute. Among the breaches are snoopers who use "packet sniffing" tools, which are widely available and impossible to detect. These tools let snoopers capture userids, passwords, and other data transmitted across a network. Snoopers can then gain unauthorized access to accounts and files on the Internet.

If you use FTP to move files between computers, for instance to move HTML files from your desktop computer to Athena for publication on the Web, you should be concerned about protecting your username and password. Insecure FTP applications transmit these items "in the clear" (without protection).

To protect your userid and password when you FTP, use a program, such as Fetch, with Kerberos authentication (i.e., Kerberized FTP). This proves to a remote host that you really are you, without sending your password.

 

[Back to top]

Obtain Kerberized FTP

 

[Back to top]

Other Options

For more information about using secure file transfer programs at MIT, including options for using the SSH (secure shell) protocol as an alternative to Kerberos, see Secure File Transfer at MIT.

[Back to top]

 
MIT Home | Getting Started | Getting Services | Getting Help | About IS&T | Accessibility
Ask a technology question or send a comment about this web page.