Protecting Network Connections Using SSH and SSL

1
Protecting Network Connections Using SSH and SSL

• CS652 - Nate Adams

2
Introduction

• What is SSH and SSL?
• How can a Security Manager use SSH and SSL?
• How can a Hacker make use of SSH and SSL?
• Where can I get more information?

3
What is SSH?

• Secure Shell
• Network protocol
• Allows encrypted communication between hosts
• Public key crypto-based
• Tunneling (VPN)

4
What is SSL?

• Secure Socket Layer
• Network protocol
• Allows encrypted communication between hosts
• Public key crypto-based
• Tunneling (VPN)

5
How a Security Manager Can Use SSH and SSL/TLS?

• Secure sensitive data
• Wrap insecure protocols
• FTP
• POP3
• Secure Authentication
• Port forwarding
• Secure FTP or Copy
• Proxy connections

6
How a Hacker Could Use SSH or SSL?

• Many of the same uses but for malicious purposes
• Hide malicious communication
• Bypass firewalls and IDS/IPS
• Exfiltrate data
• Tunnel tools/connections

7
How to Protect Against the Hacker

• Dont use export class or weak ciphers
• Test implementations to ensure secure
  configurations
• Implementation considerations
• Older versions have vulnerabilities
• Use SSH v2 (v1 MITM)
• Use SSL v3 (v2 MITM) replaced by TLS (FIPS
  140-2)
• Key management

8
What is Special About SSH and SSL?

• Can be used to secure many insecure protocols
• Extends usefulness of older protocols
• Ubiquitous implementations
• UNIX/Linux, Windows, etc
• Many versions both open and closed source

9
Common OS Uses of SSH and SSL

• Windows
• Putty (SSH)
• OpenSSL
• Stunnel (SSL)
• Web browsers (SSL)
• UNIX/Linux
• OpenSSH
• OpenSSL
• Stunnel (SSL)
• Web browsers (SSL)

10
More information?

• Web sites
• OpenSSL Project
• http//www.openssl.org/
• OpenSSH
• http//www.openssh.com/
• SANS - SSH Techniques
• https//www.sans.org/reading_room/special/index.ph
  p?idssh_techniques
• NIST SP 800-52 and 800-113 Guidelines on TLS and
  SSL
• http//csrc.nist.gov/publications/nistpubs/

11
Summary

• What is SSH and SSL?
• How can a Security Manager use SSH and SSL?
• How can a Hacker make use of SSH and SSL?
• Where can I get more information?

12
Pop Quiz Really?

• Name
• Name two things common to SSH and SSL?
• SSH and SSL are not public key based? T/F
• Name a typical risk common to the use of SSH and
  SSL?