navigation | content

Newsletters
August 30, 2007

SSH Tectia Newsletter Vol. 34 - Achieve PCI Compliance with SSH Tectia

SSH Communications Security >> http://www.ssh.com
======================================================

[ SSH TECTIA NEWSLETTER (VOLUME 34) ] < 30 August 2007 >

======================================================

  • Special Topic - Achieve PCI Compliance with SSH Tectia
  • Product News (1) - SSH Tectia Server 5.4.2 for IBM z/OS Has Been Released!
  • Product News (2) - SSH Tectia Client/Server Solution 5.3.2 Has Been Released!
  • Tips & Tricks - "I Have No Shell but I Must SFTP!" (Unix server)
  • The Most Popular Documents at SSH Resource Center
  • Webinar Information
  • Trade Shows & Events
  • SSH Headlines
  • Subscribing & Unsubscribing to Mailing Lists



* Special Topic - Achieve PCI Compliance with SSH Tectia
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
During the past years, companies around the globe have worked diligently at securing their networks and computer systems in order to become SOX- and PCI compliant.

The compliance project teams have more often than not been time and budget- constrained and have thus looked for ways to achieve compliance without complex, expensive changes to the IT infrastructure and with minimal disruption to production systems.

Some of the world's largest companies have during their projects come to realize that SSH Tectia is the ideal solution to protect their data-in-transit. They have realized that SSH Tectia not only solves their short term needs and audits requirements, but also enables them to increase the responsiveness and productivity of the operations and security groups while, at the same time, lowering the daily running cost.

Learn more about how SSH Tectia Solution helps organizations become PCI compliant:
  • Press Release: Wal-Mart Selects SSH Tectia Solution to Secure Data in Transit (August 15, 2007)
    http://www.ssh.com/company/news/article/845/
  • SSH Communications Security Corp. wins multi-year frame-agreement and major initial order from world-leading US-based retail chain (January 2, 2007)
    http://www.ssh.com/company/news/2007/english/all/article/807/
  • About PCI Data Security Standard
    http://www.ssh.com/solutions/compliance/pci.html
  • White Paper: Protecting Cardholder Data in Transit with SSH Tectia
    http://www.ssh.com/resources/pci-download.mpl
  • White Paper: Replacing FTP and Telnet in Cross-Platform Networks
    http://www.ssh.com/campaign/ftpwp/newsletter.html



    * Product News (1) - SSH Tectia Server 5.4.2 for IBM z/OS Has Been Released!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    SSH Tectia Server 5.4.2 for IBM z/OS was released on August 20. Customers with a current maintenance and support agreement can
    download it from the SSH Customer Download Center at https://downloads.ssh.com.

    SSH Tectia is the perfect solution for performing secure file transfers in a heterogeneous network with Windows, Linux, Unix and IBM z/OS machines.

    Version 5.4.2 contains the following new feature:
    • New file transfer option to allow truncation of dataset records

    For a full list of the new features, please see the release notes at http://www.ssh.com/support/documentation/release_notes/


    For more information on SSH Tectia Server 5.4 for IBM z/OS, please visit http://www.ssh.com/products/server-zos/



    * Product News (2) - SSH Tectia Client/Server Solution 5.3.2 Has Been Released!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    SSH Tectia client/server solution 5.3.2 was released on August 17. Customers with a current maintenance and support agreement can download it from the SSH Customer Download Center at https://downloads.ssh.com.

    Customers without a maintenance and support agreement, but who have bought the 5.3.x versions previously, can also upgrade to this new release by downloading the “Update Package” from http://www.ssh.com/support/downloads/.

    With this release, all features of SSH Tectia Client with EFT Expansion Pack are now supported on Microsoft Windows Server 2003. You can also now fully enjoy the FTP-SFTP conversion functionality on Microsoft Windows Server 2003.

    SSH Tectia Connector 5.3.2 is now supported also on Microsoft Windows Server 2003, in addition to Microsoft Windows XP. SSH Tectia Connector is also able to automatically use the destination host name defined in the secured third-party application as the destination of the secure tunnel. This enables securing TCP traffic between SSH Tectia Connector and several SSH Tectia Servers without having to define several Connection Profiles.

    For further information, please refer to the release notes at http://www.ssh.com/support/documentation/release_notes/

    For the complete list of supported platforms, please visit http://www.ssh.com/products/client-server/platforms.html



    * Tips & Tricks: "I Have No Shell but I Must SFTP!" (Unix server)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If you have accounts that are used only for file transfer, it is good practice to limit their access to services, following the principle of least privileges. In the SSH Server configuration, this can be done by denying remote command, terminal and tunneling access for listed users or groups of users. (For details, see SSH Tectia Server Administrator Manual, section 7.1.2, available at http://www.ssh.com/support/documentation/manuals/server/5.3/)

    However, sometimes there are many ways to access a system in addition to ssh, and it can be desirable to deny shell access on system level, e.g. by setting the login shell to /bin/false or /sbin/nologin or some other program that is listed in the system list of shells but does not start a shell. Remember that the tunneling restrictions still need to be done in the ssh-server-config.xml. But can the user transfer files, if the shell is set to /bin/false or similar?

    The default behavior in the SSH Tectia Server is to run the file transfer server for an SFTP session through the user's shell. Thus, in the above scenario, the file transfer with SFTP will not work. But starting from SSH Tectia Server version 5.3.2, it is possible to configure the SFTP subsystem to be executed directly and not through the user’s shell. This can be done using the new exec-directly="yes" argument for the SFTP subsystem:

    application="sft-server-g3"
    action="allow"
    exec-directly="yes">


    This option is available on the Unix and Linux platforms. The downside of executing the SFTP server directly, and not through the shell, is that possible shell initialization files (for non-interactive shells) will not be read. Also, user will not be able to connect to SSH Tectia Server using OpenSSH scp.



    * The Most Popular Documents Available at SSH Resource Center
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ** White Paper: Protecting Card Holder Data in Transit
    http://www.ssh.com/resources/pci-download.mpl

    ** eBook: Shortcut Guide to Securing Automated File Transfers
    http://www.ssh.com/resources/shortcut_guide.html

    ** White Paper: Selecting Secure FTP and Telnet Replacement - Minimizing TCO
    http://www.ssh.com/campaign/ftpwp/newsletter.html



    * Webinar Information
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Join SSH's webinar and learn how SSH Tectia for IBM z/OS can help enterprises ease the burden by securely tunneling FTP, converting FTP to SFTP and maintaining regulatory compliance!

    SSH Tectia for IBM z/OS is a robust mainframe security solution for securing data-in-transit and TN3270 tunneling without any modification to the existing infrastructure or applications.

    Date and time: Thursday, September 27, 2007, 11:00 am Pacific Daylight Time (GMT -07:00, San Francisco)

    Panelist(s):
    • Byron Rashed, Sr. Marketing Manager
    • Jeff DeLisio, VP Sales
    • Ivan Wallis, Sales Engineer

    To register for the event, please go to: https://ssh.webex.com/ssh/onstage/g.php?d=929132003&t=a



    * Trade Shows & Events
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Come and see us to hear the latest news at the following upcoming events: :

    • Jacob Javits Convention Center, New York, USA: Infosecurity NY, September 11 - 12
    • Caesars Palace, Las Vegas, Nevada, USA: SANS Network Security 2007, September 23 - 24
    • Tokyo, Japan: Nikkei Security Solution, October 24 - 26
    We will also be participating in various other events throughout the world. More information is available on our events site at http://www.ssh.com/company/events/.



    * SSH Headlines
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    August 15, 2007
    Wal-Mart Selects SSH Tectia Solution to Secure Data in Transit
    http://www.ssh.com/company/news/article/845/



    ======================================================
    # SSH Tectia Newsletter Mailing List #
    ------------------------------------------------------
    This e-mail has been sent to evaluators of SSH products and others who have been in contact with us in the past and who have agreed that we send you the SSH Tectia Newsletter.
    To unsubscribe from the mailing list, send a blank e-mail to from the e-mail account you wish to unsubscribe, or visit http://www.ssh.com/company/newsroom/unsubscribe.mpl.

    # SSH Security & Release Alert Mailing List #
    -------------------------------------------------------
    If you would like to receive security alerts and notices about new version releases of SSH products, please subscribe to SSH Security & Release Alert mailing list at http://www.ssh.com/company/newsroom/subscribe.mpl.

    =======================================================

    Sincerely,

    SSH Communications Security >> http://www.ssh.com