Internet Services :
An internet Service can be defined as any service that can be accessed through TCP/IP based netwroks , whether an internal network(Intranet) or external network(Internet).Actually TCP & IP two protocols that are included in a group of protocols sometimes knows as the Internet Protocols. Internet Services can can be provided through either secure or non secure TCP/IP connections. Common services are Telnet,FTP,SMTP,HTTP,ICMP,ARP,DNS,ssh,scp,sftp & others.
TCP/IP provides a platform and operating system independent protocols for these services. Any computer , running any operating system can communicate with any other network on the network if they both use TCP/IP protocols for establishing & maintaining the connection and formating & transmitting the data.
Secure Services
Common services such as Telnet and FTP were written in the days when every one trusted every body else on the Internet. These services send all of their traffic in plain text . Including passwords.
Plain text is extremely easy to eavesdrop on by anyone between the traffic's source and destination. Since the Internet has exploded in popularity , running insecure services such these is not a good idea. That's why secure replacements have been developed. These replacements provide stronger authentication controls & encrypt all their traffic to keep your data safe. We should always run secure services instead of insecure services.
The availability of a wide range of Internet Services makes Linux machine versatile workhorses that can fullfill many different functions in a company's network.
Ssh :
Secure shell also known as ssh , is a secure telnet replacements that encrypts all traffic ,including passwords , using a public/private encryption key exchange protocols . It provides the same functionality of Telnet , plus other useful functions such as traffic tunneling.
Ssh asks you if you want to accept and trust the host key being sent to you as being the real key. This questtions is asked only once , when you login in to a machine for the first time. After this first login , ssh behaves exactly like telnet - you start ssh , it asks for your password as shown in above diagram , then you have the regular terminal screen .
In addition to provide terminal access , ssh tunnels almost any other protocols through it. So it is possible to tunnel POP,rcp, and other protocols through ssh to turn them into encrypted , more secure protocols. With enough imagination and practice , you can make almost any thing more secure with ssh. Following is an example of how to tunnel your mail through ssh in order to keep your password and mail encrypted & secure during transit.
In this example We use pop3 to retrieve our mail from the remote machine buffy.xena.edu. Normally we would tell our pop3 software to connect from your localhost to port 110(pop3 port) of buffy.xena.edu server.
But in this example first step is to configure your pop mailer to connect to port 16510 of our own machine and put in the password for our account on buffy.xena.edu. The second step is to set up the ssh tunnel , which encrypts and forward the traffic over the network to buffy.xena.edu's pop port.
To setup the ssh tunnel , type the below command
# ssh -N -L 16510:127.0.0.1:110 vnarat@buffy.xena.edu
Now you can send and receive your mails through an encrypted ssh tunnel.
No comments:
Post a Comment