Lantronix EDS8PR Server User Manual


 
EDS Device Servers User Guide 15
8
C: Networking and Security
This chapter describes the following networking and security concepts as they relate to
the EDS:
SSH described below.
SSL see page 159
Serial tunneling see page 161
This chapter concludes with a description of modem emulation (page 164).
SSH
Like SSL, Secure Shell (SSH) is a protocol that provides secure encrypted
communications over unsecured TCP/IP networks such as the Internet. SSH allows for
secure access to remote systems, eliminating potential security breaches such as
spoofing and eavesdropping or hijacking of sessions. However, SSH differs significantly
from SSL and, in fact, cannot communicate with SSL. The two are different protocols,
though they have some overlap in how they accomplish similar goals.
How Does SSH Authenticate?
SSH authenticates using one or more of the following:
Password (the /etc/passwd or /etc/shadow in UNIX)
User public key (RSA or DSA, depending on the release)
Host-based (.rhosts or /etc/hosts.equiv in SSH1 or public key in SSH2)
What Does SSH Protect Against?
SSH provides strong authentication and secure communications over insecure channels.
It also provides secure connections that protect a network from attacks such as:
IP spoofing, where a remote host sends packets that pretend to originate from
another, trusted host. SSH even protects against a spoofer on the local network
that is pretending to be a router to the outside.
IP source routing, where a host pretends that an IP packet comes from another,
trusted host.
DNS spoofing, where an attacker forges name server records.
Interception of cleartext passwords and other data by intermediate hosts.
Manipulation of data by people in control of intermediate hosts.
Attacks based on listening to authentication data and spoofed connections to the
server.