I'm not a security specialist, but here is my take. On Tue, Apr 28, 2009 at 11:00 AM, Ian S wrote:
> > Short Answers/Essay > > 1) Compare and Contrast SSH, SSL and TSL. > SSH is a secure protocol designed for encrypted shell sessions, though these days it gets used for all kinds of things that sit on top of it, e.g. SVN over SSH. It was originally meant to replace telnet with a secure protocol. SSL is a secure protocol designed originally by Netscape for encrypted Web page traffic, though SSL/TLS, like SSH, has been ported to all kinds of other services. TLS is the successor to SSL. Same functionality, different name. Why? I don't know, bad idea if you ask me, changing the name of an established protocol. SSH, SSL and TLS use public key encryption. Registering public keys through a trusted certificate authority like Verisign is well established practice with SSL/TLS, less so (if you ask me) with SSH, which I typically use solely for internal communications (remote shell sessions). 2) Compare and Contrast implementation of these protocols on Windows|IIS > and Unix|Apache servers. For SSL/TLS, IIS has a key management system built in, Apache does not, meaning key generation, management, etc. is all done by hand. Many mail servers also use SSL/TLS. SSH is used by Unix servers for remote shell sessions. I don't think Windows has a comparable SSH service built in, though there are commercial ones available. > 3) Describe how the different protocols interact with other protocols > such as HTTP, FTP, POP3 and SMTP. > SSH, SSL, and TLS sit underneath these other protocols and provide an encrypted channel for two systems to communiucate using these (and other) protocols. > Not for any class. I am just finding it very confusing and difficult to > get a starting foot hold on this new world I have been thrust into. How > to provide secure internet communications if and when we need to start > doing so. Use SSH for remote shell sessions plus other services that specifically implement it. Use SSL/TLS for everything else. BTW, key management on Apache is not hard, you just need to play with it a bit. I suggest downloading OpenSSL and experimenting with generating keys, creating a sertificate authority, self-signing cert requrests, importing and exporting certs to and from a keystore. You can learn the basics of key management in a few hours. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:296328 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
