Tim is a network administrator of Acme inc. He is responsible for configuring the network devices. John the new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue. This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls. Which of the following should be used by Tim to ensure a that no one can eavesdrop on the communication?
Correct Answer: A
The SSH protocol provides an encrypted terminal session to the remote firewalls. By encrypting the data, it prevents sniffing attacks using a protocol analyzer also called a sniffer.
With more and more computers installed in networked environments, it often becomes necessary to access hosts from a remote location. This normally means that a user sends login and password strings for authentication purposes. As long as these strings are transmitted as plain text, they could be intercepted and misused to gain access to that user account without the authorized user even knowing about it.
Apart from the fact that this would open all the user's files to an attacker, the illegal account could be used to obtain administrator or root access or to penetrate other systems. In the past, remote connections were established with telnet, which offers no guards against eavesdropping in the form of encryption or other security mechanisms. There are other unprotected communication channels, like the traditional FTP protocol and some remote copying programs.
The SSH suite provides the necessary protection by encrypting the authentication strings
(usually a login name and a password) and all the other data exchanged between the hosts. With SSH, the data flow could still be recorded by a third party, but the contents are encrypted and cannot be reverted to plain text unless the encryption key is known. So SSH enables secure communications over insecure networks such as the Internet.
The following answers are incorrect:
SCP and SFTP
The SCP protocol is a network protocol that supports file transfers. The SCP protocol, which runs on port 22, is based on the BSD RCP protocol which is tunneled through the
Secure Shell (SSH) protocol to provide encryption and authentication. SCP might not even be considered a protocol itself, but merely a combination of RCP and SSH. The RCP protocol performs the file transfer and the SSH protocol performs authentication and encryption. SCP protects the authenticity and confidentiality of the data in transit. It hinders the ability for packet sniffers to extract usable information from the data packets.
The SCP protocol has been superseded by the more comprehensive SFTP protocol, which is also based on SSH.
RSH
RSH allows a user to execute commands on a remote system without having to log in to the system. For example, RSH can be used to remotely examine the status of a number of access servers without connecting to each communication server, executing the command, and then disconnecting from the communication server.
As described in the rlogin article, the rsh protocol is not secure for network use, because it sends unencrypted information over the network, among other things. Some implementations also authenticate by sending unencrypted passwords over the network.
rsh has largely been replaced by the very similar SSH (secure shell) program on untrusted networks like the internet.
As an example of RSH use, the following executes the command mkdir testdir as user remote user on the computer remote computer:
rsh -l remote user remote computer "mkdir testdir"
After the command has finished RSH terminates. If no command is specified then rsh will log in on the remote system using rlogin.
The following reference(s) were/was used to create this question:
http://www.novell.com/documentation/suse91/suselinux-adminguide/html/ch19s02html and
http://en.wikipedia.org/wiki/Remote_Shell
and
http://en.wikipedia.org/wiki/Secure_copy
