PowerPoint Format


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

PowerPoint Format

  1. 1. Secure Services A user support perspective Frank J. Reda Director, Distributed Computing Support Rutgers University Computing Services – New Brunswick
  2. 2. Agenda <ul><li>Description of secure services </li></ul><ul><li>RUCS-NB implementation </li></ul><ul><li>Recommended clients </li></ul><ul><li>Impact on our end users </li></ul>
  3. 3. What are secure services? <ul><li>We’ll start by looking at “insecure” services, concentrating on two specific aspects: </li></ul><ul><ul><li>Passwords </li></ul></ul><ul><ul><li>Encryption of data </li></ul></ul>
  4. 4. What are secure services? <ul><li>The network as we know it today was built around services that offered little or no default security: </li></ul><ul><ul><li>Telnet </li></ul></ul><ul><ul><li>FTP (file transfer protocol) </li></ul></ul><ul><ul><li>Email </li></ul></ul><ul><ul><li>Web browsers </li></ul></ul>
  5. 5. What are secure services? <ul><li>In many cases, passwords were required to access services over the network. </li></ul><ul><li>With no default encryption of passwords, compromise was always a risk. </li></ul><ul><li>Once an intruder had your password, they had access to all of the services that accepted that password. </li></ul>
  6. 6. Why are secure services important? <ul><li>Most online systems incorporate some kind of password based access. If passwords are easily compromised, systems may be easily compromised. </li></ul><ul><li>Most people assume their password is secure when it is transmitted across the network, not realizing that it is possible for others to gain access to it. </li></ul>
  7. 7. Why are secure services important? <ul><li>Rutgers is moving in the direction of using NetID (username/password) as the main source for authentication to university applications. </li></ul><ul><li>If you use your NetID to access insecure services, and thus risk compromising your password, you may also be compromising the integrity of other University systems. </li></ul>
  8. 8. Why are secure services important? <ul><li>Certain government regulations require the security of sensitive data. Unencrypted data traveling over a network can be snooped. As snooping gets easier, this becomes a bigger issue. </li></ul><ul><li>In some cases, inadequate protection and custodial care of data may lead to legal action. </li></ul>
  9. 9. Why are secure services important? <ul><li>The level of technical savvy is increasing. There are sources on the web that teach you how to snoop. </li></ul><ul><li>Access to “snooping” tools is increasing. </li></ul><ul><li>Previously, snooping involved getting physical access to a network connection. With wireless networking, you can snoop a network without getting anywhere near the physical network components. </li></ul>
  10. 10. Exploits Associated with Weak Security <ul><li>Password exploits expose systems to intrusion that appears to be from valid users. </li></ul><ul><li>Intrusion involves unauthorized access to the network or the data traveling on the network. </li></ul><ul><li>Programs exist to capture data streams, and reconstruct communications. </li></ul><ul><li>The services we’re implementing seek to minimize these risks. </li></ul>
  11. 11. What will the secure services implementation accomplish? <ul><li>Encryption of passwords </li></ul><ul><li>Encrypted data channels </li></ul><ul><li>The potential for stronger password security </li></ul><ul><li>Minimize risks associated with intrusion / snooping </li></ul>Post-It © Username: reda Password: hockeypuck
  12. 12. RUCS – NB Implementation <ul><li>Secure services, in the RUCS-NB context, refers to a set of services that will be available solely via encrypted channels. </li></ul><ul><li>The implementation calls for decommissioning of “insecure” communications channels. </li></ul><ul><li>The implementation of secure services concentrates on: </li></ul><ul><ul><li>Telnet clients </li></ul></ul><ul><ul><li>FTP clients ( and web authoring tools using FTP ) </li></ul></ul><ul><ul><li>Email clients </li></ul></ul><ul><ul><li>X clients </li></ul></ul>
  13. 13. RUCS – NB Implementation <ul><li>As of July 1, 2003, the Rutgers New Brunswick campus will begin turning off access to selected insecure versions of these services. </li></ul><ul><li>By August 15, 2003, all access to telnet, FTP and email on RUCS systems in New Brunswick will require secure communications capabilities. </li></ul><ul><li>The discontinuation of “insecure” services is being done over 6 weeks to minimize the support impact. </li></ul>
  14. 14. RUCS – NB Implementation <ul><li>As of March 1, 2003, RUCS-NB began a campaign to communicate with and educate the end user population regarding the upcoming changes. </li></ul><ul><li>Response to the announcements has been minimal </li></ul><ul><ul><li>Maybe no one is listening? </li></ul></ul><ul><ul><li>Maybe they don’t understand the impact? </li></ul></ul><ul><ul><li>Maybe they’re waiting for things to break? </li></ul></ul>
  15. 15. RUCS – NB Implementation <ul><li>In February, RUCS-NB announced the changes to Apple, PC and Unix administrator groups </li></ul><ul><li>Unit Computing Specialists were also notified of the likely implications of the upcoming changes </li></ul><ul><li>Reaction from the technical staff was mostly positive </li></ul>
  16. 16. Implications for End Users <ul><li>Effective August 15, 2003 insecure versions of the following tools will no longer work: </li></ul><ul><ul><li>Telnet </li></ul></ul><ul><ul><li>FTP </li></ul></ul><ul><ul><li>Email </li></ul></ul><ul><li>Current clients will probably not work </li></ul><ul><li>Reconfiguration of existing clients may be necessary </li></ul><ul><li>Acquisition and installation of new software may be necessary </li></ul>
  17. 17. Implications for End Users <ul><li>Old comfortable tools may not work any more </li></ul><ul><li>Things will look different </li></ul><ul><li>Procedures may be slightly different </li></ul>
  18. 18. Implications for UCS’s <ul><li>UCS’s received advance notification of the changes </li></ul><ul><li>Proactive UCS’s should see minimal impact when “insecure” services are turned off </li></ul><ul><li>Peripheral systems (those not directly supported by UCS’s) may not be kept up to date </li></ul><ul><li>Support call volume should rise/fall at an inverse rate to the effort expended in anticipation of the transition process </li></ul>
  19. 19. So, what changes?
  20. 20. Recommended Clients – Windows <ul><li>SSH Clients </li></ul><ul><ul><li>SSH Corp. $L </li></ul></ul><ul><ul><li>Putty </li></ul></ul><ul><li>FTP Clients </li></ul><ul><ul><li>SSH Corp. (text / graphical) </li></ul></ul><ul><ul><li>Putty </li></ul></ul><ul><ul><li>WinSCP (graphical) </li></ul></ul><ul><li>Email </li></ul><ul><ul><li>Microsoft Outlook 2000 – XP $$ </li></ul></ul><ul><ul><li>Microsoft Outlook Express </li></ul></ul><ul><ul><li>Netscape Communicator 4.7 & up </li></ul></ul><ul><ul><li>(Very) Limited support for Eudora / Pegasus Mail </li></ul></ul>
  21. 21. Recommended Clients – Macintosh <ul><li>SSH </li></ul><ul><ul><li>Mac SSH (OS 8, 9) </li></ul></ul><ul><ul><li>Terminal (OS X) </li></ul></ul><ul><li>FTP </li></ul><ul><ul><li>Fugu (OS X) </li></ul></ul><ul><ul><li>SFTP (OS X) </li></ul></ul><ul><ul><li>SCP (OS X) </li></ul></ul><ul><ul><li>Terminal (OS X) </li></ul></ul><ul><ul><li>Mac SFTP (OS 8, 9, X) $$ </li></ul></ul><ul><li>Email </li></ul><ul><ul><li>Entourage (OS 8, 9, X) $$ </li></ul></ul><ul><ul><li>Netscape Communicator 4.7 (OS 8, 9) </li></ul></ul><ul><ul><li>Netscape Communicator 7 (OS X) </li></ul></ul><ul><ul><li>Mail App (OS X) </li></ul></ul>
  22. 22. Recommended Clients – Linux <ul><li>Open SSH </li></ul><ul><li>SFTP and SCP </li></ul><ul><li>Netscape Communicator </li></ul>
  23. 23. Recommended Procedures – X11 <ul><li>Procedures on SSH X11 forwarding are available on our Secure Services website. </li></ul>
  24. 24. Web Editors <ul><li>Some web editors use FTP to publish web pages: </li></ul><ul><ul><li>Netscape Composer </li></ul></ul><ul><ul><li>Macromedia Dreamweaver </li></ul></ul><ul><ul><li>Microsoft FrontPage </li></ul></ul><ul><ul><li>Adobe GoLive! </li></ul></ul><ul><li>These applications do not currently support secure FTP mechanisms </li></ul>
  25. 25. Web Editors <ul><li>There are products that allow users to mount (what look like) local drives/folders using secure FTP mechanisms. </li></ul><ul><li>We recommend: </li></ul><ul><ul><li>WebDrive ( $L ) for Windows users </li></ul></ul><ul><ul><li>Interarchy ( $$ ) for Macintosh users </li></ul></ul><ul><li>Using these products, developers can publish to local designations of FTP directories. </li></ul>
  26. 26. Documentation <ul><li>RUCS-NB has authored web pages to announce the service changes and to make available necessary clients. </li></ul><ul><li>RUCS-NB has authored how-to documentation to guide users through the process of transitioning client software to secure services. </li></ul>
  27. 27. Documentation <ul><li>All updated documentation related to this effort is available at: </li></ul><ul><ul><li>http://www.nbcs.rutgers.edu/secure-services.php3 </li></ul></ul><ul><li>Sample documentation and recent versions of the client software is available on the CD we’ll be handing out. </li></ul><ul><li>Additional supporting documentation is available at: </li></ul><ul><ul><li>http://mssg.rutgers.edu/software/ </li></ul></ul>
  28. 28. Secure Services CD <ul><li>Please note that the CD contains software licensed to Rutgers University. </li></ul><ul><li>If you are attending from outside the University, you are welcome to view the CD, but we kindly ask that you do not install the licensed software. </li></ul>
  29. 29. Training <ul><li>The main thrust of our training effort was in the documentation area </li></ul><ul><ul><li>UCS’s were notified of the coming changes and directed to the documentation for guidance </li></ul></ul><ul><ul><li>Documentation was written for end users </li></ul></ul><ul><li>The tools themselves don’t change, just the settings. </li></ul><ul><li>Help Desk staff have been apprised of necessary information related to the transition and will guide users through the documentation, escalating unresolved issues to senior staff </li></ul>
  30. 30. Communication Plans <ul><li>Targeted email communications </li></ul><ul><ul><li>March 1 </li></ul></ul><ul><ul><li>April 1 </li></ul></ul><ul><ul><li>May 1 </li></ul></ul><ul><ul><li>June 2 </li></ul></ul><ul><li>Announcement on top level University web pages in June </li></ul><ul><li>Paper mailings </li></ul>
  31. 31. Summary <ul><li>RUCS-NB is moving to secure services to reduce the risk of password compromise and increase data security. </li></ul><ul><li>Such a move represents a significant event for users. </li></ul><ul><li>Documenting necessary changes to user applications is no small task </li></ul>
  32. 32. Summary <ul><li>Communication regarding the change is critical to success </li></ul><ul><ul><li>Enlist the assistance of “allies” </li></ul></ul><ul><ul><li>Communicate to the masses </li></ul></ul><ul><li>Train your support staff </li></ul><ul><ul><li>In your organization </li></ul></ul><ul><ul><li>In affected areas </li></ul></ul>
  33. 33. Questions ?