1) Duke University has a very high speed network. A hacker who gets access to a computer on our network can use that computer to launch denial of service (DoS) attacks from our fast network. The victim computer may be on a much slower network and may be overwhelmed.
2) Hackers will make use of our systems to hack into other systems. By establishing a long chain of computers which the hacker has access to, the hacker can attack a commercial, government or military site without being caught. For example, if the hacker attacks a military computer, the military will see the attack from computer A, the owners of computer A might look and see that they were hacked by computer B, the owners of computer B were hacked from computer C, and so on. If any computer along the way can not establish where they were broken in from, the authorities will be unable to track the hacker back to his home computer.
3) Another common motivation for hacking into a computer system is to set up services on the system (such as IRC servers) for the individual's own use. By stealing resources in this way, the hacker does not affect any one particular user, but degrades service in a way that affects the system as a whole, and by extension all users.
Computer operating systems are by nature complex entities; working to ensure that any potential weaknesses in the system are addressed is more than a full-time job. The administrators of the acpub system are vigilant in keeping up with documented system weaknesses and address them as soon as they are discovered.
Other systems on campus--departmental systems and those that individuals bring up themselves--are not necessarily as well-protected. When those running them are not up on the constantly-changing knowledge of security issues, these systems become vulnerable to intruders.
The most common method of operation for a hacker is the following:
1) Gain access to the system as a normal user. (This step is sort of optional, sometimes the hackers will jump straight to step 2)
2) Use the user access to gain access as the administrator (root user) of the computer.
3) Grab the password file
4) Start "sniffing" the network to find passwords
5) Clean up by deleting or changing logs that would show how they got in
6) Change system programs to help hide the fact that they are using your computer
7) Proceed with their other objectives: hacking new systems or starting a denial of service attack or starting up a new server (like IRC) on you computer, etc.
List the contents of your directories by typing the ls -lrt command at the Unix prompt. This command will list all files in the directory in the reverse order of time so that files modified most recently will be at the bottom of the listing. Look at the dates; these indicate when each file was last modified. If the date is later than the last time you modified it, that indicates that someone else has accessed your files.
That's all there is to it! After you run the passwd program you'll be back at the Unix prompt, where you may run other programs or log off. Don't forget to use your new password the next time you log in.
1) A good password is a good password. The only reason to change a good password is if you think that it has been compromised. If you make a user change his or her password more frequently then he or she will pick a password that is easy to guess, or the password will be written down.
2) The other school of thought says that by changing a password every 3 to 6 months, you minimize the risk of a hacker getting the password file and finding current passwords.
I tend to fall into the first camp. While there is probably nothing wrong with having a password that is frequently changed - if the user can remember it, I would prefer to have people pick good passwords that they don't write down.
Don't forget that Unix is case sensitive (for example, "ABC" is different from "abc").
If you're interested in a more thorough discussion of passwords, including strategies for selecting yours, go to the Password Security: A Guide for Students, Faculty, and Staff at Duke University.
These activities can range from the nuisance level to something much more serious. You definitely want to do all you can to avoid letting anyone access your account.
Don't panic, but do be cautious.
Anyone who has control--legitimate or not--over a desktop or departmental computer you're using to access a remote system such as acpub can see what you're doing. If the PC or local area network you're using to connect is improperly installed or administered, you could be exposed.
One way to protect yourself from this exposure is to use what is known as a "secure shell" client (abbreviated SSH) rather than a regular telnet client. SSH clients encrypt all data sent across the network. Someone spying on the network will only see garbage. This means that your userid and password are protected as they travel over the network's wires.
The acpub system supports SSH. The standard Telnet program on the Windows and Macintosh computers in OIT's clusters is a secure shell client called F-Secure. This means you don't have to worry about security when logging in from one of these clusters.
Information on downloading SSH clients for use on your own Windows and Macintosh computers can be found OIT's SSH page.
As a general rule, you should never execute software about which you are uncertain. This includes software that you have received as an email attachment from someone you don't know or that you've downloaded from an Internet site you don't know and trust.