Security UPDATE--Copying Files Securely Between Systems--October 12, 2005

Several commercial and open-source SSH servers provide encrypted transports between clients and servers. Learn about the options, plus get links to security news and features.

ITPro Today Contributors

October 11, 2005

13 Min Read
ITPro Today logo in a gray background | ITPro Today

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

CDW. The Technology You Need When You Need It.

http://go.cdw.com/?id=403566

Speed up your systems--try Diskeeper 9 free

http://www.diskeeper.com/diskeeper/diskeeper.asp?RId=1&SId=5&CId=13&ad=witpdk10&apid=PPS0001172

===============

==========

==== Sponsor: CDW ==== CDW. The Technology You Need When You Need It. It takes a lot to keep up with today's business. Starting with today's technology. Our account managers and product specialists can get you quick answers to any questions you might have. So visit us online and find out first hand how we make it happen. Every order, every visit, every time. No matter what you need in technology, you can count on CDW for the right technology, right away. http://go.cdw.com/?id=403566

==========

==== 1. In Focus: Copying Files Securely Between Systems by Mark Joseph Edwards, News Editor, mark at ntsecurity / net If you need to copy files from one system to another over an unprotected network, you can do it in a few ways. For example, you can employ the RRAS component that comes with Windows Server 2003 and Windows 2000 Server to establish a VPN that uses PPTP; you can use Microsoft IIS and Secure Sockets Layer (SSL) connections along with a custom Web interface; or you can use Secure Shell (SSH). There are other ways to accomplish this task, but these are probably the most common solutions. If you're interested in setting up RRAS and PPTP, you can find instructions in the Microsoft article "Step-by-Step Guide for Setting Up a PPTP-based Site-to-Site VPN Connection in a Test Lab" (URL below). This is a good solution, especially if you want to use the VPN for other tasks. http://www.microsoft.com/downloads/details.aspx?FamilyID=7424168e-f745-4450-b671-aac2c79568eb&DisplayLang=en Using IIS and SSL is simple enough, but it does require you to design a Web interface that meets your needs. For example, designing for downloading files is easy enough, but you'll need a script or ActiveX control for uploading files. This method also requires that you expose the IIS system to some extent, which you might not want to do. The third method, using an SSH server, might be a better solution. SSH servers provide encrypted transports between clients and servers by using a variety of encryption methods, including Triple DES (3DES), Blowfish, CAST (named after its developers Carlisle Adams and Stafford Tavares), Advanced Encryption Standard (AES), and possibly others, depending on the software you use. Another benefit is that SSH can use public keys instead of passwords to authenticate a session. Plus, SSH servers offer cross-platform support--versions are available for just about every popular OS, including Linux and BSD, as well as Sun Microsystems and Apple platforms. By using SSH, you can not only copy files securely, you can also open a secure Telnet session (using a special shell client) to a remote server, which might come in handy for remote administration. In addition, you can tunnel unencrypted services over SSH connections. For example, by using port forwarding, you can run SQL traffic, POP3 traffic, and many other types of service traffic over SSH connections. Several commercial and open-source SSH servers are available for Windows. If you want a robust commercial solution, check out the products at SSH Communications Security (at the first URL below) or AttachmateWRQ (at the second URL below). If you want an open-source solution, consider OpenSSH for Windows (at the third URL below) or freeSSHd (at the fourth URL below). Both open-source solutions can run as a system service; freeSSHd offers a simple GUI interface, OpenSSH doesn't. http://www.sshcommunications.com/products/tectia http://www.wrq.com/products/reflection/ssh/ http://sshwindows.sourceforge.net http://freesshd.com If you run Windows 2003, a step-by-step tutorial is available to help you install OpenSSH for Windows. "Installing OpenSSH for Windows 2003 Server - How to get it working," by Steve Pillinger, senior computer officer at the School of Computer Science at the University of Birmingham in England, describes how to set up user accounts, assign user rights, set file permissions, and configure authentication. http://www.cs.bham.ac.uk/~smp/projects/ssh-windows If you run Win2K Server, you can use Beau Monday's step-by-step guide, "Configuring OpenSSH (Win32) for Public Key Authentication." His guide is equally detailed and includes information about how to configure PuTTY, which is an open-source SSH command-line client for Windows platforms. The PuTTY package also includes a PuTTY Secure Copy (PSCP) client. If you use Monday's guide, take note that his link to OpenSSH for Windows is broken. The project has relocated to SourceForge, and you can find it by using the second URL below. http://bmonday.com/articles/653.aspx http://sshwindows.sourceforge.net I've used the PuTTY PSCP client quite a bit, and even though it's a good tool, I prefer a GUI because it saves me a whole lot of typing. With a GUI, you can copy files using simple drag-and-drop techniques, and you can typically navigate directories in a treeview similar to that of Windows Explorer. As an alternative to PuTTY, you might consider WinSCP (at the URL below) for file-copying tasks. WinSCP supports both Secure Copy (SCP) and Secure FTP (SFTP). http://winscp.net/eng/index.php

==========

==========

==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.windowsitpro.com/departments/departmentid/752/752.html Microsoft Releases 9 Security Bulletins in October Microsoft released nine security bulletins yesterday. Eight of them relate to patches for Windows and one relates to a patch for Windows and Microsoft Exchange Server. Of the nine, Microsoft considers at least one to be critical. http://www.windowsitpro.com/Article/ArticleID/48075 Microsoft Announces New Products and New Consortium After acquiring antivirus, antispyware, and antispam solution makers, Microsoft has finally announced its new antimalware product plans along with a new security consortium. http://www.windowsitpro.com/Article/ArticleID/48054 Microsoft Brings Antimalware Tech to Corporations As promised, Microsoft will soon introduce a beta version of its antispyware and antivirus tools for managed corporate networks, giving enterprises the tools they need to remove malware on client PCs and file servers. http://www.windowsitpro.com/Article/ArticleID/48040 Symantec to Acquire BindView Further strengthening its position in the security market space, Symantec announced a deal to acquire BindView. The acquisition, which is expected to close in first quarter 2006, better positions Symantec to offer end-to-end security solutions for policy compliance and vulnerability management. http://www.windowsitpro.com/Article/ArticleID/48038 10 Network Security Assessment Tools You Can't Live Without Jerry Cochran describes his favorite penetration-testing tools, including Nmap and SNMPWalk, and encourages you to use them on your network--before the hackers do. After you read this article, tell us your network security assessment story and win a Windows IT Pro T-shirt. Just click in the Interact! box on the article Web page. http://www.windowsitpro.com/Article/ArticleID/47648

==========

==========

==========

==== Hot Release ==== Meeting Enterprise Management Needs: The Integration of Microsoft SMS 2003 and Afaria Learn about the capabilities offered by the integration of Microsoft SMS 2003 and Afaria. In this free white paper you'll learn about new functionality and benefits of Microsoft SMS specifically targeted to improving management of remote and mobile devices, challenges of managing frontline systems, how the combined solution creates value around the successful use of technology at the front lines of business and more. http://www.windowsitpro.com/go/whitepapers/ianywhere/enterprisemgmt?code=sechot1012

==========

==========

==== Announcements ==== (from Windows IT Pro and its partners) Become a VIP Subscriber! Get inside access to ALL the articles, tools, and helpful resources published in Windows IT Pro, SQL Server Magazine, Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security--that's more than 26,000 articles at your fingertips. Your VIP subscription also includes a valuable 1-year print subscription to Windows IT Pro and two VIP CDs (that contain the entire article database). Sign up now: https://store.pentontech.com/index.cfm?s=1&promocode=eu275auv SQL Server Magazine Has Answers You won't want to miss any of the fall issues! Subscribe now and discover the best tools to keep SQL Server tuned, the ins and outs of SQL Server 2005, ways ADO.NET 2.0 solves your problems, and much more. You'll also gain exclusive access to the entire SQL Server Magazine online article database (more than 2300 articles) and you'll SAVE 44% off the cover price. Click here: https://store.pentontech.com/index.cfm?s=9&promocode=eu215aus

==========

==========

==========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

===============

This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Read more about:

ITPro Today
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like