Before the installation of the firewall the preferred, secure way to access our network remotely was through hydra (CFM) or rufus (DAM) using S/Key's. In practice this wound up not being the case, with many "backdoors" developing. With the installation of the firewall remote access will be limited to fritz (CFM) and nemo (DAM), via telnet and ftp, using S/Key's, and Secure Shell (ssh). Remote use of the r* commands (rsh, rlogin, etc) will not be permitted. Additonally, S/Key access to hydra (CFM) will remain for the time being.
Hopefully, most users are familiar with use of S/Key's in our computing environment, please review the security software tutorial if not. While S/Keys have the advantage of requiring no additional client software, carrying around those lists of passwords is somewhat cumbersome. With the installation of ssh servers on fritz and nemo remote users now have the opportunity to access our computing resources with their regular passwords. Ssh provides additional security features that S/Key's do not, including encryption, host authentication, and transparent X11 connections. Ssh does require special client software, free versions of which are available via anonymous ftp for unix and Win95/98/NT. Please see the remote access tutorial for information on use and installation.
While the installation of the firewall will somewhat restrict incoming network connections, the security policy for outgoing connections will be much more liberal. Users eventually will be able to originate almost any network service from any workstation in the department to outside the network. Machines will require individual configuration for this to occur, it may take some time for the staff to get to every machine.
Currently the CFM/DAM network is bridged to the campus ATM backbone by
10Mb/s ethernet.
With the network upgrades concurrent with the
firewall installation we will now have a 155Mb/s ATM link directly to
the campus backbone. This should result in significantly improved
performance for remote connections.