Close Window
 

NEWS YOU CAN USE FROM VANDYKE SOFTWARE®

A Monthly Newsletter – November 2004

Come on, admit it. You've been stealing spare moments to jot down your holiday gift list, just in case someone other than your mom wants to know. You haven't? Well then, what are you waiting for! OK, it's an outside chance, but just in case you had "explanation of Secure Shell host keys" on that list, we can give you your first holiday gift. Other trinkets from us to get you in the holiday mood: a printing tip, a report from IETF, and a sampling of recent security news (but no partridge in a pear tree). Since last month was quiet on the software releases front, check out the new releases section; it might be time for an update.

-------------
Contents
-------------

1. New Web Content – "Understanding Host Keys" White Paper
2. Tip – Printing To A Text File From SecureCRT®
3. News Flash From IETF
4. Scanning the Web: Current Security Issues
5. Heard On The Forums
6. New Releases
7. Current Releases

-----------------------------------------------------------
1. New Web Content – "Understanding Host Keys" White Paper
-----------------------------------------------------------

Here's a situation most of us have seen more than once: you point SecureCRT to a familiar Secure Shell server, connect, and up pops that daunting dialog asking you to accept or reject a new host key. If you have ever wished you understood those options better or just wondered what a host key was, then do we have a white paper for you.

The new "Understanding Host Keys" white paper may be found on the Vandyke Software web site:

  http://www.vandyke.com/solutions/whitepapers.html

----------------------------------------------------------------
2. Tip – Printing To A Text File From SecureCRT
----------------------------------------------------------------

There are any number of times when it is useful to be able to print to a text file from SecureCRT. This can be accomplished by configuring SecureCRT to print to a Windows Generic/Text Only printer. This sends screen output from your session to a text file, which you can then print from Notepad or another Windows application.

There are two components to configure. First you create a new Generic/Text Only printer from the Windows Printers control panel. This text-only printer is set to output to a file. Then you configure SecureCRT in Print Setup to print to the Generic/Text Only printer. This can be done for one session or globally.

For complete step-by-step instructions on printing to a text file, visit the following page on our web site:

  http://www.vandyke.com/support/tips/nl112004.html

---------------------------------
3. News Flash From IETF
---------------------------------

The 61st IETF just finished meeting on November 12 in Washington, DC. One of topics of discussion for the Secure Shell (secsh) working group was a new specification draft for the SSH File Transfer Protocol, or SFTP v6.

SFTP is the standard file transfer protocol for use with the SSH2 protocol, providing secure file transfer functionality over any reliable data stream.

Many of the changes in SFTP v6 provide greater predictability for server failure. In other words, if two different servers are faced with the same failure, what is reported to the client should be the same. This consistency is a great benefit to the smooth operation of automated processes and file system drivers.

The SFTP v6 draft also specifies support for text-mode hints from servers that are capable of providing these hints, which should allow the client to know which files should be downloaded in text mode.

Here are the major changes from SFTP v4 (currently shipping in VanDyke Software products) to SFTP v6:

    • Better support for expressing exactly what kind of file access (e.g., read-only, read/write, etc.) is desired (v5).
    • Client control of file-level locking if the server supports it (v5).
    • Improved specification of exactly when and how the server is supposed to fail requests. For example, the draft is now clear that requests to set attributes on a file that the server doesn't support must fail (v5, v6).
    • SFTP v3 does not specify charset for filename, and SFTP v4 uses UTF-8. However, most UNIX servers can't reliably translate to UTF-8. SFTP v6 addresses this by allowing the client to enable and disable UTF-8 translation (v6).
    • Support for hash-based content checking of file differences. For example, this can be used when the client has part of a file on the server and wants to make sure it actually has a valid copy of that part. Or the client may have the whole file and want to quickly verify it has an accurate copy (v5).
    • Support for querying the free disk space on the server (v6).
    • Support for the server, if it has the capability, to provide hints about whether or not a file is text (v6).
    • More flexible SFTP version negotiation (v6).

Quite a bit of discussion went on during the drafting of SFTP v6. SFTP v6 resolves many outstanding issues, including UTF8 issues, present in previous specification drafts. This should allow wider implementation of SFTP v6.

The SFTP v6 protocol specification is still undergoing revisions, but a new version will be available on the IETF web site in the next few weeks. To read the latest draft specification of SFTP v6 go to (clicking on this link will open a text file in a new browser window):

  http://www.vandyke.com/technology/draft-ietf-secsh-filexfer.txt

--------------------------------------------------------------
4. Scanning the Web: Current Security Issues
--------------------------------------------------------------

Here are some recent security news highlights, assembled by our roving news junkie Marc Orchant from his favorite RSS feeds.

SearchSecurity.com: Home users threaten enterprises
A Bentley college survey, funded by Symantec, showed that home computer users remain largely uninformed of what real security risks are and how to respond to them, because they don't receive information and education from their ISPs and their workplaces.

  http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1020937,00.html

SANS Top Twenty list
Networking education group SANS lists its current top 20 internet security vulnerabilities for October 2004. The SANS list covers specific software services such as Windows Remote Access Services and the Apache web server and lays out how to address problems.

  http://www.sans.org/top20/

eWeek: Should you use passwords or passphrases?
A discussion of some benefits of using longer phrases instead of difficult-to-remember passwords as a means of increasing authentication security.

  http://www.eweek.com/article2/0,1759,1682858,00.asp

For further reading, here is a link to a three part article published by Microsoft on the relative merits and issues with passphrases and passwords for Windows authentication.

  http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint091004.mspx

NetworkWorldFusion: E-mail at a crossroads
How we can relieve the burden of overloaded e-mail users dealing with an 80% spam rate? It will take serious measures that change "the internet as we know it" to protect e-mail users against identity theft and hijacked systems.

  http://www.nwfusion.com/research/2004/110104email.html

Microsoft Revises Antispam Plan
Microsoft resubmitted a revised 'Sender ID' antispam plan to the IETF in October, gaining support from former foe AOL. Opposition to the first proposal was focused on proprietary technology and licensing requirements, which are anathema to open-source software advocates.

  http://www.computerworld.com/newsletter/0,4902,97030,00.html

---------------------------------
5. Heard On The Forums
---------------------------------

A recent question posed on the forums was about a script terminating on a connect failure. The SecureCRT user was running a script to execute a command sequentially on multiple servers, and wanted to continue to the next server if SecureCRT generated a runtime error.

The resulting thread shows how to trap errors of any kind in a VBscript with the "On Error Resume Next" statement so that they can be handled in a specified way. To read more and see an example of using the VBScript statement "On Error Resume Next" go to:

  http://forums.vandyke.com/showthread.php?t=271

-----------------------
6. New Releases
-----------------------

Maintenance updates of official releases were made in late October to SecureCRT 4.1.9, SecureFX® 2.2.8, CRT™ 4.1.9, and AbsoluteFTP® 2.2.8.

You can download new and previous releases at:

  http://www.vandyke.com/download/latestreleases.html

---------------------------
7. Current Releases
---------------------------

The following lists the latest official product releases:

The following lists the latest official product releases:
  SecureCRT 4.1.9
  SecureFX 2.2.8
  Entunnel™1.1.2
  CRT 4.1.9
  AbsoluteFTP 2.2.8
  VShell 2.3.2 Server for Windows
  VShell 2.3.2 Server for UNIX
  Red Hat Linux 7.x
  Red Hat Linux 8.x
  Red Hat Linux 9.x
  Red Hat Enterprise v2.1/v3
  Solaris 8
  FreeBSD 4.8
  HP-UX 11
  Mac OS X 10.2
  AIX 4.3/5.2

To download any of our current releases, go to:

  http://www.vandyke.com/download/latestreleases.html

All VanDyke Software products may be downloaded and evaluated free for 30 days. Licenses include one year of free upgrades and unlimited access to our expert technical support.


Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.

     http://www.vandyke.com/support/newsletter.html

You can also read this and back issues of the newsletter at:

    http://www.vandyke.com/aboutus/news/newsletters/index.html

Subscription Information
----------------------------------

The above e-mail is intended for people who have opted to receive the VanDyke Software News from VanDyke Software. You may unsubscribe or change your e-mail address at:

  http://www.vandyke.com/support/newsletter.html

Don't miss out on important product news. If your ISP or e-mail client filters incoming e-mail, please add the domain @vandyke.com to your list of approved senders to make sure you receive the newsletters and product announcements to which you've subscribed.


Mailing Address
----------------------

  VanDyke Software, Inc.
  4848 Tramway Ridge Drive, NE
  Suite 101
  Albuquerque, NM 87111 USA

Got questions, comments, or ideas? Email newsletters@vandyke.com or use the web forms by clicking on "Got a question or comment?" on any page on our web site, as you'll see on our What's New page at www.vandyke.com/whats_new.html.

---

VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.

All other products and services mentioned are trademarks or registered trademarks of their respective companies.

Close Window