Go to SCD News table of contents

Go to UCAR home pageGo to NCAR home pageGo to SCD home pageGo to SCD News home pageGo to SCD internal pagesGo to SCD News home pageGo to Features archiveGo to News archiveGo to Tips archiveGo to Updates archive SCD News > News item: July 31, 2001

Security perimeter tightens

Escalation of break-in attempts forces tighter access restrictions

hacker

 

 

Note: After reading this article, please see this update: New connection method improves user connections to UCAR host computers.

Attempts to gain unauthorized access to UCAR computing systems have been increasing. Some of these attempts have succeeded. Each time a security breach is discovered, systems staff must search for damage, repair any damage found, and rebuild all system software to eliminate any possible system compromise or corruption.

In addition to being a significant hazard to all users' computational work, this situation has become an unacceptable drain on system administration resources. SCD staff have been closely monitoring and actively preventing unauthorized access attempts since before the UCAR security perimeter was established in 1998. In cooperation with the UCAR Computer Security Advisory Committee (CSAC), we have identified the greatest risk for breakins: valid usernames and passwords that are intercepted during transmission, then used to create an authenticated connection to a system within the security perimeter.

The best way to minimize this vulnerability is to encrypt all transmissions of usernames and passwords from external systems. Therefore, CSAC has implemented a cleartext password ban. You are affected by this change if you log in to a UCAR computer, or if you use FTP, Telnet, or IRJE to transfer files. Note that this change has no impact on access to websites at UCAR, NCAR, or SCD.

Secure Shell (SSH) is now required on both local and remote systems

As of 1 August 2001, all inbound, authenticated connections to most UCAR systems must use Secure Shell technology. SSH encrypts transmissions between remote computers and secure computers. SCD has installed SSH on all its systems except the Crays.

To do remote computing on secure UCAR systems, you must now have SSH software on your local computer. Your SSH client must be compatible with the SSH software on UCAR systems. The SCD document How to Use Secure SHell (SSH): End-to-End Encryption to Access SCD Supercomputers provides instructions for obtaining a compatible SSH client for your local computer if you do not already have it. If you need to use SSH, you should read the entire document and follow its recommendations.

SCD also provides instructions for using SSH at NCAR: Getting started with SSH at NCAR.

An SCD News item, Encryption required for SCD access beginning 1 August 2001, has been available since June 2001 to notify everyone about this access change. Notices have also been posted in SCD's Daily Bulletin.

After reading the documents recommended here, you may have questions about how this change affects you. If you have trouble implementing SSH on your local system, you may contact the SCD Consulting Office at consult1@ucar.edu or 303-497-1278 for further assistance.

SCD News   ||  UCAR  ||  NCAR   ||   SCD   ||   Contact us   ||  Search
NCAR is managed by UCAR and sponsored by the National Science Foundation