♦ Password
♦ Mailsetup
♦ Info
♦ Workstations
  ♣ Linux
  ♣ MacOS
♦ E-Mail
♦ Chat
♦ Files
♦ Backups
♦ Printers
♦ Network
♦ Statistics
♦ Downloads
♦ Links
♦ Newsletter
♦ Submit
♦ Search
♦ Linux

  Secure transmission of data
Tip of the week Posted by Beat Rubischon on Thursday June 26, @04:39PM
from the ssh-ssl-tls dept.
Every time you get mail, access to files, login remote on a Linux workstation or access to a password protected website, your login and password is sent to the server. Read on what could happen and how to protect yourself.

Services used over the internet are usually reached over several gatways (called router) who decide on witch way your data should go. All those machines "see" your login and password. As long as every gateway is managed by reliable persons, this is not a problem. If one of those machines is hacked, your login / password may be sniffed and used to access to your data or misuse your computer without any problems.

Inside the network of ETHZ, all critical points are handled by the central IT-Support and mostly secure. But when you access to those services from outside, you don't know who is listening to your communication. To protect you from being sniffed, we offer most of our services with an encrypted alterative.

Our mailserver offers several protocols and common mailclients are able to handle those protocols encrypted. Usually you just need to activate an option called SSL or TLS. See our How to use email for instructions how to configure your mailclient. Users of Mozilla or Netscape 6.x and 7.x, Netscape 4.x or Outlook should import our Root Certificate to stop the annoying popup boxes about unknown certificates. Users of Eudora shold follow the instructions How to enable SSL in Eudora to get a secure access to our server.

Services like webmail and account information are also protected by SSL. You should see a closed lock in the lower right corner of your browser and a URL starting with https. All our servers use selfsinged certificates and you should import our Root Certificate to stop annoying popups. See instructions for Mozilla or Netscape 6.x and 7.x, Netscape 4.x and Internet Explorer. Users of Internet Explorer for Macintosh (MacOS 9.x and MacOS X) are not able to import the certificates and needs to accept each new connection to one of our secure servers.

Remote login
One of the big andvantages of Linux, BSD and UNIX is the possibility to work over the network. For a long time, telnet was the option to do that. Several cases are known, where users of our envirement were sniffed during a telnet session and those passwords were misused to get access to one of our computers. The solution is ssh, a simple to use encrypted shell access. On a typical Linux, BSD, UNIX or MacOS X workstation you shuld be able to find the command ssh, for Windows and classic MacOS you could download Clients in our files section. Putty is for Windows, Niftytelnet for classic MacOS.

ssh is able to do a lot more then just giving you a shell on a remote machine - but this is a story for another article :-)

For a long time, ftp was the protocol to transfer files across the internet. There are several secure alternatives for ssh - each one has advantages and disadvantages. For Windows-users, VPN and mapping a network drive is a secure and convenient way to access to your files. MacOS X users could install Fugu and use sftp (a part of ssh) to one of our workstations. Linux, BSD, UNIX and MacOS X users could use sftp on a command line and access to one of our workstations. Several graphical interfaces exists (like gFTP as a frontend to sftp). Expierienced users will be happy of using scp, a command line tool out of ssh.

<  |  >


  Related Links
  • Articles on Tip of the week
  • Also by Beat Rubischon
  • Contact author
  • The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    © 2003 ISG, Departement Physik, ETH Zürich, <>