If you have
ever connected to Osprey or the campus network through Telnet,
you are sending your password in the clear to every relay
point between you and its destination. This means that almost
anyone in between using certain programs can eavesdrop on
your session and steal your password. Once someone has stolen
your username and password, they can impersonate you on the
network. That means they could access anything that your username
and password could, including your email account.
The scenario described might sound uncommon, but it happens.
The only reason allowing this identity theft to occur is the
lack of user awareness about Internet security. Hopefully
after reading this article, you will be aware of the danger
of Telnet and why the University is transitioning away from
it.
Enter SSH
When you connect to any computer on the Internet with Telnet,
you send your username and password in plain text - that is,
unencrypted. To prevent a malicious person from stealing,
or "sniffing", your information, encryption is required.
Telnet does not support encryption but there are other programs
that do. The most popular alternative to Telnet is called
SSH or Secure SHell. SSH works by encrypting your commands
before sending them across the Internet, thereby preventing
anyone from simply reading your information. A program using
SSH looks and feels the same as Telnet, but you have the piece-of-mind
that your connection is secure.
To start using SSH encryption, you need to download a program
that supports it. On campus, there is a client from SSH available
for University machines, which is also installed in the General
Purpose computer labs. For other Windows users, there are
several programs such as PuTTY and SSH. Macintosh users may
be interested in Nifty Telnet, while Linux users may want
to try Open SSH. See the references below for all the URL's.
Once you have downloaded and installed one of those programs,
you need to configure it for use with the campus network.
Instructions for using SSH with Osprey are online at www.unf.edu/dept/its/manuals/ssh_telnet.pdf.
Alternatives to Telnet
Return to SECURITY |
