January 31, 2007
SSH Tectia Newsletter Vol.28 - Enhanced File Transfer Security
SSH Communications Security >> http://www.ssh.com
======================================================
[ SSH TECTIA NEWSLETTER (VOLUME 28) ] < January 31, 2007 >
======================================================
* Product News - Enhanced File Transfer Security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Today's enterprise networks are still highly dependent on FTP (File Transfer Protocol) in implementing automated file transfers. The growing role of legislations and adoption of stricter security policies are in many organizations driving a complete replacement of FTP with secure file transfer (SFTP) solutions. At the same time, organizations are struggling with migration challenges caused by the decentralized nature, platform diversity, and large size and complexity of their existing ad- hoc file transfer networks.
SSH is helping enterprises in analyzing the existing unsecured FTP, and paving the way towards more secure file transfers across the enterprise. See the next topic for details and the link to the new eBook: The Shortcut Guide to Securing Automated File Transfers.
The new EFT Expansion Pack release for SSH Tectia Client and Server version 5.1 enables cost-effective and easy migration of large and heterogeneous FTP-based file transfer environments to SFTP, without the need to rewrite any existing scripts and applications that use FTP. The new FTP- SFTP conversion feature allows transparent on-the-fly conversion of all existing FTP connections to SFTP throughout cross-platform enterprise networks, minimizing the costs of securing FTP.
Another effective way to secure the file transfer environment is to use SSH Tectia's extensive Secure File Transfer API's. The API's are now available for all supported platforms in C-language and for selected platforms in Java-language. Visit http://www.ssh.com/support/documentation/online/ssh/c-api/51/index.html for the C-API; and http://www.ssh.com/support/documentation/online/ssh/java-api/51/ for the Java-API descriptions.
For more information on securing automated file transfers and on the EFT Expansion Pack products for SSH Tectia, please download our new white paper at: http://www.ssh.com/campaign/eft/newsletter.pdf
To request an evaluation of SSH Tectia Client and Server with EFT Expansion Pack, go to: http://www.ssh.com/campaign/eft/eval-request.html
* Special Feature Topic - eBook: The Shortcut Guide to Securing Automated File Transfers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Realtime Publishers, the leader in corporate sponsored ePublishing, and SSH Communications Security have released the eBook: "The Shortcut Guide to Securing Automated File Transfers". The new eBook, authored by 24-year computing veteran Ed Tittel and exclusively sponsored by SSH, offers a consolidated explanation of the techniques that you need to know when choosing a technology or application for secure file transfer.
Read more at http://www.ssh.com/campaign/ebook/promo.html
* Tips & Tricks: Chrooting: A Popular Way to Restrict Access to the System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chrooting means configuring the file system root to be something else than the real root directory, and in SSH Tectia, this is possible on a per-user basis. Typically, chrooting is configured so that each user sees his/her home directory as the file system root, i.e. he/she can access all the subdirectories normally (based on the file system permissions) but cannot see the rest of the file system. The chrooting feature is available in all SSH Tectia Server versions on Unix platforms. Windows platforms have a similar feature called Virtual Directories.
A common use case for chrooting is when you need to give some semi-trusted outsider access to your system for uploading. Indeed, chrooting is most useful with file transfers. It is also possible to chroot terminal sessions and remote commands, but this becomes cumbersome because all binaries, libraries and configuration data related to the applications being run in the session need to be available inside the chrooted area. (Try 'ldd $SHELL' to see what is needed by the shell.)
When chrooting sftp, one should remember to deny terminal access for the chrooted users (or chroot also the terminal sessions). Otherwise the users can get around the restrictions and are able to access files outside the chrooted area using the terminal access. The selector mechanism of SSH Tectia server 5.x configuration makes it possible to select the chrooted users in a fine-grained manner.
Here is an example of chrooting sftp connections to users' home directories. For simplicity, there
are no selectors, so this applies to all users:
<services>
<rule>
<terminal action="deny" />
<subsystem type="sftp"
application="sft-server-g3"
action="allow"
chroot="/home/%username%" />
<tunnel-local action="deny" />
<tunnel-remote action="deny" />
</rule>
...
</services>
* Most Popular Documents Available at SSH Resource Center
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
** White Paper: Securing Automated File Transfers with Ease - SSH Tectia with EFT Expansion Pack
http://www.ssh.com/documents/28/SSHTectia_EFT_WhitePaper.pdf
** White Paper: Selecting Secure FTP and Telnet Replacement - Minimizing TCO
http://www.ssh.com/campaign/ftpwp/newsletter.html
* Trade Shows & Events
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upcoming events:
* SSH Headlines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
January 11, 2007
Realtime Publishers and SSH Communications Security Release The Shortcut Guide to Securing Automated File Transfers
http://www.ssh.com/company/news/2007/english/all/article/810/
January 2, 2007
SSH Communications Security Corp. wins Multi-year Frame-agreement and Major Initial Order from a World-leading US-based Retail Chain
http://www.ssh.com/company/news/2007/english/all/article/807/
December 28, 2006
Three Leading European Financial Institutions Place Major Orders for SSH Tectia for End-to-End Communications Security
http://www.ssh.com/company/news/2006/english/all/article/803/
December 20, 2006
American International Data Centre Selects SSH Tectia to Secure File Transfers Throughout the Company's Asia Pacific Networks
http://www.ssh.com/company/news/article/797/
======================================================
# SSH Tectia Newsletter Mailing List #
------------------------------------------------------
This e-mail has been sent to evaluators of SSH products and others who have been in contact with us in the past and who have agreed that we send you the SSH Tectia Newsletter.
To unsubscribe from the mailing list, send a blank e-mail to from the e-mail account you wish to unsubscribe, or visit http://www.ssh.com/company/newsroom/unsubscribe.mpl.
# SSH Security & Release Alert Mailing List #
-------------------------------------------------------
If you would like to receive security alerts and notices about new version releases of SSH products, please subscribe to SSH Security & Release Alert mailing list at http://www.ssh.com/company/newsroom/subscribe.mpl.
=======================================================
Sincerely,
SSH Communications Security >> http://www.ssh.com
======================================================
[ SSH TECTIA NEWSLETTER (VOLUME 28) ] < January 31, 2007 >
======================================================
- Product News - Enhanced File Transfer Security
- Special Feature Topic - Shortcut Guide to Securing Automated File Transfers
- Tips & Tricks
- Most Popular Documents at SSH Resource Center
- Trade Shows & Events
- SSH Headlines
- Subscribing & Unsubscribing to Mailing Lists
* Product News - Enhanced File Transfer Security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Today's enterprise networks are still highly dependent on FTP (File Transfer Protocol) in implementing automated file transfers. The growing role of legislations and adoption of stricter security policies are in many organizations driving a complete replacement of FTP with secure file transfer (SFTP) solutions. At the same time, organizations are struggling with migration challenges caused by the decentralized nature, platform diversity, and large size and complexity of their existing ad- hoc file transfer networks.
SSH is helping enterprises in analyzing the existing unsecured FTP, and paving the way towards more secure file transfers across the enterprise. See the next topic for details and the link to the new eBook: The Shortcut Guide to Securing Automated File Transfers.
The new EFT Expansion Pack release for SSH Tectia Client and Server version 5.1 enables cost-effective and easy migration of large and heterogeneous FTP-based file transfer environments to SFTP, without the need to rewrite any existing scripts and applications that use FTP. The new FTP- SFTP conversion feature allows transparent on-the-fly conversion of all existing FTP connections to SFTP throughout cross-platform enterprise networks, minimizing the costs of securing FTP.
Another effective way to secure the file transfer environment is to use SSH Tectia's extensive Secure File Transfer API's. The API's are now available for all supported platforms in C-language and for selected platforms in Java-language. Visit http://www.ssh.com/support/documentation/online/ssh/c-api/51/index.html for the C-API; and http://www.ssh.com/support/documentation/online/ssh/java-api/51/ for the Java-API descriptions.
For more information on securing automated file transfers and on the EFT Expansion Pack products for SSH Tectia, please download our new white paper at: http://www.ssh.com/campaign/eft/newsletter.pdf
To request an evaluation of SSH Tectia Client and Server with EFT Expansion Pack, go to: http://www.ssh.com/campaign/eft/eval-request.html
* Special Feature Topic - eBook: The Shortcut Guide to Securing Automated File Transfers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Realtime Publishers, the leader in corporate sponsored ePublishing, and SSH Communications Security have released the eBook: "The Shortcut Guide to Securing Automated File Transfers". The new eBook, authored by 24-year computing veteran Ed Tittel and exclusively sponsored by SSH, offers a consolidated explanation of the techniques that you need to know when choosing a technology or application for secure file transfer.
Read more at http://www.ssh.com/campaign/ebook/promo.html
* Tips & Tricks: Chrooting: A Popular Way to Restrict Access to the System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chrooting means configuring the file system root to be something else than the real root directory, and in SSH Tectia, this is possible on a per-user basis. Typically, chrooting is configured so that each user sees his/her home directory as the file system root, i.e. he/she can access all the subdirectories normally (based on the file system permissions) but cannot see the rest of the file system. The chrooting feature is available in all SSH Tectia Server versions on Unix platforms. Windows platforms have a similar feature called Virtual Directories.
A common use case for chrooting is when you need to give some semi-trusted outsider access to your system for uploading. Indeed, chrooting is most useful with file transfers. It is also possible to chroot terminal sessions and remote commands, but this becomes cumbersome because all binaries, libraries and configuration data related to the applications being run in the session need to be available inside the chrooted area. (Try 'ldd $SHELL' to see what is needed by the shell.)
When chrooting sftp, one should remember to deny terminal access for the chrooted users (or chroot also the terminal sessions). Otherwise the users can get around the restrictions and are able to access files outside the chrooted area using the terminal access. The selector mechanism of SSH Tectia server 5.x configuration makes it possible to select the chrooted users in a fine-grained manner.
Here is an example of chrooting sftp connections to users' home directories. For simplicity, there
are no selectors, so this applies to all users:
<services>
<rule>
<terminal action="deny" />
<subsystem type="sftp"
application="sft-server-g3"
action="allow"
chroot="/home/%username%" />
<tunnel-local action="deny" />
<tunnel-remote action="deny" />
</rule>
...
</services>
* Most Popular Documents Available at SSH Resource Center
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
** White Paper: Securing Automated File Transfers with Ease - SSH Tectia with EFT Expansion Pack
http://www.ssh.com/documents/28/SSHTectia_EFT_WhitePaper.pdf
** White Paper: Selecting Secure FTP and Telnet Replacement - Minimizing TCO
http://www.ssh.com/campaign/ftpwp/newsletter.html
* Trade Shows & Events
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upcoming events:
- San Francisco, CA, USA: RSA Conference 2007, February 5 - 8
- Tampa, Florida, USA: SHARE Technology Exchange Expo - East, February 12 - 14
- Orlando, Florida, USA: InfosecWorld Conference & Expo, March 19 - 21
- Bangkok, Thailand: Bangkok Security Summit, March 22
* SSH Headlines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
January 11, 2007
Realtime Publishers and SSH Communications Security Release The Shortcut Guide to Securing Automated File Transfers
http://www.ssh.com/company/news/2007/english/all/article/810/
January 2, 2007
SSH Communications Security Corp. wins Multi-year Frame-agreement and Major Initial Order from a World-leading US-based Retail Chain
http://www.ssh.com/company/news/2007/english/all/article/807/
December 28, 2006
Three Leading European Financial Institutions Place Major Orders for SSH Tectia for End-to-End Communications Security
http://www.ssh.com/company/news/2006/english/all/article/803/
December 20, 2006
American International Data Centre Selects SSH Tectia to Secure File Transfers Throughout the Company's Asia Pacific Networks
http://www.ssh.com/company/news/article/797/
======================================================
# SSH Tectia Newsletter Mailing List #
------------------------------------------------------
This e-mail has been sent to evaluators of SSH products and others who have been in contact with us in the past and who have agreed that we send you the SSH Tectia Newsletter.
To unsubscribe from the mailing list, send a blank e-mail to from the e-mail account you wish to unsubscribe, or visit http://www.ssh.com/company/newsroom/unsubscribe.mpl.
# SSH Security & Release Alert Mailing List #
-------------------------------------------------------
If you would like to receive security alerts and notices about new version releases of SSH products, please subscribe to SSH Security & Release Alert mailing list at http://www.ssh.com/company/newsroom/subscribe.mpl.
=======================================================
Sincerely,
SSH Communications Security >> http://www.ssh.com