gbtnews #10
01 May 2002
====================

Since the NRAO Computer Security Policy was issued two years ago, the
NRAO has made a number of changes that have greatly reduced our risk
of a serious break-in. Following the lead of other organizations such
as NOAO, Jodrell Bank, and the Chandra X-ray telescope data center,
we plan to block all connections from non-NRAO networks which use
telnet, rlogin, rsh, and rcp into NRAO systems. These protocols
send sensitive information, such as account passwords, as plain text
over the network, which makes it vulnerable to monitoring anywhere
in between.

The change will take effect July 1, 2002.

Instead of these commands, if you need to connect to NRAO systems,
please use the Secure Shell, which encrypts the information exchanged
between computers. Other NRAO services such as Web and anonymous ftp
will not be affected.

For more information, including suggested Secure Shell programs
available for UNIX, Windows, and MacOS, please see recent issues of
the NRAO Newsletter at http://www.nrao.edu/news/newsletters .

If you have any questions or concerns about this change, please
feel free to contact Ruth Milner, the NRAO Computing Security
Manager (rmilner@nrao.edu).

Thank you for your attention.

_______________________________________________
Gbtnews mailing list
Gbtnews@listmgr.cv.nrao.edu
http://listmgr.cv.nrao.edu/mailman/listinfo/gbtnews