Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia

Tunneling with SSH Tectia Connector

SSH Tectia Connector has been especially designed for application tunneling. It provides encryption and strong two-factor authentication to third-party network client applications. It allows a company IT administrator to install transparent network security to Windows workstations in order to secure the intranet communications of any standard applications that use TCP/IP.

SSH Tectia Connector can be used for example to secure connections from workstations to the department server room, or to connect securely to the office e-mail server and intranet from a remote location.

Architecture

SSH Tectia Connector connects to SSH Tectia Server with Tunneling Expansion Pack or SSH Tectia Server for IBM z/OS and captures all network communication originating from applications on the local workstation such as MS Outlook, MS Internet Explorer, Netscape and other software.

When an application tries to establish a connection to a remote host, SSH Capture DLL queries from the Connection Broker whether the connection needs to be blocked, passed directly or tunneled securely through an SSH Tectia Server. If the connection requires tunneling, the Connection Broker creates a TCP listener as a local tunnel end point and the application connection is redirected to that local end point.

Processes running with the SYSTEM account are passed through, and only user processes are captured. Connector uses the standard Windows Socket API.

The architecture of SSH Tectia Connector

Figure 4.5. The architecture of SSH Tectia Connector

SSH Tectia Connector directs the network communication using tunneling (port forwarding) over the secure SecSh connection to the SSH Tectia Server with Tunneling Expansion Pack, which, if necessary, relays the traffic to the destination host. The connection segment between SSH Tectia Connector and SSH Tectia Server is secure and the relayed connection between the SSH Tectia Server and the application server is unsecured. This is why it is recommended that there is at least one SSH Tectia Server in each physically secured area such as a machine room.

Connector can secure network client applications that initiate connections to server applications using TCP communications. Other network protocols such as UDP are currently not supported. Also applications that initiate connections from the server to the workstation are currently out of the scope of SSH Tectia Connector.

For example, when FTP is used in passive mode, the FTP client initiates both command and data connections to the server. This way, SSH Tectia Connector is able to capture the connections and secure them regardless of port numbers and the number of data connections. When the FTP client connects to an FTP server using active mode FTP, the FTP server initiates the data connections, and they are not captured by SSH Tectia Connector. Hence, in active mode FTP, connections are not secured.

===AUTO_SCHEMA_MARKUP===