Network Security and Remote Logins
Security FAQ (Frequently Asked Questions)
Why did you post this document?
We hope that through this page both students and faculty of the CS Department can learn about how to protect themselves on the CS department network.
Why should I be interested in security?
Your information and privacy can be protected by following a few simple steps. We hope that everyone can become aware of how to do this, so keep reading.
How secure is the CS department network?
Right now we have many security measures implemented. We have firewalls installed to block traffic from the outside, logging, and many other security systems. Nevertheless, the system is only as secure as the users make it. We have installed many programs that can help us, so on these pages we will show how you can use these to help secure your privacy and information.
What is remote access, and why encrypt it?
There are two types of operations that you can perform on your CS Department account from a remote machine (like your PC at home): executing commands on the remote machine (ssh allows you to do this), and copying files from the remote machine to your local machine (sftp does this). Not all programs perform both of these functions, so you should be aware of the difference. You should strive to use ssh and sftp whenever possible. Know that programs like telnet, rlogin, and ftp do not encrypt your password or the data transferred. This means that anyone sniffing the network can see everything you type, download, or upload. They can take the information and then use it. This is especially dangerous if they take your password and use it to log onto the CS network, and then use our machines to perform other illegal activities. You are then held responsible for their crimes. This is why you need to use an encrypted login. All the machines in the CS Department support secure logins (SSH) and SFTP so it should always be used. Here is a general overview of some of the programs for secure remote logins that are popular.
What are RSA keys, and why does my SSH program ask me about them?
RSA keys are used to encrypt and decrypt a communication. When you utilize SSH, SCP, or SFTP on a computer, the remote computer gives you a copy of their public RSA key so that you can encrypt the data you are sending to that machine. Using its private key (which only the remote machine has access to), only that specific machine can decrypt the information you send. RSA keys can also be used to identify a machine and make sure that the machine you are logging into really is the one you expect. The first time you log into a machine, you store a copy of the public key, and each successive time you log in, the key you receive will be compared with your stored key for that machine. If the key changes, that means one of two things: that machine changed its key while it was being upgraded, or someone is pretending to be that machine and attempting to get you to send them your information. Your SSH program will alert you to this situation.
Are the programs telnet, ftp, and rlogin safe to use?
Answer: No. Both programs send passwords as cleartext (no encryption used), so anyone with a sniffing program can see them as you type. We do not allow these programs to be used on the network. It is better to use programs such as ssh (secure shell) to do remote logins, and programs such as scp (secure copy) and sftp (secure ftp) for file transfers. All of these use encryption so third parties can't read the information that is being sent.
What happens if I am caught breaking into computer systems, viewing pornography, or using CS computers for some other illegal or immoral activity?
The least that will happen is that you will not be able to register for CS classes for one year and your account will be disabled during that time. You will be reported to the proper authorities at BYU and, if necessary, to civil authorities as well. As a warning, there are systems in place that check for users that are visiting and viewing sites that contain pornographic material.
Password Tips
Poorly chosen passwords are a big vulnerability for any system. For more information, see Account Password Policy.
Remote Network operations
What to use
To use and access the network remotely you will need to use ssh, sftp, or scp. Many clients exist for all platforms that will aid you in utilizing these programs and protocols.