52 Describe various secure methods for accessing devices across the network Secure Socket Layer (SSH)

SSH is a method to enter into the remote device but it more secure then telnet and is used where more emphasis is on security rather than the unsecured telnet. It uses SSL Secure Socket Layer for security.

Organizations prefer the use of SSH and SSL over telnet for their employees or network administrator to enter into their network. As in case of telnet the data is transferred from the host to the destination in form of clear text therefore this plain text information can be used by the attackers to gain information about the network.

How SSH works?

When the host tries to connect to the SSH sever the server sends the host a public key. The public key is used by the client to encrypt the self created session id. This encrypted session id is then sent to the server from where the public key came. The server receives the session id and decrypts it and uses this session id for all future conversation with the client. This is the secure mechanism as only the client and the network knows about this session id.

Simple Network Management Protocol v3 (SNMPv3)

In SNMP the device that is managed is called as the SNMP agent and the device that displays the information it receives from the agent is called as SNMP manager. The SNMP manager displays the information received from the agent to the user for various purposes. SNMP agent keeps a database called as MIB Management Information Base. SNMP uses four major areas to support the core functionality of allowing managers to mange agents:

1) Data Definition

2) MIBs

3) Protocols

4) Security and Administration

Data Definition: These are the syntax of how the data will be defined to an agent or manager. These syntax specifications are called Structure of Management (SMI).

MIBs: There are several MIBs for different technologies.

Protocols: These are the messages used by the agents and managers to exchange management data.

Security and Administration: This defines how to secure the data transfer between agents and managers.

SNMP has several versions such as SNMP v1, SNMP v2, SNMP v2c and SNMP v3. Out of all these versions SNMP v3 is more secure than previous versions. SNMP v3 adds more security with the use of authentication and encryption. It uses MD5 and SHA to create message digest for each SNMPv3 protocol. To add even more security SNMPv3 managers and agents uses Digital Encryption Standards to encrypt the message.

Hyper Text Transfer Protocol Secure (HTTPS)

It is a secure version of HTTP that uses various security methods for the transaction between the web browser and the server. It is based on SSL (Secure Socket Layer) with the help of HTTPS the browser, servers can sign, authenticate and encrypt an HTTP message. HTTPS uses TCP port 443, this port is configured in same manner as it is with the HTTP access. For example to configure HTTPS on Cisco router the http secure-server command is used. HTTPS is used in place of HTTP when we require secure communication between the web server and the browser.

Secure File Transfer Protocol (SFTP)

It is more secure than FTP and is used when data security is our main concern while transferring the files through a network. SFTP does not encrypt the data in case it encrypts the connection between two devices that want to transfer data. The data transfer connection is secured with the help of SSH, the connection is encrypted by SSH. When the encryption is done then the SFTP transfers the files over this encrypted connection. The basic difference between FTP and SFTP is that in case of SFTP data flows from one end to the other over a secure connection apart from this there is no difference between FTP and SFTP.

Secure Copy Protocol (SCP)

The main disadvantage of FTP is that it sends username and password in clear text format. Anyone with packet sniffer can get the username and password as it is in plain text. Secure copy protocol uses SSH to provide an encrypted connection between the host and the network. Now data transfer can take place easily after the connection is encrypted.