SCS Computing
 Services and Solutions
  links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 » How to… 
 » Accounts & passwords 
 » AFS 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Support lifecycle 
 » Web publishing 
 » Mac support 
 » Linux support 
 » Windows PC support 

Encryption & password security

Whenever you use the SCS network, you should assume that somebody could be eavesdropping on the packet data that you send and receive. For that reason, whenever you are transmitting sensitive data, such as passwords, over the network, you should use some form of encryption to protect your data.

Some types of connections that are encrypted are:

  • SSH connections and traffic that is tunneled through an SSH connection.
  • SSL-encrypted web browser connections (i.e. URLs beginning with https: and where your browser does not display a warning.)

The following types of connections are not encrypted:

  • Non-Kerberized telnet connections.
  • Ordinary POP3 connections.
  • IMAP connections that don't use TLS or some other type of encrypted connection.
  • Ordinary FTP connections. If you want to securely copy files to/from a machine, use scp or sftp.
  • X11 traffic, unless that traffic is tunneled through an SSH connection.

For remote logins: Use SSH for logging into remote hosts over the network. This will protect your network traffic from being snooped in transit.

For e-mail: Facilities IMAP servers require the use of a mail Kerberos instance password. That password can only be used to read mail and can't be used to login to hosts that you have accounts on, which reduces the risk if it is snooped. To prevent snooping of your password, you should enable encrypted connections, either TLS or SSL depending on what is available, for both IMAP and SMTP services in your mail client.