Posted by Beat Rubischon on Thursday June 26, @04:39PM
| Secure transmission of data
from the ssh-ssl-tls dept.
Every time you get mail, access to files, login remote on a Linux workstation or access to a password protected website, your login and password is sent to the server. Read on what could happen and how to protect yourself.
Services used over the internet are usually reached over several gatways
(called router) who decide on witch way your data should go. All those
machines "see" your login and password. As long as every gateway is managed
by reliable persons, this is not a problem. If one of those machines is
hacked, your login / password may be sniffed and used to access to your data
or misuse your computer without any problems.
Inside the network of ETHZ, all critical points are handled by the central IT-Support and mostly secure.
But when you access to those services from outside, you don't know who is
listening to your communication. To protect you from being sniffed, we offer
most of our services with an encrypted alterative.
Our mailserver offers several protocols and common mailclients are able to handle
those protocols encrypted. Usually you just need to activate an option
called SSL or TLS. See our How to use
email for instructions how to configure your mailclient. Users of Mozilla or Netscape 6.x and 7.x, Netscape 4.x or Outlook should
import our Root Certificate to stop the annoying popup
boxes about unknown certificates. Users of Eudora shold follow the
instructions How to enable SSL in Eudora to get a
secure access to our server.
Services like webmail and account information are also
protected by SSL. You should see a closed lock in the lower right corner of
your browser and a URL starting with https. All our servers use
selfsinged certificates and you should import our Root
Certificate to stop annoying popups. See instructions for Mozilla or Netscape 6.x and 7.x,
Netscape 4.x and Internet
Explorer. Users of Internet Explorer for Macintosh (MacOS 9.x and MacOS
X) are not able to import the certificates and needs to accept each new
connection to one of our secure servers.
One of the big andvantages of Linux, BSD and UNIX is
the possibility to work over the network. For a long time, telnet was the
option to do that. Several cases are known, where users of our envirement
were sniffed during a telnet session and those passwords were misused to get
access to one of our computers. The solution is ssh, a simple to use
encrypted shell access. On a typical Linux, BSD, UNIX or MacOS X workstation
you shuld be able to find the command ssh, for Windows and classic
MacOS you could download Clients in our files section. Putty is for Windows, Niftytelnet for
ssh is able to do a lot more then just giving you a shell on a remote
machine - but this is a story for another article :-)
For a long time, ftp was the protocol to
transfer files across the internet. There are several secure alternatives
for ssh - each one has advantages and disadvantages. For Windows-users, VPN
and mapping a network drive
is a secure and convenient way to access to your files. MacOS X users could
install Fugu and use
sftp (a part of ssh) to one of our workstations.
Linux, BSD, UNIX and MacOS X users could use sftp on a command line
and access to one of our workstations.
Several graphical interfaces exists (like gFTP as a frontend to sftp). Expierienced
users will be happy of using scp, a command line tool out of