When we talk about campus network design and operations and we're talking about campus network security one of the areas to think about is encryption and two-factor authentication. We bundled these together in a very short presentation here. When we talk about encryption it's extremely important to use encryption to protect sensitive data and of course to protect your passwords. And one of the critical ways of doing this is to disable your clear text password protocols. Be sure you've disabled telnet and ftp on any public access devices you may still see these available on things like routers and switches but please don't give access to administrative functions using these protocols since they can be sniffed over the line and people can find your username and password and get in quite quickly instead use things like secure shell ssh and scp to access devices or to copy data if you're doing email strongly recommended for instance if you're providing imap service to your end users to use a tls based email system so that your passwords and your email are encrypted as you download and upload and send email at that point in time and note that at this point in time almost all web traffic really needs to be encrypted using https i'm well aware and we are well aware that there's quite a bit of web content that is not secure in any way but many web browsers are now pushing people towards using port 443 for https with ssl certificates for all web traffic so attempt to update your servers install certificates and make your web traffic be secure don't use a self-signed certificate unless it's for something that you're using internally that's fine because then you can encrypt your traffic and you know what your self-signed certificate is but for public facing services you need to use a publicly available certificate the good thing is there is now a service called let's encrypt you can see the url here and it allows for free automated and open certificates these certificates use your dns name to verify the machine that you're installing the certificate on and to verify ownership you can also use classic certificate authorities and buy certificates as you want some larger campuses and organizations will also provide a certificate service and if you're in that situation that's a good thing to do for your end users we wanted to mention two-factor authentication 2fa is short and basically the idea is you log into something some type of service and then you are asked to provide a one-time code usually this code has an expiration of a few minutes and there's a number of ways to do two factor authentication so these include things such as you receive an sms or text messages with the short term code you might receive an email with a code you may even be asked one of the security questions that you provided when you first registered for the service and need to be able to answer that and becoming more and more popular is software that provides a one-time base code using a protocol called totp and this is where you have something like you may have seen these they're called fobs they're like small devices that you carry that generate for instance a six digit code that changes every 30 seconds or every minute and when you try to log into a resource you need to type that code what's happening is when you first set up your service you very likely did something like you scanned in a qr code into some software on your cell phone or you provided it to your key in a certain way this qr code had a mathematical algorithm in it that is only for that particular service and it allows both ends your end and the other end to generate the random six digit code that you're going to use and to change that say every 60 seconds.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.