TABLE OF CONTENTS The first step toward securing the application layer is using secure protocols and software. In addition, it is important to secure the systems that are using application-layer protocols and software, and to periodically audit them for security issues. All of these steps are explored in this section.
The SSH protocol provides secure command-shell, file transfer, and tunneling capabilities. It addresses the security concerns of older protocols that provided the same services, such as rlogin, Remote Shell (RSH),Telnet, and FTP. It also addresses some of the weaknesses in protocols such as DNS. In addition to encryption, SSH also provides authentication and data integrity. SSH servers are usually run over port 22/TCP.
The SSH protocol s architecture consists of three major components. Below is a description of each component, as outlined in RFC 4251:
Transport Layer Protocol This protocol provides server authentication, confidentiality, and integrity, and may also provide compression.The lowest layer in SSH s mini protocol stack.
User Authentication Protocol Above the transport layer is the user authentication protocol, which authenticates the client-side user to the server.
Connection Protocol This protocol sits on top of the user authentication protocol and allows multiple logical channels to share the encrypted tunnel.The connection protocol provides methods for interactive shells and for tunneling for X11 and TCP/IP connections.
When a client makes a new TCP connection to an SSH server, the first step that takes place is protocol version exchange.The goal of this step is to...
