Access change, September 20, 2000:
"r" commands restricted from remote hosts
In compliance with NCAR/UCAR Computer Security Advisory Committee (CSAC)
policies and recommendations, "r" commands invoked from outside the UCAR
security perimeter will no longer operate on systems inside the UCAR
security perimeter.
What is changing
Users or scripts on remote hosts will not be able to invoke "r"
commands (rcp, rsh, rlogin) to systems inside the UCAR security
perimeter after August 1, 2000. This change is necessary to close a
security vulnerability for UCAR systems.
Users or scripts on internal UCAR systems can still invoke "r"
commands to other systems, either outside or inside the UCAR security
perimeter.
It does not matter which way data are being moved, the critical factor
is where the "r" command is invoked.
To log in to, or to transfer files to or from internal UCAR systems from
outside the security perimeter, you must either log in to an exposed
UCAR system or use SSH.
SSH (secure shell) is a set of commands enabling secure logon,
file transfer, and X Window clients. SCD offers a document,
Getting Started with SSH at NCAR,
that provides information about using SSH.
What is not changing
- Any operations occurring completely inside the UCAR security perimeter
- Any operations invoked on a system inside the UCAR security perimeter
- FTP or Telnet file transfers to or from external systems
- SSH to or from internal systems
For more information
The viewgraphs for a presentation on this topic by the NCAR/UCAR
Computer Security Advisory Committee Chair are on the web:
User Access Changes.
As always, if you have any questions or problems, please contact the
SCD Consulting Office by sending email to
consult1@ucar.edu or by calling
303-497-1278.
Previous GOTCHAs!
Maintained by:
consult1@ncar.ucar.edu
Comments & suggestions welcomed.