PENN PRINTOUT
The University of Pennsylvania's Online Computing Magazine

PENN PRINTOUT September 1991 - Volume 8:1

[Printout | Contents | Search ]


PennNet passwords

By Teresa Leo

Beginning September 3, 1991, network IDs and passwords must be used to access Penn's computer network via

  • The inbound modem pool (i.e., dialing in to the annex: prompt)
  • The ISN-to-telnet gateway (i.e., entering telnet at the DIAL: prompt to get the annex: prompt)Users who only access services such as PennLIN directly from the DIAL: prompt currently do not require a password.
From September 3 until September 23, a temporary network ID and password can be used to access PennNet where necessary. The temporary ID and password allow users to continue working on PennNet while they arrange to get personal IDs and passwords. After September 23, unique IDs and passwords must be used (see box, "Temporary network ID and password," for more information).

The Office of Data Communications and Computing Services (DCCS) is implementing the ID and password system to prevent unauthenticated use of PennNet and the Internet.


Background

Over the past 18 months, "crackers," or individuals seeking unauthorized access to computer systems, have gained access to PennNet and the Internet through "open" terminal servers. Open terminal servers are unrestricted gateways to other computers on the networks. At Penn there are 100 such open terminal servers, most of which are connected to specific offices and laboratories, where the risk of unauthorized access is diminished. However, the terminal servers connected to the inbound modem pool and the ISN-to-telnet gateway allow access to anyone with a modem and the appropriate telephone number. These terminal servers were originally set up to provide all members of the Penn community access to both PennNet and the Internet. However, crackers as far away as the Netherlands have attempted to use them to break into facilities on the Internet, including facilities here at Penn.

On any network, vulnerability to unauthorized use is a continuing concern. Because of such vulnerability, advisors to the Internet community have recommended that all open terminal servers be eliminated. As an educational and research institution, Penn would like to continue to provide PennNet and Internet access to facilitate contact with other research institutions on the Internet. Issuing network IDs and passwords to PennNet users will minimize our exposure to crackers by providing an audit trail/tracking system by which connections to PennNet and the Internet can be monitored.


How it works

Step I. Setting up a network ID and password

All members of the Penn community are entitled to network IDs and passwords at no charge, but each user must present a valid PennCard when setting up an account. The steps for users with valid PennCards are as follows:

  • User brings PennCard to one of the the network ID/password issue stations set up around campus (see list below). These stations will be equipped with PennCard readers and terminals that provide self-explanatory instructions for user verification.
  • User swipes PennCard through card reader. System validates card and user identification. System requests network ID.
  • User enters selected network ID (ID must adhere to rules outlined in the sidebar "Network ID and password rules"). System queries the network ID database to ensure the selected ID is unique and conforms to the ID rules. System requests password.
  • User enters selected password twice as prompted (password must adhere to rules outlined in the sidebar "Network ID and password rules"). System queries the system dictionary to ensure the selected password conforms to the password rules. System displays verification message. User then has full access to PennNet.
Members of the Penn community without valid PennCards must go to the PennNet Services Center (Suite 221A, 3401 Walnut St., 898-8171, Monday through Friday, 9 AM-5 PM), where pertinent information can be manually entered into the database, to receive network IDs and passwords.

Step II. Use

Each time a user attempts to access PennNet from a terminal server protected by the authentication system, he or she will be prompted for a network ID and password. The system will then verify that the ID and password are valid and that the person is a current member of the Penn community. Instead of seeing the message and prompt:

Annex Command Line Interpreter  
*  Copyright 1990 Xylogics, Inc.
annex:
the user will see the following new interface:

Annex Command Line Interpreter  
*  Copyright 1990 Xylogics, Inc.
Checking authorization, Please wait...
NOTICE:  For University of Pennsylvania 
authorized users only.

Network ID: >user's network ID<
Network password: >user's password<
Permission granted
Last login on mmm dd, yy at hh:mm from Host Name
Type MENU for a list of network services.
annex:
Note to script users: If you use scripts to log on to your host accounts on PennNet, you will have to change the script to accommodate the network interface changes. If your script was issued by your organization's system administrator, consult with that individual for support. Remember that passwords should never be written down or embedded in scripts because of increased risk of exposure.

Password issue stations

  • PENNcard Identification Center, Suite 323A 3401 Walnut St., 9 AM to noon & 1 PM to 4 PM
  • CRC, Locust Walk at 38th St., 9 AM to 4 PM
  • Engineering CETS, Room 169, Moore School Graduate Wing, 9 AM to 4 PM
  • Biomedical Library, Johnson Pavilion, 9 AM to 5 PM
In addition, there will be a Network ID/Password Issue Station at CUPID. For further information, contact the PennNet Services Center at 898-8171 (PSC@DCCS), or the CRC at 898-9085 (CRC@A1.RELAY).

TERESA LEO is a Technical Writer for DCCS/UMIS Publications.

Sidebar 1: Temporary Network ID and Password

While you are making the transition to network IDs and passwords, DCCS will activate a temporary network ID and password so you can continue to access the network. Keep in mind the following dates and information:

September 3 - Service is activated at 12:01 AM. Users who have not yet been issued their own network ID and password may use the temporary network ID of penn and the temporary password of quaker to access PennNet where necessary until September 23.

September 23 - The temporary network ID and password are removed from the system, at which time all users must have personal network IDs and passwords to access PennNet where necessary.

Sidebar 2: Network ID and Password Rules

  • Network IDs must be unique and must be at least three characters long. In certain circumstances, DCCS reserves the right to request that an individual change his or her network ID. An easy way to devise a network ID is to use your last name followed by your first initial.
  • Passwords must be at least 6 characters in length and no more than 16 characters in length.
  • Characters in the password must be from the set of printable American Standard Code for Information Interchange (ASCII) characters, including space. Upper and lower cases are significant. The printable ASCII characters are- 
    ! " # $ % & ` ( ) * + , - . / 0 
1 2 3 4 5 6 7 8 9 : ; = ? A B C 
D E F G H I J K L M N O P Q R S 
T U V W X Y Z [ \ ] ^ _ ` a b c 
d e f g h i j k l m n o p q r s 
t u v w x y z {|}~
  • If fewer than 10 characters in length, the password must contain one case change or non-alphabetic character that is NOT in the first or last position in the word.
  • The password may not consist solely of characters in the set (0-9, +, -, .).
  • The all lower-case version of the password may not be a word in the system dictionary or the reverse of a dictionary word. The system dictionary includes the English language dictionary, many foreign language dictionaries, popular passwords (e.g., xyzzy), and common names.
  • The password may not contain the network ID, the user's first, middle, or last name, his or her initials, or any common permutation thereof.
Note: Before going to the network ID/password issue stations, users should choose a network ID and password that conform to these rules. Otherwise, they will tie up the terminals unnecessarily by trying passwords that the system will reject (see sidebar, "Hints for choosing memorable passwords").

Sidebar 3: Hints for Choosing Memorable Passwords

  • Choose a phrase like "A stitch in time saves nine" and
    • Use the first 10 letters of the phrase, or
    • Use the first letter of each word, (e.g., AsIts9), or
    • Change case (e.g., capitalize all T's)
  • Choose a word and substitute symbols for letters occasionally, e.g., use 0 for "o," 1 for "i" or "l," or 3 for "E" or "S." Examples of this usage include
    • Ingr33 for "Ingres"
    • > Than 0 for "Less than zero"
    • ;-crazy for "semi-crazy"
  • Choose two short words and join them with a symbol (e.g., Big$Deal)
* Note: Since the passwords listed above are used as examples, they will not be accepted by the system.