NEWS YOU CAN USE FROM VANDYKE SOFTWARE
A Monthly Newsletter - August 2003
Just what are IT professionals looking for in a Secure Shell (SSH2) server? We asked beta testers of our VShell™ 2.2 SSH2 server this question. This month we share with you some of their answers.
Don't miss a free SANS webcast on advanced Secure Shell techniques on September 3rd. Also, read a time-saving tip from a SecureCRT® and VShell user who uses VCP, a command-line file transfer utility, to perform automated uploads in conjunction with Outlook.
The official releases of VShell 2.2 servers for Windows and UNIX are now available as well as maintenance releases for VShell 2.1.6, SecureCRT 4.0.8, and CRT™ 4.0.8.
-------------
Contents
-------------
1. Feature - What IT Professionals Want in an SSH Server
2. Tips - Automating Tasks with VCP and Outlook
3. Recommended Reading - Honeypots: Tracking Hackers
4. New Releases
5. Current Releases
FREE SANS WEBCAST
Want to increase your knowledge of Secure Shell techniques? Don't miss
the SANS Institute's complimentary First Wednesday Webcast, "Six
Advanced SSH Techniques", Wednesday, September
3rd at 1 p.m. EDT (1700 UTC), featuring Bill Stearns, a SANS Institute
network manager and faculty member.
Learn how to use SSH's encryption and authentication to protect more than remote command-line sessions. Topics covered will include copying files, port forwarding, and running graphical applications over SSH. You'll also learn about using SSH keys and backups over SSH as well as running commands on multiple remote machines simultaneously.
VanDyke is sponsoring this webcast and we'll present an overview of VShell 2.2 for UNIX and Windows.
Sign up for the September 3rd SANS webcast today at:
http://www.sans.org/webcasts/show.php?webcastid=90307
To access SANS webcasts you must have a SANS portal account. If you do not have a portal account, you may sign up for one at: http://portal.sans.org.
ADVANCED SSH TECHNIQUES
-----------------------------------------------------------------------------
1. Feature - What IT Professionals Want in
an SSH Server
-----------------------------------------------------------------------------
Over 300 beta sites participated in testing VShell 2.2, our Secure Shell server for Windows and UNIX. We asked beta testers about what they need in a Secure Shell server, their platform preferences, most frequently used features, and need for advanced authentication methods.
Here's what some of your fellow IT professionals had to say.
Secure Shell server solutions seemed to be popular among system administrators, programmers, and webmasters in industries ranging from high tech consulting, ISP/web hosting, telecommunications, and computer software to more vertical industries like healthcare, banking and finance, and automotive. The majority of these IT professionals have multiple sites to manage.
Many beta testers wanted to know what advantages VShell offers over OpenSSH,
or were looking for ways to standardize their SSH servers on one product.
These IT professionals also needed
solutions for mixed operating system environments. Some wanted to provide
secure file transfer to UNIX servers from Windows clients. Others were
looking for ways to get Windows desktops
to connect easily and securely with Linux servers.
Here are some of the reasons that beta testers wanted to evaluate VShell 2.2:
- "We administer a large number of UNIX servers and are looking
for a way to manage the access the people have yet simplify their jobs
as much as possible. A centralized system of authenticating remote users
would be appreciated."
- "My customers are looking mainly for secure FTP connections with an easier interface that they can configure rather than using OpenSSH which is very functional, but not easy to configure."
Two hundred forty-five of the testers ranked their top five most needed
platforms for SSH2. Windows came out the winner with 45 percent needing
an SSH2 solution--not surprising since
many participants were VanDyke Windows client customers. Red Hat 8 ranked
second at 16 percent. Linux-Other (13 percent) beat Solaris (10 percent).
The majority of participants use SSH2, though a few still use SSH1. File
transfer is used most often, ranking higher than both port forwarding
and shell access. Password authentication
is used more frequently than public key, with fewer numbers using more
advanced methods like Kerberos and X.509 for authentication.
Based on feedback during the beta test, we added features to VShell to
increase the IT professional's ability to fine-tune access and privileges
and provide a wider range of
authentication methods. Here's a selection of the new capabilities and
what the evaluators had to say about them.
- Restrict SFTP access to home directories.
"In a hosting environment clients want to be able to drag and drop
file transfer in bulk. This is not possible unless you have some kind
of SSH capable client. Unfortunately,
there is no way to restrict the shell from the file transfer portion and
chroot the users so they can't get past their home directory. I have applications
that need that kind of capability. It has become nearly impossible to
set up chroot shells." —Beta tester at an IT consulting firm
- Add ACLs to control access to services on a user or group basis.
"One of the issues we have in our environment is properly
limiting users' accounts to perform only those tasks we'd like them to
use (preventing interactive logins but allowing file-transfer, for example).
This would allow us to establish multiple levels of service-control for
our various
user groups (end-users, application admins, help desk staff, security
admins, operating admins, et cetera). —Beta tester from a human resources
consulting firm
- Provide Jail Shells (chrooting) to restrict shell access to users' home directories.
". . . This is the real problem that I need to solve: how do I allow a shell user to log into the system securely, but trap their shell access so that they can't get past their home directory on the tree. Another term commonly used is "chrooting". Changing the root directory for a login session. Typically this is done for certain daemons that may have too many security holes." — Technical consultant
- Add Agent support.
Beta testers didn't specifically ask for this feature, but 27 percent of the participants indicated that they currently use Agent in their environments. The addition of Agent support seemed to have an impact on the number people signing up for beta testing.
- Offer a wider range of authentication methods and platform support.
A number of beta testers wanted a wider range of authentication methods
and platform support. Kerberos v5 support via GSSAPI was added and we
ported VShell to FreeBSD. Future releases
will add support for HP-UX, AIX, and Mac OS X.
Are you currently using or considering an OpenSSH or commercial Secure Shell server solution? We'd like to hear your comments about our findings.
Send us an e-mail at:
--------------------------------------------------------------------
2. Tips - Automating Tasks with VCP and Outlook
--------------------------------------------------------------------
This month's tip was submitted to us by a customer who is using VCP,
a command-line file transfer utility included with SecureCRT, to perform
automated uploads in conjunction with Microsoft Outlook. Each day he was
manually selecting files and adding the date to the filenames. Now he
simply clicks
on a custom button in Outlook and his files are renamed with the date
and sent securely using VCP. What a time and hassle saver!
To get a sample script and read more about a simple way to automate tasks using VCP with another application go to:
http://www.vandyke.com/support/tips/vcpoutlook.html
Do you have a product tip you'd like to share?
Send us your tip at:
If we use your tip, we'll send you a VanDyke t-shirt and an Amazon.com gift certificate!
-------------------------------------------------------------------------------
3. Recommended Reading - Honeypots: Tracking
Hackers
-------------------------------------------------------------------------------
This month's pick is "Honeypots: Tracking Hackers," by Lance Spitzner (Addison-Wesley, 2002, ISBN 0321108957).
Here's an excerpt from the book cover:
"'Honeypots: Tracking Hackers' is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter™, Honeyd, Homemade honeypots, ManTrap®, and Honeynets...
With this book you will gain an understanding of honeypot concepts and
architecture, as well as the skills to deploy the best honeypot solutions
for your environment. You will arm yourself with the expertise needed
to track attackers and learn about them on your own. Security professionals,
researchers, law enforcement agents, and members of the intelligence and
military communities will find this book indispensable." (©
2002, Addison-Wesley)
The accompanying CD-ROM includes white papers, source code, and evaluation copies of software and data captures of real attacks. A number of the book's screenshots feature SecureCRT.
Visit Lance Spitzner's web site for the book at:
http://www.tracking-hackers.com/book/
-----------------------
4. New Releases
-----------------------
The official releases of VShell 2.2 Secure Shell servers for Windows and UNIX are now available. VShell 2.2 increases your choices for enterprise-wide authentication methods by introducing support for Kerberos v5 authentication via GSSAPI. VShell 2.2 provides you with more options to fine-tune your server and environment and limit access to sensitive areas.
To find out more about VShell 2.2, visit:
http://www.vandyke.com/products/vshell/index.html
New maintenance releases are available for VShell 2.1.6, SecureCRT 4.0.8, and CRT 4.0.8.
You can download new releases at:
http://www.vandyke.com/download/index.html
For quick access to previous official releases, go to:
http://www.vandyke.com/download/prevreleases.html
---------------------------
5. Current Releases
---------------------------
Here are our latest official product releases:
VShell 2.2 Servers for Windows and UNIX
SecureCRT 4.0.8
SecureFX® 2.1.6
Entunnel™ 1.0.6
CRT 4.0.8
AbsoluteFTP® 2.0.5
To download any of our current releases, go to:
http://www.vandyke.com/download/index.html
To download OpenSSH 3.5p1, an extended version of OpenSSH that supports
the public-key subsystem, visit:
http://www.vandyke.com/download/os/pks_ossh.html
All VanDyke Software products may be downloaded and evaluated at no cost
for 30 days. Licenses include one year of free upgrades and unlimited
access to our expert technical support.
Pass it along! If you find this monthly newsletter helpful and informative,
forward it to co-workers or friends, or tell them where to sign up.
http://www.vandyke.com/support/newreleasemailinglist.html
--------------------------
What do you think?
--------------------------
Let us know what you think about this issue. Was the tip useful? Did you like the feature? Is there a topic you'd like to see us write about? Send us an e-mail at:
----------------------------------
Subscription Information
----------------------------------
VanDyke Company News is an opt-in mailing list. If you prefer not to receive e-mail like this from us, or need to change your e-mail address, go to:
http://www.vandyke.com/support/newreleasemailinglist.html
You may also send an e-mail message to:
with the following message in the body of your e-mail:
unsubscribe vandyke-company-news
---
VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.
All other products and services mentioned are trademarks or registered
trademarks of their respective companies.