|
RUMBA Customers Get SSH Tectia Option from NetManage
Corrected: September 6, 2006
by Alex Woodie
NetManage and Finnish software firm SSH Communications Security have teamed up to give users of the RUMBA and ViewNow X Server emulation products an end-to-end security solution built on Secure Shell (SSH) protocol. By selling SSH Communications Security's Tectia suite of products directly to the NetManage installed base, the customers will get better security than if they had implemented other authentication and encryption solutions, the companies say.
SSH was created by SSH Communications Security founder Tatu Ylönen in 1995, and enables two computers to communicate securely over TCP/IP without exposing passwords or worrying about eavesdropping, connection hijacking, or exposure to other dangers, such as denial of service (DoS) attacks, IP source routing, and DNS spoofing. Since its release, the SSH protocol has been implemented on many different platforms, including Linux, AIX, and z/OS (there is, as yet, no native OS/400 port of SSH, although it does run on the iSeries via Linux or AIX), while its availability under open source license has boosted its popularity, particularly among Unix administrators remotely managing servers.
SSH by itself provides authentication and encryption over the Internet, and it is typically implemented alongside an FTP, Telnet, or other remote access products. SSH can replace Telnet outright as a way to access command line applications. Alternatively, it can be implemented in conjunction with Telnet to deliver secure "tunneling" of TCP/IP applications over the network. This tunneling is available as an option from SSH Communications Security, and is also available in the open source version of the product.
While the Open SSH protocol is available free of charge over the Internet, SSH Communications Security, which makes money by selling and supporting its own SSH implementation, called the SSH Tectia suite of products, says there are some important differences between Tectia and the open-source implementation of SSH.
First, SSH Communications Security's latest Tectia products are based on the "G3," or third-generation SSH code base, which it released earlier this year. The G3 release features streamlined code that speeds encryption processing times by a factor of two -to six, says Byron Rashed, senior marketing manager for the Americas at SSH Communications Security. This boost in speed has come in handy for some banks using Tectia to do large batch file transfers over secure FTP, Rashed says.
Rashed explains that the Tectia products are ready for the enterprise, whereas the open source version of SSH is basically an unsupported utility--and one that could potentially damage your computer. "Open SSH is not standards-based. It's a utility, not a solution that you would use in an enterprise-grade environment," he says. "In 2002, a Trojan was slipped into the code, and everybody who downloaded it that day got this Trojan. It probably was not intentional by the Open SSH developers. Open SSH are great developers. But being open code," it's somewhat open to tampering, he says.
Another advantage of the Tectia products compared to open source SSH is Federal Information Processing Standards (FIPS) 140-2 certification. FIPS certification, which ensures that cryptographic keys will be destroyed in the event that they ever leave the secure environment, is currently being mandated by the federal government for protecting sensitive information, which makes it important to companies and organizations that do business with the government. Open SSL twice failed to achieve FIPS certification, Rashed says. (Open SSH uses the Open SSL libraries, according to a NetManage spokeswoman.)
Authentication is another advantage that Tectia holds over open source SSH, the companies say. "The whole methodology of authentication is rudimentary in Open SSH. It's all host- and key-based," says Sam Morris, product manager for Cupertino, California-based NetManage. "With Tectia client, it expands to include things like X.509 certificates and Kerberos."
Morris also cites the Tectia SSH products' advantages over another competing standard: Secure Sockets Layer (SSL) encryption, which is the preferred method of NetManage's main competitor in the emulator market, IBM.
Cross-platform support is one of the primary advantages that Morris sees for using Tectia SSH products. "The advantage we see in leveraging SSH is the growth of types of connectivity, not historically just what people use RUMBA for, but the wider use of client-server technologies," Morris says. "With this relationship, we can provide enhanced encryption and authentication that are above what SSL offers."
SSH is also easier to set up than SSL, Morris says. "SSH is really transparent," he says. "You don't have to teach a client application to speak SSH, like you do with SSL."
Rashed agrees that SSH is easy to use. "You don't have to modify any of the existing applications or infrastructure," he says. "It's a very simple tool to use for administrators to lock down Telnet."
As part of the agreement between the companies, NetManage is reselling the complete SSH Tectia suite, including SSH Tectia Client, Tectia Server, and Tectia Manager, to RUMBA and ViewNow X Server host access customers. SSH Communications Security will provide support for customers who buy Tectia products through NetManage. In the future, the reseller partnership may extend into a development partnership that will see tighter integration between NetManage's Telnet products and the Tectia products.
The companies have yet to announce finalized pricing for the products. For more information, visit www.netmanage.com and www.ssh.com.
RELATED STORY
New SSH Options Make Their Way to iSeries
This article has been corrected. Open SSL failed to achieve FIPS certification, not Open SSH, although Open SSH does use the Open SSL libraries. IT Jungle regrets the error.
|
