Please note that the Computer Science departmental site has been migrated to https://brocku.ca/mathematics-science/computer-science and this copy is only being provided for historical reference. Information that you find on this site may be out of date. For more information please visit https://www.cosc.brocku.ca/migration.
You are here
Security Information
This page contains instructions on how to safely connect to the various services within the Computer Science department at Brock University. As our normal way of life is evolving to include 24/7 access to most things through network applications there has also been alot of progress made in utilities to try to intercept network information. For this reason you are urged to seriously consider the following guidelines when connecting to our resources in order to ensure that your login inforamtion is safe. If you have specific questions please feel free to contact us.
COSC Certificates
Most of our network services (www.cosc.brocku.ca, mail.cosc.brocku.ca) use certificates to encrypt the information being passed across the network. It is important, any time you are sending your password across the network, to verify the certificate on the machine you are connecting to. The following information can be used to verify the integrity of the certificates that we use for our servers. If, at any time, you are prompted about the certificates being erroneous there is likely someone tampering with the connection in which case you should reject the certificate unless you can verify the MD5 or SHA fingerprints as listed below. We also use some certificates signed by our own certificate authority (eg: dbadmin.cosc.brocku.ca), if you are using one of the services you will need to download and install/import the cosc.brocku.ca root certificate (you may have to import it into your browser or OS depending on the combination of the two). It is critical when importing a trusted root certificate that you verify it's integrity by ensuring that the Fingerprints match those posted here (Note: Microsoft software seems to reference them as thumbprints), if you don't understand what you are doing do not import the certificate.
Certificate for www.cosc.brocku.ca (Administration scripts and CMS login) MD5 Fingerprint: A6:69:AF:BA:C7:FE:A4:F5:A7:C3:EA:57:89:7A:7E:42 SHA1 Fingerprint: 64:62:B6:7B:2B:F7:2E:D0:3F:9F:EB:45:94:B8:8E:9E:A4:CD:C1:0F Certificate for mail.cosc.brocku.ca (POP, IMAP, SMTP) MD5 Fingerprint: 00:BA:9C:B6:1C:78:A4:37:87:05:04:78:D4:B5:20:1D SHA1 Fingerprint: CB:EE:58:C6:BB:E6:1A:03:FE:23:7B:FC:1F:E3:3E:E9:BD:AC:18:7E Certificate for cosc.brocku.ca (local certificate authority) MD5 Fingerprint: 7F:A4:8E:01:F4:9E:F1:E3:C9:09:C7:D3:35:0D:F5:93 SHA1 Fingerprint: BB:80:A3:05:A5:83:4F:69:B6:14:15:F5:94:A8:72:C4:EC:97:6A:80
Encrypted services currently available on Sandcastle
- SSH/SFTP - port 22 can be used instead of telnet and FTP
SSH (Shell and File Access)
SSH is a protocol which allows network connections to be made with a server. It typically is used for shell access to network servers but is often used to tunnel other protocols such as FTP. In our labs we use PuTTY on Windows for making SSH connections, Linux and Mac OS X have built in clients.
It is very important to verify the fingerprint of the server key that you are connecting to; Sandcastle's key fingerprint is listed below. You will also find that client software will cache this key information after you accept it and if the key information ever changes the client will issue a warning. It is very important to react properly to those warnings!
Sandcastle SSH2 RSA Key MD5 Fingerprint: 10:76:c9:0e:1b:5d:bb:1c:37:15:65:a2:78:a0:d7:21 SHA256 Fingerprint: YV4QfF/CAo1hTchQF5SqSpVXziM/JGE/c1W8E77J9tc Sandcastle SSH2 ECDSA Key MD5 Fingerprint: 58:fd:79:73:8b:ef:fc:c4:f0:2a:33:09:79:6f:25:77 SHA256 Fingerprint: 68pS9WhcJf1AUmBbhrbVGKYvu+0lOWS8tMy3hwRCw/M Sandcastle SSH2 ED25519 Key MD5 Fingerprint: 36:e4:67:d3:50:8f:5a:d4:71:09:f3:45:38:71:e7:2b SHA256 Fingerprint: LEUqs5FpeGsM+C+g27czuTZZ7+kaARitb4LDgfrht3E
Notice that the SSH Host keys on Sandcastle were changed August 15, 2019 during the most recent OS upgrade.
For issues related to the change please set our information page on the implications and remediation for SSH clients.
For help configuring PuTTY to connect to Sandcastle please see our Help pages.
File transfers
In the summer of 2017 the FTP service on Sandcastle was disabled due to firewall policies governed by the University. In order to access files from your Sandcastle account, you will need to use an FTP client with the capability of connecting to SFTP (FTP over SSH). You should find that most FTP clients support this protocol, and you can find information on how to configure FileZilla in our Help pages.