A July 1 upgrade to Tufts' e-mail system left hundreds of students unable to check their e-mail this summer when the University stopped accepting connections from the popular yet insecure Telnet program. When complete, the enhancements will provide convenient, Web-based access to Tufts e-mail and safeguard the network from hackers.
Telnet connections opened from public terminals left the network vulnerable to daily attacks from computer hackers, according to Information Technology Support Services Director Dan Weir, who said that Tufts is one of the last schools in the country to make the switch.
Though Tufts has historically experienced fewer security breaches than other Universities, problems arose in the last six months, compelling Tufts Computer and Communication Services (TCCS) to expedite the improvement of Tufts' outdated systems.
"This is a big concern in higher education, where networks are very vulnerable and hackers know it," Weir said.
When students attempted to use insecure telnet to access their e-mail this summer, they received a message explaining the change and were instructed to download the more secure program. But some students found the information confusing and gave up trying to check their accounts.
"I had no idea what was wrong," said senior Heather Barondess. "I had to call cross country three times to get a password and figure out how to get online. It was a little bit frustrating and confusing."
Weir said he had not realized that the information was unclear until puzzled students flooded his office with phone calls. TCCS then changed the website to better inform students of the new system.
"We understand it was a frustrating situation, in part because the original Web page wasn't clear enough," Weir said. "As soon as we went live, a number of students called and said it wasn't clear, and if anyone had any difficulty at all [and] they notified us right away, they were fixed within 24 hours."
TCCS has also begun a long-awaited transition from the Emerald e-mail system to a more sophisticated service called Coral. The change hinder hacker activity and protect the network from computer viruses. When the switch to Coral is complete, students will once again be able to access their e-mail securely from any computer on the Web. Once complete, Tufts' system will resemble popular e-mail programs such as Yahoo! and Hotmail.
Freshmen have already been given the new Coral e-mail accounts and TCCS will eventually switch current sophomores and juniors to the new system. Tufts' other campuses began implementing Coral last year, a transition that TCCS says may change students' e-mail addresses. Coral server addresses are formatted firstname.lastname@tufts.edu.
If e-mail addresses are changed, there is a possibility that e-mail sent to the old address would still be delivered to the new one. "I believe [students] will have to change e-mail addresses," Weir said. "But they're actually getting a better e-mail server in total."
Weir said TCCS has not made the change until now because Tufts is not targeted by hackers as frequently as schools like MIT. For every one attack that the Tufts system receives, MIT experiences about ten.
"Telnet connections were discontinued simply because they are insecure," said Rebecca Voris, a technical support specialist for TCCS. "When you connect to a service such as Emerald, your name and password are sent in clear text. Anyone can eavesdrop."
TCCS administrators say they discontinued Telnet during the summer because it would be less disruptive. Defending their decision, TCCS officials said they had thought that students would not rely on e-mail as much over the summer. But after hearing student complaints, TCCS plans to give advanced notice of future changes.
The software did not allow for a grace period during the Coral change, which made a gradual switch impossible. TCCS did, however, create extra TuftsConnect CDs loaded with the new software in anticipation of the increased demand.
"We did have the software available on the CD and internally for download for quite some time, but switching off insecure Telnet on University systems is an all-or-nothing process," Voris said.
Weir said that the upcoming transition to coral will run more smoothly and that TCCS is already making plans to inform the student body ahead of time.
"We will be sending individual e-mails to the students," Weir said.
"We notified the schools that the change was coming," he said. "We will make sure students receive an e-mail and there will be better communication."
