Facing increasing security challenges, UNM's Computer Information Resources and Technology Department is taking extra steps to ensure the privacy and security of UNM computer system users.
Beginning Jan. 31, the department, which is in charge of central computing services at UNM, will implement encrypted Secure Shell and Secure Sockets Layer programs, replacing all plain-text logins for CIRT-based UNIX accounts.
"All of UNM stands to benefit from this change," said Jeff Gassaway, CIRT's security administrator. "Using Secure Shell to access computing services will help prevent identity and account theft, and will also help prevent the compromise of authentication information like NetIDs and passwords, which are subsequently used to compromise other accounts at UNM."
The Secure Shell is available in all CIRT pods on both Macintosh computers and Windows PCs. It comes in the form of an icon on the computer screen, which users will have to click on, thus putting them on a secure line before continuing with any Web-based application.
"I'm glad to see that CIRT is taking steps to help us out," said Amanda Martinez, a sophomore majoring in education. "Even if it takes some getting used to, I'm sure the benefits will far outweigh the costs."
Get content from The Daily Lobo delivered to your inbox
Gassaway said that every person at UNM is issued a NetID and password, which is used in combination to authenticate who the user is and provide authorization for them to check mail, schedule classes, transfer files and otherwise modify their account.
He added that when using a plain-text login, it is surprisingly easy for a hacker to obtain this information during the login process, leaving users and the entire UNM community at risk.
Gassaway said he hopes to see a great decrease in the number of times CIRT has to shut down someone's account because their information has been compromised because it causes inconvenience to the person and untold costs in time and human resources to CIRT.
He added that he sees anywhere from 30 to 100 instances of hacking at UNM a semester.
"Some computing services at UNM will still allow people to authenticate in clear text, leaving their information available for crackers to 'sniff' off of the network," Gassaway said about the reasons for CIRT's security changes and future developments in CIRT's security policies. "CIRT's security initiative is designed to migrate people away from clear-text authentication to prevent the loss of student data and privacy information."
The Secure Shell program, recommended by CIRT, allows secure access between a desktop computer and a remote server. The program encrypts the clear text password and sends the encrypted version over the network to be verified by the server the person is trying to contact.
Secure Socket Layer programs are an upcoming aspect of CIRT's security initiative. They are used primarily for secure access between a desktop computer and the Web and mail servers. These protocols are built into most Web browsers, and e-mail programs, such as Mulberry, have plug-ins available to provide encrypted e-mail logins.
Frank Cordova, a freshman art student, said that far too often people place false trust in computer systems.
"We're all guilty of putting personal information on the Web without ever thinking about who has access to that information," Cordova said. "In the times we are living in, with people becoming more and more computer literate and able to manipulate information online, it's good to see that someone is looking out for us."
Gassaway added that while there will be many long-term benefits through the new, safer programs, there will be an adjustment period, although in an attempt to ease the transitional burden they are postponing the complete demise of unencrypted e-mail and FTP logins on campus until Aug. 4.
Although the new programs are being installed free of charge in the computer pods, those who rely on Telnet from personal computers on campus, such as in dorm rooms or individual departments, that don't download the proper applications will be unable to access any applications after the Jan. 31 date, Gassaway said.
He added that the proper applications are available for download free to all UNM staff, faculty and students interested in upgrading the security of their computer system. Anyone interested in learning more about this software should visit CIRT's Web site at www.unm.edu/cirt/encryption.
