Computer Security Issues

Accessing Stanford and CS computers remotely

We strongly recommend that you use only secure network connections to access your account(s) on remote machines. Many Stanford computers will not accept insecure connections over which your password travels unencrypted. Most Stanford computers accept one or both of the following secure connection protocols:

• SSH
• Kerberos

If you use a version of SSH that supports port forwarding, you can run X Windows applications securely on your computer.

To read email securely, see the instructions on tunneling a connection over ssh. Tunneling will allow you to securely use Netscape or any other email program that supports POP3 or IMAP.

See below for information on obtaining secure connection software.

---

Choosing a Password

Your password is the most important single aspect of the security of your account.

Choose and protect your password with care.

Do not use any word, name or concept from any language (including computer languages), spelled correctly or not, as part of a password. Reversing a word or adding a number at the end or start does not protect you.

Do use a minimum of 8 characters, including letters, numbers and punctuation (no repeats). It should look like a random sequence of characters.

Accounts with easy-to-guess passwords are automatically locked out! To reinstate your account, bring your picture ID to one of the Computer Facilities staff members in Gates rooms 161-170, during regular business hours.

---

Obtaining Secure Connection Software

SSH (Secure Shell):

Note that there are two SSH protocols: SSH1 and SSH2. The client programs below may support one or both of these. All of the systems in the Computer Science Department support SSH2, but many other Stanford systems do not. (The following programs are free, or have been licensed by Stanford for use by faculty, staff and students. There are commercial implementations of SSH that can be purchased.)

Windows

• SecureCRT, an SSH client for Windows and SecureFX, a secure file transfer program.
• PuTTY, a freeware collection of SSH related programs for Windows (SSH, SCP, SFTP)
• Info about other Windows SSH programs.

Macintosh

Mac OS X comes with OpenSSH, so you don't need to download additional software in order to use SSH, SCP, or SFTP.

• MacSFTP, a graphical secure file transfer program.
• Info about other MacOS SSH programs.

UNIX/Linux

Note that all Linux distributions, and many other UNIXes, come with OpenSSH, so you don't need to download additional software in order to use SSH, SCP, or SFTP.

• OpenSSH, (SSH1 and SSH2) for Unix based systems.

Kerberos:

• Stanford Secure Desktop Computing for Windows, Macintosh and Unix
• Kerberos kits at Stanford
• Instructions for using Kerberos and OpenAFS for Windows to access your CS account. (Not to be used with PC-Leland)

---

Additional Security and Policy Information:

• Information Security Office
• Virus Alerts for Windows