Changes
to Telnet Access to E-mail and
Netnews: January 28
As
a community, we can congratulate ourselves
on successfully transitioning to PennKey
authentication this fall and improving
overall security on our network. Many
fewer people will be affected by the
next step in Penn's ongoing security
enhancement program, which will be
to require strong authentication for
Telnet access to campus host computers.
(For background about Penn's security
initiatives, see Almanac July
16, 2002 and October
8, 2002.)
Telnet
is used primarily to access host-based
e-mail applications such as Elm and
Pine, and Netnews readers such as tin
and slrn. However, Telnet software
in the standard, insecure mode now
being used on campus does not encrypt
users' passwords; they are sent across
the network "in the clear," making
them more susceptible to interception.
By
January 28, 2003, anyone using standard
Telnet to access the University's host-based
applications will need to upgrade or
change their desktop software. The
recommended options are listed in the
table below. In addition, individuals
who use Telnet to access Penn e-mail
when they're away from their own computer--while
traveling or using a friend's computer
or a computer in a public location
such as an Internet café--will
most likely need to change the way
they access their e-mail. Webmail is
the recommended option for them.
If
you don't know how you access e-mail
or Netnews, be sure to check with your
Local Support Provider (LSP). You may
be using Telnet without knowing it.
Telnet
Applications that will no longer
work
As
of January 28, the widely used Telnet
software listed below can no longer
be used to access Penn host computers.
This list includes products that have
been supported at Penn in the past
and is not intended to be exhaustive.
- versions
of Host Explorer prior to version
7.1.0.4 (Windows)
- built-in
Telnet for Windows (Note that
if you access mail using a sequence
like Start Menu > Run > telnet
email server name (e.g., pobox,
mail.sas, dolphin) > email
ID and password > email program
(e.g., elm or pine), you are using
a standard Telnet client to access
host-based email.)
- all
versions of NCSA Telnet (Macintosh)
- versions
of dataComet prior to version
5--with version 5, the name also
changed to dataComet Secure (Macintosh)
Secure
Options for Use as of January
28
Anyone
who currently uses standard Telnet
on their computer should install either secure
Kerberized Telnet software and a Kerberos
ticket manager or Secure Shell
(SSH) software before January 28 for
continued access to host-based e-mail
and Netnews readers. Be aware that
this secure software is not as ubiquitous
as standard versions of Telnet, and
is therefore less likely to be available
on computers in public locations such
as web cafes. The recommended way to
access e-mail when you're away from
your own computer is via Webmail, which
is available on all the major campus
e-mail hosts and can be accessed using
Internet Explorer or Netscape.
Getting
Help
If
you're not sure whether or not this
change affects you, consult your Local
Support Provider. Be sure to seek advice
and, if necessary, update your software,
as soon as possible, so you don't find
yourself unable to read e-mail on January
28.
--Robin
Beck, Vice President, ISC
Click
here for the Table of Security
Options for Windows and Macintosh
Software
|