How to Secure SSH and SSL Services?

Posted on April 5, 2010 by lpilinuxblog

* If you want/have a ( ssh/ssl based ) secure “login” server …
o You should have different passwd for each service and servers

o You should NOT run telnet, use ssh securely instead
o You should NOT run ftp, use scp securely instead
o You should NOT run pop3/imap, use secure pop3s/imaps instead

o You should NOT run ppp, put it on a different server…
o You should NOT run dhcp, put it on a different server…
o You should NOT run wireless, put it on a different server…

o Put VPN/SSH connections from their home OUTSIDE your firewall, NOT inside on your important corp lan

o Put laptops OUTSIDE your firewall, NOT inside on your important corp lan

o Those (insecure) services should be on a separate insecure server on an insecure private LAN outside your firewall – do NOT trust those insecure services

Minimum Recommendations

* Download and install the latest ssh from OpenSSH.org
— or –
* Download and install the latest ssh from SSH
— ssh daemon (sshd), ssh clients (ssh) and secure ftp (scp)
* Download and install the latest ssl from OpenSSL.org

* Download and install the latest VPN if you still insist on allowing insecure connections from “home” where you, the corp admin, have zero control of their home network/environment

SSH Clients for Microsoft Windows

* Linux-Sec.net/SSH MS Windows SSH Clients

* Linux-Sec.net/SSH/client.gwif.html#SFTP
Secure FTP Windoze clients

Share
This entry was posted in Linux How to. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>