|
|
|
About
|
Secure Connections
|
 |
|||
What is a secure connection?If you login to a system using the standardtelnet or
rlogin services then all the data for that connection is
sent raw, including your username and password. Any information that you
then see on your screen and that you type is
also sent 'in the clear'. This makes life particularly easy for
those internet beings who want to use accounts without authorisation.
Services which are insecure include (but are by no means restricted to):
A representation of the connection might be like this:
Once someone has got your username and password there are a number of things they can do, many of which are rather nasty! Of course, the problem is that they all get blamed on you, and it often takes a lot of work to prove otherwise. A secure connection implements some sort of encryption over the connection. This means that data is encrypted as it gets sent, and decrypted on reception. As a result it is a lot harder for someone to extract the real data if they manage to suck it off during transfer. Notice that this extraction is not necessarily impossible, just more difficult.
There is a subtlety which confuses some people who are new to the secure connection concept. This is the fact that each link in a chain of connections must be separately secure - a single insecure connection makes the entire chain insecure, such as illustrated in the next diagram of an insecure connection. Note that the insecure second portion means that any data which goes to or comes from the end machine is insecure, which in general invalidates the security of both parts.
All of the CompSoc computers support the secure shell which
implements this security technique. This can be used for both incoming
and outgoing connections (such as logging on to List of Secure Shell Clients for Windows and Linux. | |||||