Contents
Index

Editorial
Forum for Readers
Announcements Physics Computing Desktop Computing Internet Services and Network Technical Computing Desktop Publishing Education & Documentation Just For Fun ... If you need help
Editorial Information
Previous:Desktop Computing
Next:Access the Windows DFS Using the Web and WebDAV
 (If you want to print this article)



Computer Security Changes: Recent and Planned

Denise Heagerty , IT/DI


Abstract

The following security changes are being implemented: Off-site FTP closure, Off-site X11 protections, and AFS password expiry.


Off-Site FTP Closure

To reduce the number of regular break-ins on CERN machines due to passwords exposed on the network in clear text, OFF-SITE FTP ACCESS TO CERN WILL BE BLOCKED in the CERN firewall from

Tuesday 20th January 2004

Users are recommended to install and use SSH (Secure SHell) as an alternative to ftp as soon as possible for off and on site access. Links to further details about SSH and other alternatives are at http://cern.ch/security/ftp.

Off-site X11 Firewall Protections

Following some serious incidents, X11 firewall protection, which already covered most CERN systems, was extended to the whole site from Tuesday 4th November 2003. All CERN systems running X displays (such as X terminals or Exceed) must start off-site X applications securely, as described at: http://cern.ch/security/X11.

AFS Password Expiry Enforcement

To ensure that passwords are regularly changed, annual password expiry will be enforced for AFS users. Warning messages will be sent by email and users will be required to change their passwords using the command "kpasswd". This mechanism is already in place for NICE passwords. Recommendations for choosing good passwords are at http://cern.ch/security/passwords



For matters related to this article please contact the author.


Cnl.Editor@cern.ch
CERN-CNL-2003-003
Vol. XXXVIII, issue no 3


Last Updated on Mon Dec 15 12:10:16 CET 2003.
Copyright © CERN 2003 -- European Organization for Nuclear Research