Responsible Use Of Computing Evironment Assumed
We write today in response to the article "Loopholes Loom Large in MITnet" in the April 22 issue of The Tech.
The ability to "sniff" packets has existed since the very inception of Ethernet technology. However it is only recently that this capability has surfaced as a contemporary Internet security problem. In fact when we made the initial design decisions in building the Project Athena environment we were aware of the risk of sniffing. It is because of it that we designed the Kerberos authentication system that is used instead of password files within the Athena environment.
Good cryptographic algorithms for enciphering data require significant computational resources. Therefore we may not simply encrypt every piece of information that traverses the network; we need to be selective. This was particularly true when we first installed Athena, when workstations were far less powerful. The key is to encrypt "interesting" information, such as passwords.
When we developed the On-line Student Information System we were concerned about sending grades over the network. To protect them we use features of Kerberos to provide keys to encrypt grades before sending them from the OLSIS server to a student's workstation. As we develop other applications that may handle sensitive information, Information Services will look carefully at the issue of whether information handled by an application should be encrypted when it traverses the network.
If the entire world used Kerberos we would never have to worry about sniffers stealing passwords. Such, however, is not the case. One area where people have considerable vulnerability is when logging into our dialup servers because "traditional" technologies for authenticating remote logins require the transmission of clear text passwords. We suspect that many people who use the Athena dialup servers from other Internet locations beyond MIT are at particular risk.
In the last few months several regional network service providers have had hosts compromised that permitted crackers to steal passwords for any connection made over that regional law enforcement authorities, both within the United States and internationally are working to catch these crackers.
Security is a growing concern as the Internet grows up from a research vehicle into a general information exchange tool. We and our colleagues on the Internet Engineering Task Force are working aggressively to address Internet security issues.
At MIT we will deploy these technologies as quickly as we can. Tools such as RIPEM and PGP are available today for the protection of electronic mail. Information Systems is looking into providing support for one or both of these technologies. IS is also looking to provide Kerberos-authenticated versions of "telnet" and "ftp" for the types of computers that students in dormitories are most likely to own.
Soon after connections were turned on in the 10 on-campus undergraduate dormitories a number of us from Information Systems visited each of the dormitories to field questions and address concerns about the network. Unfortunately, attendance at these meetings was low.
One of the things that we mentioned in particular was the possibility of sniffing on the local subnet. We would like to point out that each of the dormitories (and each parallel in East Campus) is a separate subnet. In order for someone to sniff packets within your dormitory, they must first have access to a computer in your dormitory. If we exclude the case of someone outside of MIT breaking into your computer and gaining access, this means that it is your neighbors who have the easiest access to sniff your packets.
The recent article in The Tech made it quite clear that it is very easy to get hold of a sniffing program and it doesn't take an MIT degree to run it. So why run one? It's not to show that you're clever because now we know that anyone can run it. We ask you to think about whether you would violate the privacy of others in your dorm by going into their room and reading their paper mail or by listening in on their phone conversations. If not, why would you violate their privacy electronically?
IS has tried to keep the MIT community alert to security breaches as well as to provide information on how to protect systems from unauthorized access. In February, mail was sent to all faculty and staff at MIT and a message was posted on the Athena message of the day informing the community of the recent rash of sniffing on the Internet.
We will continue to issue such alerts and we will be expanding our efforts in educating the community regarding the risks involved in using network technology as well as the protections that can be taken. If you have any questions concerning network security in your dormitory you may contact your RCC, or you may use olc or send mail to firstname.lastname@example.org.
We believe that the real security threats we face on MITnet come from beyond our campus. Although people who send passwords over the residential parts of MITnet are at some risk, we believe that members of the MIT community should not be viewed as "threats" to security. Keep in mind that "sniffing" networks is a violation of Athena/MITnet rules of use, and people who steal passwords are subject to disciplinary action. We expect members of the MIT community to act responsibly. Please don't let us down.
Jeff Schiller and Joanne Costello
for the Managers in Distributed Systems and Network Services