Graphic-Newsletter of UH Community

 

Infobit Logo - Link to home page 

Link to previous articleLink to next article
 
Secure E-mail Available
by Julio Polo

The standard protocols that make the Internet work today originated a couple of decades ago. Back then, the Internet was not as visible as it is now, and security was not built into most protocols from the outset. The ubiquity of the Internet has reversed that trend. For example, not too long after the Web exploded onto the mainstream, secure Web pages (https) became a defacto standard.

There are basically two problems to contend with in an online world: impostors and eavesdroppers. Impostors fraudulently impersonate someone in e-mail messages and newsgroups postings. Eavesdroppers perform the equivalent of a wiretap and read sensitive information that travels through the network, including passwords that can be used to impersonate others. The simplest way to deter impostors is to require identification through an account and password. The simplest way to deter eavesdroppers is to encrypt the information that travels through the wire.

ITS is moving towards an infrastructure that addresses these problems head-on. Our future e-mail services will support encrypted connections to our POP, IMAP, and SMTP servers. Our SMTP server will require senders to authenticate themselves with their password. You may try these security-enhanced services by turning on Secure Socket Layer (SSL) encryption in your e-mail client and changing the incoming (POP or IMAP) and outgoing (SMTP) server settings to this one setting:

mail.hawaii.edu

Our new Web mail interface also uses the same domain name. Refer to "Access Your E-mail Through the Web" in this issue.

Other services will see a gradual shift in security. Our newsgroup server news.hawaii.edu will require authentication. File transfers via ftp will be replaced by a secure Web interface. Use of UNIX shells (i.e. uhunix) will be provided only upon request and subject to a security process that requires approval for server processes. Logins via telnet will be replaced by SSH or similar technology which encrypts passwords during transmission. Passwords will be required to pass the crack program (i.e. not be guessable). More tips on preventing password theft is available at www.hawaii.edu/infobits/s2000/quickbits.html

As security is increasingly tightened, there may be occasional inconveniences. It is hoped that our gradual approach will make the transition to a secure environment as painless as possible for everyone.

Link to return to contents
Link to Infobits home page
Link to go to next article
 

Comments to: editor@hawaii.edu