|People | Departments | Search UMD|
Tightening Network Security: Restrictions to Telnet and FTP
As our national and international data networks become more and more important in our daily work, it becomes increasingly important to improve security. One way to do this is to insist that information flowing between external networks and the UMD network be encrypted before transmission. ITSS is preparing to tighten security on two important transmission protocols, Telnet and FTP.
The Telnet protocol is used to allow a remote user to log into a networked server. Some examples of programs that use the Telnet protocol are QVTnet and NCSA Telnet. The file transfer protocol (FTP) is used to move data files from one computer system to another. Some examples of programs that use FTP are Dreamweaver, WinFTP, and Fetch.
When data is being transferred over networks, there are increasing risks that hackers will use special programs called "sniffers" to capture data and read it. Both Telnet and FTP require the user to authenticate, which sends the user name and password over the network. So not only is the transmitted data itself at risk, but a hacker may use a captured password to gain unauthorized access to computer systems and data.
To tighten security, we must adopt methods that ensure all data is converted from its readable, plain text form, to an unreadable, encrypted form, before transmission. These methods include decryption at the receiving end to transform it back to readable form. Because we know that the UMD network has additional security built in, we will focus first on data coming from external networks.
UMD ITSS is preparing to block unencrypted transmissions from external networks using Telnet and FTP protocols. This is determined by the IP address you are assigned, which depends on what access you use. For example, those using a computer on campus or dialing in through the ITSS modem pool are on the UMD network. Charter or other ISP providers are outside of the UMD network. Businesses or other universities, including the other campuses of the University of Minnesota, are outside of the UMD network.
There are several solutions you can use if you wish to transmit data using Telnet or FTP from outside of the UMD network to a system on the UMD network.
1) VPN (Virtual Private Network) software creates a secure connection between your personal computer and the UMD network. This option is the only one that supports such packages as DreamWeaver, which use a built-in FTP protocol.
2) Upgrade or switch to an SSL-based Telnet or FTP program.
3) Purchase an SSL based product. Commercial products offer fancier features and better graphical user interfaces.
More information on these options is available on the Virus and Security Information home page.
We are planning to shut off access to UMD from external networks via Telnet and FTP in December or January. This is the first of several articles you will see on this subject. We invite comments on both the process and the timeline. Please send comments to Dan Burrows at email@example.com.
Did you find what you were looking for?
NO ©2003 Regents of the University of Minnesota. All rights reserved.
The University of Minnesota is an equal opportunity educator and employer.
Last modified on 10/02/02
Contact ITSS |