Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Security Services

There are three core security services that are essential requirements for a secure remote access technology.

  • Confidentiality: The transmitted data must not be readable by unauthorized parties on the network. Confidentiality is achieved through encryption.

  • Integrity: Unauthorized parties must not be able to modify the data without detection. Integrity is achieved by using checksum values, which reveal tampering attempts at the receiving end.

  • Authentication: Both communicating parties must be able to identify each other reliably, so that no one else can pretend to be the other party. Authentication can be implemented by using challenge passwords, for instance. However, stronger authentication is achieved through public-key cryptography and digital signatures.

Non-repudiation is also usually mentioned along with these three services. Non-repudiation is a security service that prevents an entity from denying previous commitments or actions. However, in the context of communications security, non-repudiation is difficult to apply.

Note that the terms authentication and authorization refer to different actions. Authentication is the act of verifying the identity of an entity whereas authorization is the act of verifying whether the identified entity is allowed to perform a task such as reading a file. Authentication usually precedes authorization. Authorization is determined by an access control system.

The Secure Shell protocol provides the confidentiality, integrity, and authentication services.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more