NEWS YOU CAN USE FROM VANDYKE SOFTWARE®
First, some highlights from the recent LISA 2003 conference, with a focus on time management for sysadmins. Then, in case you stay awake at night thinking of ways to secure file sharing, this month's tip covers securing SMB shares on Windows. Finally, just as you finish your holiday wish list, Marc Orchant reviews the newest book on Secure Shell by Himanshu Dwivedi of @Stake, with a bonus online interview with the author.
1. Feature - LISA Conference Report
Some LISA tutorials covered hardening common operating systems like FreeBSD and Mac OS X. In one popular session, Steve Acheson and Laura Kapur presented on "Architecting a Secure Environment." They laid out the political and financial layers that network administrators need to add to the OSI model to successfully implement a secure network.
One of the most jammed sessions addressed a softer topic than authentication or security architecture: time management for system engineers. Working system administrator Tom Limoncelli spoke to a packed auditorium of 150 people, and received a standing ovation. He addressed why standard approaches don't work for sysadmins (they get interrupted constantly, have lots of short-term projects, and don't like being told how to do their work), the importance of having a system for time management, the advantages of PDAs and paper planners, and the value of help desk software, among many other points.
You can find more of Tom's ideas in his book "The Practice of System and Network Administration," Addison Wesley 2003, ISBN: 0201702711, www.everythingsysadmin.com.
Just in case you are one of those people who does like to absorb new ideas on managing your time, we compiled a list of our favorite books on managing your time and focus for projects great and small.
Finally, for any cynics out there, an amusing title:
Do you use SMB Samba to provide file services to your users? You might have worried about security for these mounts. Never fear: SMB services can be accessed securely through Windows Explorer using a Secure Shell tunnel provided by SecureCRT® or Entunnel™. There is a significant tradeoff involved, since SMB support is mutually exclusive with Windows File and Print Services, but the added security may be worth it to your organization.
Setting up a Secure Shell tunnel for SMB involves two choices in approach and significant configuration changes. You can provide a tunnel for SMB to only the machine running SecureCRT or Entunnel, or use a "gateway" machine to allow access from multiple clients. The sections below describe the two approaches. For complete step-by-step instructions, visit the following page on the VanDyke Support web site:
In both cases, the Windows client machine will not be able to share any local files or printers, as File and Printer Sharing must be uninstalled in order to allow Entunnel or SecureCRT to bind to the required port (139) to accept incoming connections.
Secure Single-PC Access To An SMB Share
If you have only one machine, remote or on a LAN, that needs a secure tunnel to an SMB share, you will probably want to follow the first set of steps. This allows access to the share from only the machine running Entunnel or SecureCRT.
You can now use Windows Explorer to browse the shares on the remote SMB server, and can also map a network drive with the path:
To set up a secure tunnel to an SMB share that is accessible to multiple users within a local network, follow the second set of steps. The "gateway" machine running SecureCRT or Entunnel will not be able to map any network shares itself.
You can now use Windows Explorer on a separate machine to browse the shares on the remote SMB server, and can also map a network drive with the path:
"Implementing SSH: Strategies for Optimizing the Secure Shell," by Himanshu Dwivedi, (John Wiley & Sons 2003, ISBN: 0471458805) is a tactical guide to installing, implementing, optimizing, and supporting Secure Shell in order to secure your network.
Himanshu Dwivedi, Security Architect for @Stake, explains how Secure Shell provides the core requirements for better network security: authentication, authorization, encryption, integrity, and auditing. He also lays out ways to optimize the protocol for security and functionality on Unix, Windows, and network architecture environments. Dwivedi explores implementations by VanDyke Software, SSH Communications, and OpenSSH.
Incorporating architectural examples and case studies, the book focuses on acquiring the necessary skills to:
Recently we sat down with Himanshu Dwivedi to discuss why he felt the book was needed and what he'd like to see improved in the protocol and its implementations. Read the complete interview here:
Beta releases are available for SecureCRT 4.1, SecureFX® 2.2, CRT™ 4.1, and AbsoluteFTP® 2.2.
The beta 5 releases of SecureCRT 4.1 and SecureFX 2.2, when used with VShell™ 2.2, provide support for Kerberos v5 authentication.
New maintenance releases are also available for VShell 2.2.3, SecureCRT 4.0.9, Entunnel 1.0.8 and CRT 4.0.9.
You can download new releases at:
For quick access to previous official releases, go to:
The following lists our latest official product releases:
To download any of our current releases, go to:
Let us know what you think about this issue. Was the tip useful? Did you like the feature? Is there a topic you'd like to see us write about? Send us an e-mail at:
VanDyke Company News is an opt-in mailing list. If you prefer not to receive e-mail like this from us, or need to change your e-mail address, go to:
VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.
All other products and services mentioned are trademarks or registered trademarks of their respective companies.