NCSA Home
Contact Us | Intranet | Search

NCSA Password Security

Security at NCSA

NCSA has a history of establishing and maintaining a high degree of security on the high-performance systems and on the networks that connect to those systems. NCSA's aggressive policy seeks to identify and address potential or real security breaches. The result is a solid high-performance computing environment with a high level of security. Defensive measures are quickly employed in those rare cases of intrusion with the goal of not compromising user data and the HPC systems.

In November 1998, NCSA eliminated the use of clear text logins and passwords on its high-performance computer systems to further enhance network security. Throughout 1998, a joint NCSA/Alliance and NPACI security team coordinated efforts to eliminate clear text passwords and other computer security weaknesses. The team discussed their general security plans with representatives from the Defense Department and NSF-funded laboratories and agreed that the various organizations would use interoperable authentication schemes and security architectures.

So-called "clear text passwords and logins" are unencrypted and unscrambled and thus vulnerable to detection by "sniffers" on the Internet. Internet "sniffing" can allow hackers to obtain passwords. Hackers often use the newly discovered passwords to login to a system.

Former NCSA Director Larry Smarr noted at the time of implementation that:

"The use of clear text logins and passwords represents the number one security vulnerability on the Internet today. NCSA's main motivation for [the joint NCSA/Alliance and NPACI] project is the elimination of that vulnerability."

Eliminating Clear Text Over the Network

NCSA, in conjunction with NPACI, implemented a plan to eliminate clear text connections. All allocated users and NCSA staff were required to select and use of two encryption systems: Kerberos or Secure Shell (SSH). New users to NCSA systems (allocated or staff) must implement one of the security software options.

Reporting Security Incidents

To report a security problem contact the NCSA Helpdesk at (217) 244-0710 anytime. For security questions or non-emergency incident information, please email security@ncsa.uiuc.edu.

University of Illinois home page NCSA Home | About NCSA | NCSA Projects | Blue Waters | NCSA News | NCSA User Info
Contact NCSA | NCSA Intranet | Site Map
Contact consult with questions regarding this page. Last updated March 22, 2006.
All rights reserved. ©2009 Board of Trustees of the University of Illinois.