PowerPoint Format
Upcoming SlideShare
Loading in...5

PowerPoint Format






Total Views
Slideshare-icon Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    PowerPoint Format PowerPoint Format Presentation Transcript

    • Secure Services A user support perspective Frank J. Reda Director, Distributed Computing Support Rutgers University Computing Services – New Brunswick
    • Agenda
      • Description of secure services
      • RUCS-NB implementation
      • Recommended clients
      • Impact on our end users
    • What are secure services?
      • We’ll start by looking at “insecure” services, concentrating on two specific aspects:
        • Passwords
        • Encryption of data
    • What are secure services?
      • The network as we know it today was built around services that offered little or no default security:
        • Telnet
        • FTP (file transfer protocol)
        • Email
        • Web browsers
    • What are secure services?
      • In many cases, passwords were required to access services over the network.
      • With no default encryption of passwords, compromise was always a risk.
      • Once an intruder had your password, they had access to all of the services that accepted that password.
    • Why are secure services important?
      • Most online systems incorporate some kind of password based access. If passwords are easily compromised, systems may be easily compromised.
      • Most people assume their password is secure when it is transmitted across the network, not realizing that it is possible for others to gain access to it.
    • Why are secure services important?
      • Rutgers is moving in the direction of using NetID (username/password) as the main source for authentication to university applications.
      • If you use your NetID to access insecure services, and thus risk compromising your password, you may also be compromising the integrity of other University systems.
    • Why are secure services important?
      • Certain government regulations require the security of sensitive data. Unencrypted data traveling over a network can be snooped. As snooping gets easier, this becomes a bigger issue.
      • In some cases, inadequate protection and custodial care of data may lead to legal action.
    • Why are secure services important?
      • The level of technical savvy is increasing. There are sources on the web that teach you how to snoop.
      • Access to “snooping” tools is increasing.
      • Previously, snooping involved getting physical access to a network connection. With wireless networking, you can snoop a network without getting anywhere near the physical network components.
    • Exploits Associated with Weak Security
      • Password exploits expose systems to intrusion that appears to be from valid users.
      • Intrusion involves unauthorized access to the network or the data traveling on the network.
      • Programs exist to capture data streams, and reconstruct communications.
      • The services we’re implementing seek to minimize these risks.
    • What will the secure services implementation accomplish?
      • Encryption of passwords
      • Encrypted data channels
      • The potential for stronger password security
      • Minimize risks associated with intrusion / snooping
      Post-It © Username: reda Password: hockeypuck
    • RUCS – NB Implementation
      • Secure services, in the RUCS-NB context, refers to a set of services that will be available solely via encrypted channels.
      • The implementation calls for decommissioning of “insecure” communications channels.
      • The implementation of secure services concentrates on:
        • Telnet clients
        • FTP clients ( and web authoring tools using FTP )
        • Email clients
        • X clients
    • RUCS – NB Implementation
      • As of July 1, 2003, the Rutgers New Brunswick campus will begin turning off access to selected insecure versions of these services.
      • By August 15, 2003, all access to telnet, FTP and email on RUCS systems in New Brunswick will require secure communications capabilities.
      • The discontinuation of “insecure” services is being done over 6 weeks to minimize the support impact.
    • RUCS – NB Implementation
      • As of March 1, 2003, RUCS-NB began a campaign to communicate with and educate the end user population regarding the upcoming changes.
      • Response to the announcements has been minimal
        • Maybe no one is listening?
        • Maybe they don’t understand the impact?
        • Maybe they’re waiting for things to break?
    • RUCS – NB Implementation
      • In February, RUCS-NB announced the changes to Apple, PC and Unix administrator groups
      • Unit Computing Specialists were also notified of the likely implications of the upcoming changes
      • Reaction from the technical staff was mostly positive
    • Implications for End Users
      • Effective August 15, 2003 insecure versions of the following tools will no longer work:
        • Telnet
        • FTP
        • Email
      • Current clients will probably not work
      • Reconfiguration of existing clients may be necessary
      • Acquisition and installation of new software may be necessary
    • Implications for End Users
      • Old comfortable tools may not work any more
      • Things will look different
      • Procedures may be slightly different
    • Implications for UCS’s
      • UCS’s received advance notification of the changes
      • Proactive UCS’s should see minimal impact when “insecure” services are turned off
      • Peripheral systems (those not directly supported by UCS’s) may not be kept up to date
      • Support call volume should rise/fall at an inverse rate to the effort expended in anticipation of the transition process
    • So, what changes?
    • Recommended Clients – Windows
      • SSH Clients
        • SSH Corp. $L
        • Putty
      • FTP Clients
        • SSH Corp. (text / graphical)
        • Putty
        • WinSCP (graphical)
      • Email
        • Microsoft Outlook 2000 – XP $$
        • Microsoft Outlook Express
        • Netscape Communicator 4.7 & up
        • (Very) Limited support for Eudora / Pegasus Mail
    • Recommended Clients – Macintosh
      • SSH
        • Mac SSH (OS 8, 9)
        • Terminal (OS X)
      • FTP
        • Fugu (OS X)
        • SFTP (OS X)
        • SCP (OS X)
        • Terminal (OS X)
        • Mac SFTP (OS 8, 9, X) $$
      • Email
        • Entourage (OS 8, 9, X) $$
        • Netscape Communicator 4.7 (OS 8, 9)
        • Netscape Communicator 7 (OS X)
        • Mail App (OS X)
    • Recommended Clients – Linux
      • Open SSH
      • SFTP and SCP
      • Netscape Communicator
    • Recommended Procedures – X11
      • Procedures on SSH X11 forwarding are available on our Secure Services website.
    • Web Editors
      • Some web editors use FTP to publish web pages:
        • Netscape Composer
        • Macromedia Dreamweaver
        • Microsoft FrontPage
        • Adobe GoLive!
      • These applications do not currently support secure FTP mechanisms
    • Web Editors
      • There are products that allow users to mount (what look like) local drives/folders using secure FTP mechanisms.
      • We recommend:
        • WebDrive ( $L ) for Windows users
        • Interarchy ( $$ ) for Macintosh users
      • Using these products, developers can publish to local designations of FTP directories.
    • Documentation
      • RUCS-NB has authored web pages to announce the service changes and to make available necessary clients.
      • RUCS-NB has authored how-to documentation to guide users through the process of transitioning client software to secure services.
    • Documentation
      • All updated documentation related to this effort is available at:
        • http://www.nbcs.rutgers.edu/secure-services.php3
      • Sample documentation and recent versions of the client software is available on the CD we’ll be handing out.
      • Additional supporting documentation is available at:
        • http://mssg.rutgers.edu/software/
    • Secure Services CD
      • Please note that the CD contains software licensed to Rutgers University.
      • If you are attending from outside the University, you are welcome to view the CD, but we kindly ask that you do not install the licensed software.
    • Training
      • The main thrust of our training effort was in the documentation area
        • UCS’s were notified of the coming changes and directed to the documentation for guidance
        • Documentation was written for end users
      • The tools themselves don’t change, just the settings.
      • Help Desk staff have been apprised of necessary information related to the transition and will guide users through the documentation, escalating unresolved issues to senior staff
    • Communication Plans
      • Targeted email communications
        • March 1
        • April 1
        • May 1
        • June 2
      • Announcement on top level University web pages in June
      • Paper mailings
    • Summary
      • RUCS-NB is moving to secure services to reduce the risk of password compromise and increase data security.
      • Such a move represents a significant event for users.
      • Documenting necessary changes to user applications is no small task
    • Summary
      • Communication regarding the change is critical to success
        • Enlist the assistance of “allies”
        • Communicate to the masses
      • Train your support staff
        • In your organization
        • In affected areas
    • Questions ?