Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "SSH The Secure Shell", Daniel J. Barrett/Richard E. S

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "SSH The Secure Shell", Daniel J. Barrett/Richard E. Silverman
Date: Mon, 23 Oct 2006 09:15:40 -0800 
BKSSHLDG.RVW   20060910

"SSH The Secure Shell", Daniel J. Barrett/Richard E. Silverman, 2001,
0-596-00011-1, U$39.95/C$58.95
%A   Daniel J. Barrett dbarrett@oreilly.com
%A   Richard E. Silverman res@oreilly.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2001
%G   0-596-00011-1
%I   O'Reilly & Associates, Inc.
%O   U$39.95/C$58.95 800-998-9938 fax: 707-829-0104 nuts@ora.com
%O  http://www.amazon.com/exec/obidos/ASIN/0596000111/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0596000111/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596000111/robsladesin03-20
%O   Audience a+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   540 p.
%S   Definitive Guide
%T   "SSH The Secure Shell: The Definitive Guide"

The preface states that the book is intended for system administrators
(who may be called upon to support SSH, or use it within their
networks), users (who may wish to use SSH out of concern for their own
privacy or the security of their transactions), and developers (who
may be able to use SSH in order to provide robust and reliable
security to their own applications at little development cost).  The
authors also note that there may be confusion between the protocol
(denoted SSH), various products, and individual utilities and programs
(indicated by lowercase: ssh).

Chapter one outlines what SSH is, and isn't, the basic services it
provides (authentication, encryption, and integrity protection), and
also notes other protocols and products that provide similar services. 
Basic operation of the most common clients (ssh and scp) is covered in
chapter two, along with a terse but reasonable introduction to
asymmetric key pairs.  The internals of SSH, and a more extended
discussion of cryptographic concepts, such as symmetric encryption,
asymmetric, and hashing, are examined in chapter three.  (The section
concludes with a useful list of threats against which SSH provides
little or no protection.)  Extensive installation and configuration
options are given in chapter four, with server configuration choices
in five.

Chapter six seems to move the subject to operational issues,
addressing key management, and particularly SSH agent use of keys. 
Advanced topics governing client use are provided in chapter seven. 
Chapter eight outlines alternative settings for the use of SSH with
user accounts.

Chapter nine discusses forwarding, which can be used in both network
administration (providing a secure tunnel within an unsecured
environment) or development (adding encryption or integrity
functionality to an application).  While previous material gave
details of configuration options, chapter ten furnishes the
beleaguered sysadmin with a recommended initial configuration. 
Chapter eleven details options and setups for a variety of
applications and situations.  Troubleshooting guidance, and a list of
common problems, is supplied in chapter twelve.

Chapter thirteen equips the reader with tables of settings and
features pertinent to the various implementations of SSH.  Since SSH
is often seen as limited to the UNIX world, details of the Okhapkin
SSH1 Windows port are given in chapter fourteen, with SecureCRT in
fifteen, F-Secure SSH (for Windows and Mac) in sixteen, and
NiftyTelnet (Mac) in seventeen.

Too many of the mature and useful security technologies languish in
obscurity.  Everybody knows that SSH exists, but too few people use
it.  Hopefully this reference might give more developers and users a
chance to try it out, and administrators some resources to support it.

copyright Robert M. Slade, 2006   BKSSHLDG.RVW   20060910


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
If the rich could hire someone to die for them, the poor could
make a very nice living.                            - Jewish Proverb
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "SSH The Secure Shell", Daniel J. Barrett/Richard E. Silverman, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  RE: [CISSP-D] CISSP practise Questions, Clement Dupuis
Next by Date:  [CISSP-D] REVIEW: "Hacking for Dummies", Kevin Beaver, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] CISSP practise Questions, Oluwatomi Olawande James
Next by Thread:  [CISSP-D] REVIEW: "Hacking for Dummies", Kevin Beaver, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]