Differences

This shows you the differences between two versions of the page.

--- abstract:caviness:security-changes-2025 [2025-10-20 14:07] – [MFA] anita
+++ abstract:caviness:security-changes-2025 [2025-12-04 10:05] (current) – [2025-2026 Caviness Security Change] anita
@@ Line 4: / Line 4: @@
   * Caviness will be moved into a different [[abstract:caviness:security-changes-2025#network-changes|network]] to isolate it from other campus computing systems
-  * Augment SSH username/password authentication with multi-factor authentication ([[abstract:caviness:security-changes-2025#mfa|MFA]])
+  * Augment SSH username/password authentication with [[abstract:caviness:security-changes-2025#mfa|multi-factor authentication]] (MFA)
   * [[abstract:caviness:security-changes-2025#hpc-passwords|HPC accounts]] for UD users will no longer synchronize with UDelNet passwords
@@ Line 14: / Line 14: @@
-IT RCI staff thank the community for their understanding as we work to better-secure the clusters and protect their access and their research computing resources.
+<note>**IMPORTANT:** IT-RCI staff will be communicating all updates as soon as we have a timeline in collaboration with IT Networking and Security groups.  Please review the [[https://drive.google.com/file/d/1r38OXmu7-XC8Ai5e62QEXlIfZCJeVm2j/view?usp=drive_link | slides]] and [[https://drive.google.com/file/d/1tMoi2qqT5UC0HmoH9skR3ud5O7a20hyB/view?usp=drive_link | notes]] from the town hall to familiarize yourself with the future security changes that will be implemented on Caviness. Please email [[it-rci-info@udel.edu?subject=Caviness%20town%20hall|it-rci-info@udel.edu]] if you have any questions or concerns.</note>
+IT-RCI staff thank the community for their understanding as we work to better-secure the clusters and protect their access and their research computing resources.
 ==== Network changes ====
@@ Line 26: / Line 29: @@
 The ScienceDMZ firewall policy **WILL BLOCK ACCESS TO ON-CAMPUS SYSTEMS** like license servers and other clusters — effectively any UD system a user connects to **FROM** Caviness.  IT RCI and Security have been working to capture a list of such systems, but Caviness community members **SHOULD TAKE TIME TO IDENTIFY ANY UD SYSTEMS THEY ACCESS FROM** Caviness and contact IT RCI.  Exceptions to the "block-all" policy will have to be negotiated with IT Security on a case by case basis by IT RCI and affected parties.  All such exceptions are audited annually by IT Security and will be subject to review for renewal.
-==== Multi-Factor Authentication (MFA) ====
+==== Multi-Factor Authentication ====
 One security control widely-used today is multi-factor authentication (MFA).  A username and password are still employed, but additional credentials are required to successfully authenticate.  For Caviness, the additional credential is slated to include either of the following:
@@ Line 34: / Line 37: @@
 **OR**
-  * Solicitation of a second passcode (e.g. six-digit code, push notification)
+  * Solicitation of a second passcode (e.g. a push notification)
-IT RCI is exploring options with respect to the second passcode and will provide the community further updates when a solution is chosen and a date for its implementation is planned.
+IT-RCI is exploring MFA options and will provide the community further updates when a solution is chosen and a date for its implementation is planned.
 ==== HPC passwords ====
@@ Line 46: / Line 49: @@
   * UDelNet passwords will **NO LONGER BE SYNCHRONIZED** with HPC accounts; a user's HPC account password will be distinct
-IT RCI will provide a web portal for HPC users to reset the HPC password.  Users will be asked to NOT reuse their UDelNet password as their HPC password.
+IT-RCI will provide a web portal for HPC users to reset the HPC password.  Users will be asked to NOT reuse their UDelNet password as their HPC password.