C&C Secure Services Project Nathan Dors & Brad Greer, Project Managers Primary Objective: To eliminate the use of clear-text passwords for accessing all C&C services
Objectives Eliminate clear-text passwords Promote secure protocols Promote secure methods within C&C Encourage secure methods beyond C&C Ease deployment Minimize support burden
Project Scope “All services” UW requires SSL or Kerberos Homer/Dante/etc. req. SSH or Kerberos FTP req. Kerberos or secure alternative Web (MyUW, etc.) req. weblogin service Keynes & other administrative apps
Motivation Increased use of UW NetID High impact of stolen passwords –Provide foothold for hackers –Take staff resources –Can be embarrassing Domino effect: C&C can help other departments implement similar policy
Shut-off Dates June 13 th –Shut off insecure IMAP/POP –Shut off insecure telnet to Keynes June 20 th –Shut off insecure telnet to UA hosts Autumn 2001 –Shut off insecure FTP to UA hosts and administrative applications
Communication Plan Meetings with computing support staff announcements End-user Web site –Countdown to shut-off dates –How-to guides –Links to UWICK info and software download
Keynes Challenge: June 30 th is biennium close High stakes require addn’l communication –Targeted –Reminders on applications Must identify hardware/software havenots Users must seek help if needed, the sooner, the better
Spring UWICK “Starter Set” includes secure apps –TeraTerm, SFTP for Windows –BetterTelnet and Secure Fetch for Macintosh –Requires Windows 95 or Mac OS 8.1 Installers and instructions for Outlook Express, Netscape, PC-Pine Available early Spring Quarter
Status SSH version 2 now running on UA hosts SSH version 1 running on Keynes Site license for SSH Secure Shell
Schedule 1.Stabilize SSH version 2 2.Deploy end-user Web site 3.Release UWICK 4.Announce 5.Coax and Assist 6.Shut-off insecure services
Questions?