Secure Your Network
By Joshua Drake
A few years back, I learned that using protocols such
as Telnet and FTP was a bad choice. Although both
protocols are widely used, many consumers don't truly
understand their ramifications. The core problem with
Telnet and FTP is that both programs send all data in
plaintext format. If I were a cracker on your network,
I could listen to (sniff) ports 23 and 21 and be
almost guaranteed to see a user log onto a machine and
send a username and password in plaintext. With that
information, I could easily infiltrate your server.
The scary part about the above scenario is that I
don't need to be on your machine to sniff the
information. I only need to be on the network on which
your machine runs.
|F-Secure SSH Server/Client
Contact vendor for pricing.
|Pros:Excellent graphical scp client. Versions for Windows NT and 2000.
||Cons:Doesn't work well with OpenSSH. Relatively expensive.
A solution to this problem has existed since 1995, and
it's called Secure Shell (SSH). This tool suite is
designed to replace Telnet, FTP, RSH, and RCP, all of
them legacy Unix/Linux protocols. All actions
performed with SSH are completely encrypted, including
the login sequence. Thus, when a user sends a password
to the server, a sniffer sees only a stream of
encrypted data. The new version, SSH2, fixes several
security holes and is almost a complete rewrite.
There are three popular SSH products on the market.
The first is OpenSSH, an open-source implementation.
The other two are SSH Communications Security's SSH and
F-Secure SSH. OpenSSH ships with all major
distributions of Linux, BSD Unix (FreeBSD, OpenBSD,
NetBSD, and so on) and is available for most Unix
platforms. The developers don't provide commercial
support. SSH Communications Security's implementation
is the grand daddy of them all. SSH Communications
created the SSH protocol and the common suite of tools
that the other SSH implementations use.
F-Secure is well known for its antivirus and data
security products. I looked at its SSH Server/Client
in this review. The F-Secure SSH products operate on a
variety of platforms such as Unix, Linux, and Windows
NT. Client and server versions are available for each
platform. The SSH server installation was easy under
Linux. It required only a single RPM
(-if-secure-SSH-2.4.0.i386.rpm) and we were up and
running. The installation even generated the secure
keys automatically. The only incomplete part of the
installation was that the RPM doesn't automatically
start the SSHd daemon. You must use the service sshd2
I normally run OpenSSH on my machines. To test
interoperability, I used the OpenSSH client on my
workstation to connect with the Red Hat 6.2 machine on
which F-Secure SSHd daemon was installed. The
connection worked flawlessly. Next, I tested the scp
features. The OpenSSH client was able to connect with
F-Secure server and authenticate, but it was unable to
copy the file across the network. I tried multiple
files without success. There was no immediate way for
me to tell whether the error was caused by F-Secure or
OpenSSH. Oddly, I was able to use the F-Secure SSH
client to scp a file from my workstation running
My office uses a single Windows 2000 machine for
testing purposes. The machine usually runs a free SSH
client called ttsh. I wanted to determine whether the
F-Secure Windows client was any better. Installation
was simple, but required me to reboot Windows 2000
before using it. After rebooting, I launched the SSH
client and proceeded to connect with my workstation. I
was able to open a session with my workstation running
OpenSSH without any problems.
I also tested the connection with the
F-Secure server, and it worked flawlessly. The
terminal emulation was clean and the client was very
functional. Although the Windows 2000 version of the
scp client wasn't as successful, it was still good. It
connected to the F-Secure SSH server without problems,
but it wouldn't connect to the OpenSSH server. In
general, I prefer the Windows scp client because it
reminds me of a standard FTP client. As a Linux user,
I have spent my fair share of time at the command line
and it was nice to have an encrypted graphical
interface to remote files.
In conclusion, the F-Secure product seemed robust and
easy to maintain. I was able to transfer large amounts
of files without problems and perform all of my
routine SSH required tasks. The interoperability
issues could be a large hindrance factor to the
If a product is unable to work completely and reliably
with the other available clients/servers, users will
be less likely to use that product. Of course, the
issue could be with OpenSSH, but OpenSSH is free and
proliferates through the distributions of Linux and
other free Unices.
F-Secure has a positive note, which is the NT/2000
Server version of SSH. You can use the F-Secure NT
server to remotely manage an NT/2000 machine. The
remote management of an NT server can be difficult at
times, however, and it costs $834 per license for the
F-Secure NT/2000 version, so I'm more inclined to use
PPTP and VNC to administer my NT/2000 servers. SSH
Communications has a version of SSH for NT/2000 as
well, but this costs $565 per license.
For now, I'll stick with OpenSSH for my SSH needs.
It's open, it's free, and I can use it for every
platform I manage. However, if you're a Microsoft
user, the F-Secure product could be a good choice.
Joshua is cofounder of Command Prompt, Webmaster for
the Linux Documentation Project, and a regular
contributor to several magazines. You can reach him at email@example.com.