 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 10 Apr 2002 05:16:54 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
ssh - Secure Shell
A method of securing network-based connections to Unix/Linux servers at
the X-session level is to use token-based authentication. This is based
on exchange and challenge of "Magic Cookies", one supplied by the client
and one maintained by the server.
Secure Shell (ssh) is a method of keeping the tokens secure and securing
the X data stream from being intercepted. ssh encrypts data passing
between systems virtually eliminating attacks like IP spoofing,
interception of plain text data like magic cookies and passwords, and
attacks built using IP source routing. ssh can also tunnel several types
of binary data streams such as the X-data stream. ssh can actually
improve performance because it compresses data streams on the fly.
SSL (secure Sockets Layer)
was proposed originally by Netscape as a low level encryption scheme to
encrypt transactions in higher level protocols like HTTP, NNTP, and FTP.
The SSL protocol includes provisions for server authentication
(verifying the server to the client), encryption of data in transit, and
optional client authentication (verifying the client's identity to the
server).
Using SSL enabled clients and servers you can send encrypted messages
without fear of interception. Public key encryption for user
verification sits on top of SSL and relies on keys and certificates
issued by Companies such as Versign and Thwate.
SSL is most often mentioned in the context of securing web server
transactions although Netscape Messenger can also use it for emails.
The Netscape browser (4.7) has facilities for managing keys and
certificates - click on the small security logo in the bottom left
corner of the browser window to get to the security management menu.
I'm not aware that MSIE provides the same facilities; does anyone know
if it does and how to access it.
A useful and interesting article on SSL and why it's not in Apache by
default can be found at http://www.apacheweek.com/features/ssl
SSLeay is a freely available implementation of SSL which can be easily
integrated into Linux servers.
Commercially available secure servers using SSL include Raven, Redhat
Secure Server, and Stronghold.
In article <[log in to unmask]>, Dave Knispel <dave.knispel@
FREQUENCYMARKETING.COM> writes
>Questions. How does ssh (secure shell) compare to ssl (secure sockets
>layer)? Any quicky answers I can give to the sales force? I know ssh
>starts a secure session and ssl is used primarily for web sites. Is that
>the main difference?
>David Knispel
>[log in to unmask]
>Phone: 513-248-5029
>Fax: 513-248-2672
--
Chris Thompson
Technical Director
The Internet Agency, UK
http://www.the-internet-agency.com
European Distributors for Advanced Networks Systems Inc.
Distributors of CCS TRAX and CCS C-iX 'C' compiler for MPE
MPE migration tools and services
IBM Development Partner
Voice: +44 7836 364575
Fax: +44 1202 418209
Email [log in to unmask]
ANSI -
Advanced Network Systems Inc., USA
http://www.advnetsys.com
Voice: +1 908-638-3330
Fax: +1 908-638-3331
Email [log in to unmask]
----
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|
