From: Paul Trunfio 
To: cps@argento.bu.edu
Subject: UPDATED SECURITY CHANGES FOR CPS

---------------------------------------------------
IMPORTANT INFORMATION ABOUT CHANGES TO CPSNET
---------------------------------------------------

*** THIS IS AN UPDATED ANNOUNCEMENT  THAT REPLACES ***
*** THE EARLIER ANNOUNCEMENT FROM THIS AFTERNOON   ***

POSTED: AUGUST 15, 2000 

First some history.  The break-in from the weekend occured because the
``filters'' were not working that were supposed to keep all machines
except argento isolated from the outside world.  

As of now, these filters are in place.  It appears that once you log
into BU using PPP, you DO have access to our network.  The filters
simply isolate our network from OUTSIDE BU. This means that one does NOT
necessarily have to ssh to argento, since all our other machines are
visible.

WE DO ADVISE, THOUGH, THAT IF YOU ARE DIALING IN FROM HOME THAT YOU DO
RUN SSH FROM HOME AND SSH TO A MACHINE RUNNING SSH (SEE ITEM 2 BELOW).

1. CONNECTING FROM OUTSIDE OF BU.  From outside of BU, you can no longer
   enter our network, either through argento or through any other
   machines.  We CAN enable secure shell (SSH) only access ON A CASE BY
   CASE BASIS TO SPECIFIC IP ADDRESSES ONLY.  BUT WE WILL NOT BE DOING
   SO UNTIL NEXT WEEK AT THE EARLIEST.

2. CONNECTING FROM HOME USING PPP. If you connect to BU from home using
   PPP, then we STRONGLY RECOMMEND that you enter machines using 
   SSH (secure shell).  SSH is running on all SGI's and all LINUX
   machines.  

	SGI's: argento, linda, seldon, arkady, trantor, macduff, daneel
	LINUX's: meta, yanko, water, jhilad, riskit, thalia, urania, 
		 luna, melete, vesta, hypate, pan, rushmore.

   The procedure is:

        o CONNECT VIA PPP TO BU (as you always do).
        o CONNECT TO ARGENTO (or any linux or SGI) using SSH.

   For Windows, you can use TerraTerm SSH (it is completely free):

        http://www.zip.com.au/~roca/ttssh.html

   For Macintosh, you can use NiftyTelnet SSH (it is also free):

        http://www.lysator.liu.se/~jonasw/freeware/niftyssh/

3. CONNECTING TO ARGENTO AND META FROM WITHIN OUR NETWORK.  Even from
   within our network, argento and meta have an extra level of security.
   telnet and ftp are disabled on both machines.  In order to access
   these machines, one must use ssh from any SGI or LINUX machine (see
   the list in number 2 above).  WE WILL BE POSTING INSTRUCTIONS ON 
   HOW TO SECURELY FTP ON THESE TWO MACHINES IN THE COMING DAYS.  

4. New password protocol: Beginning tomorrow (WEDNESDAY AUGUST 16) all
   passwords will be assigned by Luis or Paul.  These are randomly 
   generated 6 character passwords that have been tested against a
   cracking program.