Increased Security for Remote Linstat Connections

While all computers are subject to regular attacks today, Linux servers draw particular attention. These attacks come from all over the world, and it is very rare for them to originate in the Madison area. To increase the security of SSCC's Linstat servers, as of Monday, May 19th we will block connections to Linstat from outside the Madison area unless the user takes one of several steps. These steps will be easy for SSCC members, but should prompt attackers to move on to less secure servers. SSCC members in the Madison area (including on campus) will not see any changes.

The steps SSCC members can take that will allow them to connect to Linstat remotely are:

• Connect to the SSCC network using VPN before logging into Linstat. This is perhaps the simplest method. Recall that you must connect to the SSCC network to run X-Win32 anyway.
• First log into Winstat and then connect to Linstat from within your Winstat session. This is also very simple, and also gives you access to all the software on Winstat. However it uses one of our Winstat licenses, so if you only need Linstat we suggest using VPN instead.
• Use the Google Authenticator app on your smartphone to obtain a code you then enter while logging in. This method requires more configuration, but may give somewhat better performance.
• Create a pair of encryption keys that are stored on Linstat and your computer which can then be used to connect to Linstat from that specific computer. This method also requires more configuration but may give somewhat better performance.

You only need to use one of these four methods. Note that the Google Authenticator and key pair methods must be set up while you are connected to Linstat. If you want to use these methods, be sure to set them up by Monday, May 19th, especially if you cannot use VPN or Winstat.

SSCC staff have used information provided by local Internet Service Providers to identify the IP address ranges used in the Madison area. Our intent is to define "Madison area" broadly, but contact the help desk if you find you are unexpectedly being treated as "outside the Madison area."

If you have any questions or concerns about these changes, please contact the help desk.

Last Revised: 5/15/2014