Documentos de Académico
Documentos de Profesional
Documentos de Cultura
-%$)!4/2
3ECURITY &EATURES
Note: Some of the features described in this document are not included in the standard Mediator system
configuration, but can be specified by the customer.
Configuring some of the features requires advanced technical expertise. Some customers whose staffs include
personnel extensively experienced in Linux installation and configuration may be able to handle tasks of this
level of difficulty. Most will require the assistance of Professional Services.
The Secure Shell (SSH) protocol defines programs that allow users to securely log onto another computer over a
network, execute commands remotely, and move files between machines. It provides strong authentication and secure
communications over insecure networks such as the Internet.
The Mediator uses the OpenSSH implementation of the SSH protocol specification. OpenSSH is an open-source
package included in the Linux Operating System installed on the Mediator. OpenSSH provides a secure replacement for
the standard remote session and file transfer tools that support interactive login sessions, remote execution of
commands, forwarded TCP/IP connections, and forwarded X11 connections, including telnet, rlogin, rsh, and rcp.
SSH provides a virtual private connection at the application layer, including both an interactive login protocol as well as
a facility for the secure transfer of files. SSH encrypts the username and password in a remote login session, and
supports remote host authentication, reducing the threat of client impersonation through IP address spoofing or DNS
manipulation. In addition, SSH supports several secret-key encryption protocols, including DES, Triple DES, IDEA,
RSA, and Blowfish, to help ensure the privacy of the entire communication.
Note: The OpenSSH packages require prior installation of the OpenSSL package. OpenSSL installs several
important cryptographic libraries that help OpenSSH provide encrypted communications.
Secure Socket Layer (SSL) is an open protocol originally published by Netscape to allow encrypted transmission of data
between Web browsers and Web servers. SSL is based on private key encryption technology and provides data
encryption, server authentication, message integrity, and client authentication for TCP/IP connections.
Programs implementing TCP/IP (the Transmission Control Protocol/Internet Protocol) control the transport and routing
of data over the Internet. Applications based on other protocols use the services provided by TCP/IP. For example, web
servers that implement the HyperText Transport Protocol (HTTP) use TCP/IP to support the display of web pages.
TCP/IP is structured in interacting software layers. The SSL protocol layer runs between the TCP/IP transport layer and
programs based on higher-level protocols such as HTTP, which run in the application layer. It allows an SSL-enabled
server to authenticate itself to an SSL-enabled client, allows the client to authenticate itself to the server, and allows both
machines to establish an encrypted connection.
SSL is frequently used in communications between Web browsers and Web servers. URLs that begin with “https”
indicate an SSL connection. SSL provides privacy, authentication, and message integrity. In an SSL connection, each
side must have a Digital Certificate, which each side’s software sends to the other. Each side then encrypts what it sends
using information from both its own and the other side’s Certificate, ensuring that only the intended recipient can decrypt
it, and that the other side can be sure the data came from the place it claims to have come from, and that the message has
not been tampered with.
SSL requires digital certificates to facilitate the public key exchange that is required to enable an SSL connection. A
digital certificate is an attachment to an electronic message used to verify that senders are who they claim to be, and to
provide the receiver with the means to encode a reply.
A company or individual who wants to use SSL to send encrypted messages requests and receives a digital certificate
from a trusted issuing source, such as a Certificate Authority (CA). The user configures a list of certificate issuers that
the user’s Web browser can recognize. The encrypted digital certificate contains the user’s public key and a variety of
other identification information, including the user’s name, a serial number, expiration dates, a copy of the certificate
holder’s public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-
issuing authority so that a recipient can verify that the certificate is real. The certificate issuer makes its public key
readily available through sources including print the Internet.
The recipient of an encrypted message uses the public key to decode the digital certificate attached to the message,
verifies it as issued by a recognized issuer, and then decodes the sender’s public key and identification information from
the certificate. Using this information, the recipient can send an encrypted reply.
The Mediator uses FreeS/WAN, an open-source implementation of the IPSec protocol suite for Linux. The IPSec
protocols provide security in network-to-network connections. It provides access control, data integrity, authentication,
and confidentiality, allowing secure private communication across insecure public networks such as the Internet. IPsec
provides encryption and authentication services at the packet level. Because IPSec works further down in the layers of
the TCP/IP protocol structure than other security protocols, such as SSH and SSL, it does not require programs at the
higher application layer to be able to handle encryption and authentication.
• IKE (Internet Key Exchange), which negotiates connection parameters, including keys, for the other two
• KLIPS (kernel IPsec), which implements AH, ESP, and packet handling within the kernel
• Pluto (an IKE daemon), which implements IKE, negotiating connections with other systems
IPSec is one of the technologies most widely used in the implementation of Virtual Private Networks (VPNs) VPNs
typically are IP-based networks (usually the Internet) that use encryption and tunneling to create a network that is as
reliable and secure as a private network, such as a LAN or WAN, but as economical and extensive as the Internet.
A VPN allows multiple sites to communicate securely over an insecure network such as the Internet by encrypting all
communication between the sites. Implementing a technique called tunneling, IPSec encapsulates a packet by wrapping
another packet around it and encrypting the resulting packet-within-a-packet. This encrypted data stream forms a secure
tunnel across an otherwise insecure network.
IPSEC uses strong cryptography to provide both authentication and encryption services. Authentication ensures that
data packets received are actually sent by the expected party and have not been altered in transit. Encryption prevents
unauthorized persons from reading the contents of data packets.
These services allow you to build secure tunnels through insecure networks. Everything passing through the insecure
net is encrypted by the Mediator using IPSec and decrypted by the IPSec-enabled device at the other end. The result is a
VPN - a network that is effectively private even though it may include nodes at several different sites connected by the
insecure Internet.
Data Logging
Linux includes extensive logging capabilities. While logging cannot prevent security breaches
from happening, it can tell you when unauthorized persons have attempted to gain access to the
system, and whether or not they were successful. Linux provides logging at the network, host, and
user levels.
Future Enhancements
The following paragraphs describe a number of security features that are not currently included
in the standard system but are planned for future releases or may be added upon customer request.
Linux currently supports these features. Implementation requires downloading, installation, and
configuration.
Password Shadowing
Linux normally stores user passwords in a file that is universally readable. Even though the
passwords are encrypted, they potentially can be accessed by unauthorized persons and decrypted,
thereby compromising the security of the system. Password Shadowing puts placeholders in the
default password file and stores the actual encrypted passwords a file that is only readable by the
root user. Using Password Shadowing ensures password security as long as the integrity of the root
is protected from compromise.