On Mon, Mar 31, 2003 at 10:32:12PM +0100, Tom Wesley wrote:
>
> I was suggesting to my boss using something similar to tunnel an unusual
> database client connection to a /very/ remote server. Althogh he was up for
> giving the idea a quick test run, he keeps asking "Exactly how secure is
> this?"
Fair enough...
> I was quite of the opinion that it *is*.
>
> But the question has to be, how secure is ssh?
>
> Anyone have any pointers?
Well... I Am Not A Cryptographer, but my armchair understanding of these
things roughs out to two questions:
0: How secure is the SSH protocol?
1: How secure is your SSH implementation (software design plus
deployment details)?
We don't know anything about your particular deployment (whose SSH
package you use, what sort of keys, which protocol (version 1 has some
problems, use version 2 if at all possible)) but it sounds like you know
what you're doing.
As for the protocol -- the short answer is "it's a hell of a lot better
than most other options." Then we wander off into the land of
theoretical possibilities. There's no absolute certainty in the world
of digital communications, there are only decreasing probabilities that
your communications can be intercepted, spoofed, altered and so forth.
I believe, based on the opinions of others more qualified to judge than
I am, that SSH does in fact implement strong cryptography when properly
deployed; so the chance that somebody could access your SSH-protected
transmissions should be as small (or nearly as small) as their ability
to grab your packets off the wire and then crack the encryption
mechanism you're using.
So it turns into a numbers game. Given a very faint chance that SSH
could provide an attack vector, what are the implications for your
company? How likely is it that somebody will be trying to intercept
this? How costly would it be if they succeeded? A vanishingly small
chance of intrusion can still be a killer if the likely outcome of an
intrusion is massive loss of money or a life-and-death situation, but
then the question changes from "Is SSH a good idea?" to "Dare we allow
any kind of remote access at all?"
And -- something I don't think people ask often enough -- how much
easier would it be for an attacker to gain access to your data by some
other means, such as a physical breakin or social engineering? Think of
the locks on the doors of a house or a car: they don't absolutely
prevent unauthorized entry, they just make it easier to come in some
other way or, we hope, choose somebody else to go pick on. If I were
trying to break into your database, it might very well be easier (read:
cheaper) for me to fly to your remote location and take a cutting torch
to the locks on the doors rather than devoting massive computational
resources to intercepting and then cracking your SSH sessions.
HTH,
-mrj
--
Michael Jinks, IB # Enterprise Networks & Systems Administration # UofC
Reader! Think not that
technical information
ought not be called speech; -- Anonymous, "How to decrypt a DVD"
--
[EMAIL PROTECTED] mailing list
