Next Generation SSH2 Implementation
eBook - ePub

Next Generation SSH2 Implementation

Securing Data in Motion

  1. 336 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Next Generation SSH2 Implementation

Securing Data in Motion

About this book

New security risks, continuously evolving regulation and increasing security standards have created new and growing needs for secure internal information transfers, which SSH provides. This book addresses these new trends in depth, offering the most up-to-date information on the integration of SSH into a security environment. It covers the newest features and applications of SSH-2 (which received Proposed Standard status from the IETF in 2006). SSH2 is more secure than previous versions and has many expanded uses on a wider variety of computing platforms. Another particular note driving new SSH2 adoption are the requirements of recent legislation (PCI/HIPAA/SOX/FISMA). SSH 2 has become an even more valuable tool, as it provides communications security compliance with the latest standards.This book offers the most up-to-date information on SSH2 in a practical, hands-on, tutorial-style reference that goes well beyond UNIX implementation. It concentrates on the latest version of SSH 2 with all new information.- Discover why SSH2 offers more robust security than SSH1 and how to incorporate it into your network administration software toolbox

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Next Generation SSH2 Implementation by Dale Liu in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2011
Print ISBN
9781597492836
eBook ISBN
9780080570006
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Chapter 1. Solutions in this chapter:

  • Why Is There a Need to Use SSH?
  • What SSH Does and Does Not Do
  • Comparison Between SSH and SSHv2
  • What Are SCP and SFTP?
  • SSH and the C-I-A Triad
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Introduction

The purpose of this book is to explore the needs and functions of Secure Shell (SSH). We will endeavor to explain the history of the networks we use today and how they developed and expanded to a point where tighter security became increasingly more important.
We will look at how the OSI (Open Systems Interconnect) model and SSH relate to each other and also how to use the OSI model for troubleshooting network connectivity. Then we will look at the role of cryptography and the various methods of encryption from which we can draw. Once we understand the cryptography, we will then look at the actual SSH standards and how this protocol can aid in the secure transmission of controls and commands across the network. Then the various SSH platforms will be discussed and documented. The later chapters will round out the book with topics on port forwarding.
So let us embark on our journey with a brief history and introduction to SSH; all aboard!

Why Is There a Need To Use SSH?

In the beginning there were main frame computers. These large computers allowed programmers to input large mathematical formulas that would take hours or days to solve by hand. These computers could take the same formula and datum and solve it in seconds or minutes. As these computers became more flexible and could handle not only mathematical datum but also text and numerical information, people began to use them to manage more and more business and research data. Computers became more than just a tool for college and government organizations, as they started to be able to manage business data. As they became smaller and more powerful, tools to input and store data came into being and costs became more reasonable.
More customers were in the business world. These computers stored massive amounts of data and people could access these machines in a controlled environment. The topology of the network was called the Centralized Data Model; in this model all the data was stored on one central computer and access was through ā€œdumbā€ terminals. The terminals themselves had no computer processing power or storage. This protected the data from loss, damage, theft, and spying. In this model encryption was not necessary as the data was never vulnerable to the outside world. People could see only what the administrators allowed through the ā€œgreen screen,ā€ or dumb terminal.
As computers became more powerful and a need to share data across diverse and distant locations became more prevalent, wide area connections were established. At first these connections were done over analog phone lines using modem (Modulator/Demodulator) technology. There were two types of modems, synchronous and asynchronous. Synchronous modems used a special timing bit in the stream to keep the communications channel operating smoothly. In asynchronous modems, instead of a constant timing bit, the technology used a start and stop bit for each part of the transmission, ensuring each piece of data was received consistently. These analog connections were point to point and it was not easy for people to ā€œlisten inā€ on these connections.
As communications technology progressed and a shared, or interconnected, network of networks developed and more and more ā€œprivateā€ data was being transmitted over these open links, the need for encrypted transmission become necessary. In addition, with the wide areas of transmission, personal computers also brought about internal or Local Area Networks (LANs). These internal networks allowed computers to transmit and receive data from other computers and servers within the building. The data traffic of these devices became subject to eavesdropping by other individuals inside the network. The eavesdropping, also known as packet capturing, allowed internal people to view data they might not otherwise had the privilege of viewing. These two scenarios increased the need for data encryption.

Are You Owned?

Data Loss, an Inside Job

Survey after survey shows that data loss and data exposure are most likely done by people inside the organization. Check out some of the statistics:
  • 61% of respondents think data leakage is an insider's job. 23% believe those leaks are malicious.McAfee and Datamonitor's Data Loss Survey, 2007 (requires registration)
  • 85% of organizations surveyed reported that they have had a data breach event.Scott and Scott LLP and Ponemon Institute LLC, May 15th, 2007
  • One third of companies surveyed said a major security breach could put them out of business.McAfee and Datamonitor's Data Loss Survey, 2007 (requires registration)
  • More than 90% of the breaches were in digital form.2006 Annual Study: The Cost of Data Breach. Ponemon Institute, LLC, 2007
These statistics can be found at: http://www.absolute.com/resources/computer-theft-statistics-details.asp
For each type of remote connection, there are options on how to secure it. In this book we will focus on remote login/control from a client to a server. In the early days, we had two options. The first was remote login, or RLOGIN (TCP port 513); it allowed us to open a session on a UNIX server and issue commands. The second option was telnet (TCP port 23); both of these protocols use a clear text channel to send and receive information. Any user with a packet capture program like Wiresharkā„¢ will be able to see the entire session, including usernames and passwords. As networks became more vulnerable to these types of attacks and data leakage, we needed to protect the sessions. For this connectivity issue, SSH is the answer.
SSH employs strong industry recognized encryption methods to protect your data from exposure. It makes no difference if you are using SSH across your local area network or the Internet from a remote location; your data will be secured in these encrypted channels. This software replaces telnet and rlogin as your connectivity method and offers protection to your data. Continued use of rlogin and telnet could be considered a violation of your organization's security police and in some cases a violation of law; Sarbanes Oxley, for example, mandates that all communications containing financial data must be encrypted. If you are using telnet to create a remote session to a UNIX computer that contains your financial application, you are not in compliance with Sarbanes Oxley.

What SSH Does and Does Not Do

Is SSH a complete encryption solution for all your network needs? No! SSH is a method of connecting to a remote system and creating a console session for the issuing and executing of commands in an encrypted channel. It is not a remote access method for connecting to a LAN over a wide area connection; it is not a protocol that will encrypt your e-mail over the Internet. It provides for the ability to do the functions of rlogin and telnet with the added protection of encryption.
If you were to connect to a remote network (LAN) from a remote location, you would need Virtual Private Network (VPN) technology; to protect your e-mail with encryption, you would need PKI (Public Key Infrastructure), also known as digital signatures. Each type of data and connectivity will have its own type of encryption and protection. If you do not employ some method of protection, you will increase the risk to data exposure and loss.

Notes from the Undergroundā€¦

Types of Attacks

Throughout this book you will be introduced to a number of data attacks; these include man-in-the-middle, replay, packet capture, spoofing, and data manipulation. Each of these attacks can be stopped by adding encryption. This protects your data from view and manipulation, but only if the encryption is strong and implemented properly!
It is important to know the limitations of any type of security solution. SSH's major purpose is to establish encrypted shell sessions between your client machine and a server of some sort (that se...

Table of contents

  1. Brief Table of Contents
  2. Table of Contents
  3. Copyright
  4. Lead Author and Technical Editor
  5. Contributing Authors
  6. Acknowledgments
  7. Chapter 1. IntroductionSolutions in this chapter:
  8. Chapter 2. OSI Model and Then SomeSolutions in this chapter:
  9. Chapter 3. An Introduction To CryptographySolutions in this chapter:
  10. Chapter 4. SSH FeaturesSolutions in this chapter:
  11. Chapter 5. SSH ShortcomingsSolutions in this chapter:
  12. Chapter 6. SSH Client BasicsSolutions in this chapter:
  13. Chapter 7. The SSH Server BasicsSolutions in this chapter:
  14. Chapter 8. SSH on WindowsSolutions in this chapter:
  15. Chapter 9. Linux SSHSolutions in this chapter:
  16. Chapter 10. Mac SSHSolutions in this chapter:
  17. Chapter 11. SSH Command Line and Advanced Client UseSolutions in this chapter:
  18. Chapter 12. SSH Server Advanced UseSolutions in this chapter:
  19. Chapter 13. SSH Port ForwardingSolutions in this chapter:
  20. Index