Encryption & password security
Whenever you use the SCS network, you should assume that somebody could be eavesdropping on the packet data that you send and receive. For that reason, whenever you are transmitting sensitive data, such as passwords, over the network, you should use some form of encryption to protect your data.
Some types of connections that are encrypted are:
- SSH connections and traffic that is tunneled through an SSH connection.
- SSL-encrypted web browser connections (i.e. URLs beginning with https:)
- Kerberized telnet connections
The following types of connections are not encrypted:
- Non-Kerberized telnet connections.
- Non-Kerberized POP3 connections.
- IMAP connections that don't use TLS or some other type of encrypted connection.
- Ordinary FTP connections.
- X11 traffic, unless that traffic is tunneled through an SSH connection.
For remote logins: Use SSH for logging into remote hosts over the network. This will protect your network traffic from being snooped in transit. Facilitized Unix hosts have a Kerberized telnet client and run a Kerberized telnet server, but using the telnet client will only protect you from network snooping if the telnet server you are connecting to on the remote host is also Kerberized.
For e-mail: Facilities IMAP servers require the use of a mail Kerberos instance password. That password can only be used to read mail and can't be used to login to hosts that you have accounts on, which reduces the risk if it is snooped. To prevent snooping of your password, you should enable encrypted connections, either TLS or SSL depending on what is available, for both IMAP and SMTP services in your mail client.