Virus & Security Information
Secure Email, Telnet and FTP
On July 11, ITSS eliminated off-campus access to our major servers for non-secure login access and file transfer programs (telnet, ftp, rsh, rcp, etc.). The major servers involved are our login and web servers, including ub and bulldog (general access servers), www (our main web server), and several special purpose web servers. During the next few months, ITSS will also eliminate all non-secure email access. To continue to use your telnet, ftp and email services, you must change to secure login access.
Using SSL for secure login
Non-secure access involves the transmission of clear text passwords. This means that when you log into your e-mail, FTP or Telnet, your password is not encrypted when it is sent to the server. If a password is not encrypted, it can be viewed by anyone spying on the network. This poses a security risk to your account. By default, e-mail programs and some FTP and Telnet programs do not encrypt your password.
For secure access, you can use an ecyption protocol called SSL (Secure Sockets Layer) with these programs. SSL encrypts your password before sending it over the network, giving your program additional security. Most e-mail programs and some FTP and Telnet clients have SSL settings that you can simply enable (turn on); UMD's WebMail is secure by default. If your email, FTP or Telnet program does not have SSL settings, you will need to upgrade to a newer version or use a different program.
How to set up SSL for email
| Windows | Macintosh | |
|---|---|---|
| WebMail: Already SSL compliant - no changes needed | WebMail: Already SSL compliant - no changes needed |
Secure clients for telnet and ftp
The clients below are the recommended secure clients for telnet and ftp.
| Windows | Macintosh | |
|---|---|---|
| FTP | WinSCP | Fetch |
| Telnet | Putty |