Telnet Retired from Veritas and Champion

On Tuesday, July 24, the Information Technology Security Office (ITSO) released a security directive advising system administrators to disable Telnet wherever possible. This was in response to a remote root exploit that has been discovered in the Telnet server software. A 'remote root' exploit if properly executed would allow an intruder to gain unauthorized 'superuser' access to the system enabling complete control of all programs and data on it. WebTech has turned off Telnet on Veritas and Champion as a precaution until the UITS ITSO advises further. FTP service is unaffected.

On 7/24, Telnet was turned off temporarily to avoid possible system compromises. Upon the recommendation of the IT Security Office (ITSO), we have decided to retire telnet permanently and request that our users use alternative access methods that encrypt passwords. The particular replacements for telnet are ssh clients made available to the IU community (those with netword Id and passwords) on the ITSO web pages. There are also freely distributed alternatives.

Users can still connect to Veritas and Champion using ssh (secure shell) and scp (secure copy) client software at their workstations.

Macintosh F-Secure SSH was formerly available for download from UITS, but is no longer supported. MacSSH is an SSH client that is available for free download and will enable you to connect using SSH2. For additional directions, please see For Mac OS, what SSH clients are available?.

For more information about SSH2, please see:

• The Knowledge Base entry, "What are SSH and SSH2?":
  http://kb.indiana.edu/data/aelc.html

• The ITSO SSH2 How-to Guide:
  http://itso.iu.edu/Articles_and_Guides

• The SSH Communications Security SSH Secure Shell Site:
  http://www.ssh.com/products/tectia/

• The SSH FAQ:
  http://www.employees.org/~satch/ssh/faq/ssh-faq.html

  Now is a good time to remind you to change your web account passwords often. Please check the KB document "What is Indiana University's Password Maintenance utility?" for assistance in choosing a secure password.

  If you have any questions about this, please contact IU Webmaster.

   

• Webmaster News
  • Current
  • Archive
• Accounts
  • Applying for an Account
  • Account Maintenance
  • Passphrase Information
• Tools/Guides
  • Policies and Guidelines
  • Images and Templates
  • Publishing to Webserve
  • Web Site Maintenance
  • Web Content Management System
  • Logs and Statistics
  • Web Site Security
  • Using Unix
  • Programming Languages
  • Server Configuration
  • Forms Using Transform
  • IU Search Service
  • Electronic Commerce
  • Virtual Host Name Service
  • Digital Media Streaming
  • MySQL Database Service

• Webserve Features
• Getting Started
• Contact Us
• Site Map

• UITS Services and Support
• IU Webmaster
• Site Map
• Comments

• Copyright 1999-2009, The Trustees of Indiana University
• Copyright Complaints
• Last Updated: 20 June 2008