Next Generation SSH2 Implementation: Securing Data in Motion

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

New security risks, continuously evolving regulation and increasing security standards have created new and growing needs for secure internal information transfers, which SSH provides. This book addresses these new trends in depth, offering the most up-to-date information on the integration of SSH into a security environment. It covers the newest features and applications of SSH-2 (which received Proposed Standard status from the IETF in 2006). SSH2 is more secure than previous versions and has many expanded uses on a wider variety of computing platforms. Another particular note driving new SSH2 adoption are the requirements of recent legislation (PCI/HIPAA/SOX/FISMA). SSH 2 has become an even more valuable tool, as it provides communications security compliance with the latest standards.This book offers the most up-to-date information on SSH2 in a practical, hands-on, tutorial-style reference that goes well beyond UNIX implementation. It concentrates on the latest version of SSH 2 with all new information. * Discover why SSH2 offers more robust security than SSH1 and how to incorporate it into your network administration software toolbox.

Author(s): Max Caceres, Aaron E. Earle, Devin Ganger, Wipul Jayawickrama, Jan Kanclirz Jr., Dane Liu, Tim Robichaux, Eric S. Seagren, Brad Smith, Christopher Stokes
Edition: 1st
Year: 2008

Language: English
Pages: 317

cover......Page 1
Copyright......Page 2
Lead Author and Technical Editor......Page 3
Contributing Authors......Page 4
Acknowledgments......Page 9
Introduction......Page 10
Why Is There a Need To Use SSH?......Page 11
What SSH Does and Does Not Do......Page 13
Comparison Between SSH and SSHv2......Page 14
Encryption Standards......Page 15
What Is SCP and SFTP?......Page 16
SSH and the C-I-A Triad......Page 17
Comparison Between SSH and SSHv2......Page 20
SSH and the C-I-A Triad......Page 21
Frequently Asked Questions......Page 22
OSI Model and Then Some......Page 23
50,000 Foot View of the OSI Model......Page 24
Application Layer (7)......Page 26
Presentation Layer (6)......Page 27
Transport Layer (4)......Page 28
Network Layer (3)......Page 29
Physical Layer (1)......Page 30
Using the OSI Model to Troubleshoot......Page 31
Applying the OSI Model to Forensics......Page 37
Using the OSI Model to Troubleshoot......Page 45
Applying the OSI Model to Forensics......Page 46
Frequently Asked Questions......Page 47
An Introduction To Cryptography......Page 49
Confidentiality......Page 50
Integrity......Page 51
Authentication......Page 52
Secure Sockets Layer/Transport Layer Security......Page 53
Cryptographic Systems......Page 54
Symmetric Key Cryptosystems......Page 56
Asymmetric Key Cryptosystems......Page 57
Block Ciphers......Page 58
Stream Ciphers......Page 59
Cryptographic Key Management......Page 60
Diffie–Hellman Key Exchange Protocol......Page 61
Cryptographic Hash Functions......Page 62
Message Authentication Codes......Page 63
Attacks on Cryptosystems......Page 64
Ciphertext-Based Attacks......Page 65
SSH Key Exchange......Page 66
Encryption Algorithms Supported by SSH......Page 67
Cryptographic Protocols and Applications......Page 68
Cryptographic Functions......Page 69
Cryptography and SSH......Page 70
Frequently Asked Questions......Page 71
SSH Features......Page 73
Introduction to SSH......Page 74
SSH Standards......Page 75
SSH Message Types......Page 77
SSH-TRANS......Page 78
SSH-USERAUTH......Page 79
SSH-CONNECT......Page 81
SSH vs. Telnet/Rlogin......Page 85
SSH Client/Server Overview......Page 87
Packet Capture Detection......Page 88
Summary......Page 91
SSH Standards......Page 92
Packet Capture Detection......Page 93
Frequently Asked Questions......Page 94
SSH Shortcomings......Page 95
Getting the Request to the Target: Physical Attack......Page 96
Attacking in person......Page 97
Attacking the Psyche......Page 98
Phishing......Page 99
Hardware......Page 100
Trojans......Page 101
How Do You Know if You’re Under an SE Attack?......Page 102
Responding to an SE Event......Page 103
IT Responses......Page 104
Management Response......Page 105
What’s Currently Working?......Page 106
Actually Looking at the Browser Training......Page 108
Policy and Procedures for SE Attack......Page 109
You’re So Wonderful!......Page 111
Please Help Me Save My Job!......Page 112
Responding to an SE Event......Page 113
Defending against Social Engineering Attacks......Page 114
Frequently Asked Questions......Page 115
SSH Client Basics......Page 117
Using OpenSSH to Encrypt Network Traffic Between Two Hosts......Page 118
The OpenSSH Suite......Page 119
Installing OpenSSH......Page 122
Insecure r-command Authentication......Page 123
Secure SSH Authentication......Page 125
Implementing SSH to Secure Data......Page 127
Distributing the Public Key......Page 130
The SSH Client......Page 134
SSH Extended Options......Page 136
Understanding Network Encryption......Page 140
Implementing SSH to Secure Data......Page 141
The SSH Client......Page 142
Frequently Asked Questions......Page 143
The SSH Server Basics......Page 145
The Components That Make Up the SSH Server......Page 146
Protocols in Use......Page 147
SSH Authentication Protocol......Page 149
SSH Transport Layer Protocol......Page 151
Connection Protocol......Page 153
Randomness of Cryptography......Page 154
X11 Forwarding......Page 156
Pipes......Page 157
PPP over SSH......Page 158
Reflection for Secure IT Protocol......Page 159
Reflection for Secure IT Authentication......Page 160
Reflection for Secure IT Logging......Page 161
OpenSSH......Page 162
SSH1 e SSH2......Page 163
Dropbear SSH Server and Client......Page 164
WAN – LAN Connections......Page 165
Authentications......Page 166
Server Options......Page 167
Running the Server......Page 171
Basic Server Configuration......Page 173
Authentication......Page 174
Which Communication Is Protected with SSH......Page 177
Running the Server......Page 178
Authentication......Page 179
Frequently Asked Questions......Page 180
SSH on Windows......Page 181
SSH Tectia......Page 182
PuTTY......Page 184
WinSCP......Page 186
Windows and POSIX......Page 188
Interix, SFU, and SUA......Page 189
Win32......Page 190
Windows 2000, Windows XP, or Windows Server 2003......Page 192
Windows Server 2003 R2, Windows Vista (Enterprise or Ultimate), or Windows Server 2008......Page 193
Installing the SUA SDK and Utilities......Page 194
Installing the Software......Page 195
Installing Cygwin and OpenSSH......Page 196
COPSSH......Page 198
SSH Tectia......Page 199
freeSSHd......Page 200
Using Native Windows SSH Servers......Page 203
Frequently Asked Questions......Page 204
Linux SSH......Page 205
Installing OpenSSH Using a Package Manager......Page 206
Controlling Your SSH server......Page 208
Using the Start and Stop Commands......Page 209
Configuring SSH to Ease Your Paranoia......Page 210
Changing the Default Listening Port......Page 211
Allowing and Denying Connections Using hosts Files......Page 212
Binding to a Specific Address......Page 213
Logging into Remote Systems Securely......Page 214
File Transfer Using SSH......Page 215
Executing Secure Commands Remotely......Page 216
Connecting to Your SSH Server from Windows......Page 217
Additional Avenues of Approach......Page 218
Controlling Your SSH Server......Page 219
Additional Avenues of Approach......Page 220
Note......Page 221
Mac SSH......Page 222
Using SSH on a Mac......Page 223
Transferring Files Securely with SCP and SFTP......Page 224
Configuring Your Mac for Remote Access......Page 226
X11 Forwarding......Page 227
Establishing an X11 Forwarding Session with a Remote Computer......Page 228
X11 Forwarding from a Mac to a Remote X Server......Page 229
Simplifying Key Management with the SSH Agent......Page 230
Scripting Securely with SSH......Page 232
Searching for Documents with the Word fish or the Word Chips......Page 233
Managing Local Disks......Page 234
Verifying Permissions......Page 235
Printing Mac OS X Version Information......Page 236
Having Fun with Multimedia......Page 237
Spooking Your In-Laws......Page 238
Scripting Securely with SSH......Page 240
Frequently Asked Questions......Page 241
SSH Command Line and Advanced Client Use......Page 243
Client Configuration......Page 244
Verbose Medium......Page 254
Secure Copy......Page 259
PuTTY Pageant Key Management Utility......Page 260
PuTTY psftp Secure FTP Utility......Page 261
PuTTY pscp Secure Copy Utility......Page 264
Verbose Medium......Page 267
Secure Copy......Page 268
Frequently Asked Questions......Page 269
SSH Server Advanced Use......Page 270
Controlling Access Using ACLs......Page 271
Configuring the Windows Firewall......Page 272
Configuring the Linux Firewall......Page 273
Using TCP Wrappers......Page 274
Using sshd_config Options......Page 275
Using Host Keys for Authentication......Page 276
Maintaining System Time......Page 278
Configuring the Warning Banner......Page 279
Securing User Home Directories......Page 280
Controlling Session Timeouts......Page 281
Logging Using sshd......Page 282
Logging Using Netfilter......Page 283
Security Considerations of Logging......Page 284
Debugging SSH......Page 285
Maintaining System Time......Page 287
Logging Options......Page 288
Debugging SSH......Page 289
Frequently Asked Questions......Page 290
SSH Port Forwarding......Page 292
SSH Port Forwarding Commands......Page 293
Securing E-mail with SSH Local –L Port Forwarding......Page 295
Bypassing Firewalls with SSH Remote –R Port Forwarding......Page 299
Using SSH SOCKS Proxy –D To Tunnel Your HTTP/DNS Traffic......Page 302
Bypassing Firewalls with SSH Remote –R Port Forwarding......Page 307
Using SSH SOCKS Proxy –D to Tunnel Your HTTP/DNS Traffic......Page 308
Frequently Asked Questions......Page 309
C......Page 310
L......Page 311
O......Page 312
S......Page 313
V......Page 316
W......Page 317