Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
68697071727374757677
Solaris 9 Security CX-310-301 74
warning: ultra1: hostname alias
warning: (official name: ultra1.mobileventures.homeip.net)
client: hostname ultra1.mobileventures.homeip.net
client: address 192.168.1.1
server: process in.telnetd
matched: /etc/hosts.allow line 1
access: granted
Cryptology
Terminology
This section describes a number of terms used in cryptology:
¾ Secret-key – Also known as private-key and symmetric key. It describes a method by which date
is encrypted and decrypted using the same key. This method is less secure than the public-key
method because there is a vulnerability when the key is distributed to other systems that need to
send or receive secure data. If an attacker obtains this key, then the data can easily be converted to
plain text and read
¾ Public-key – Also known as public and private key pairs and asymmetric keys. It describes a more
secure method where two keys work in partnership to send and receive secure data. One key is
used to encrypt the data (a private key, which is only held by the sender and a public key, which is
used to decrypt the data that is received. Because the private key is kept secret by the sender, the
receiver of data can authenticate its origin. Only the public key is distributed to other hosts that
need to receive secure data.
¾ Hash Function – Also known as hash algorithms, these provide the mechanism for encrypting
data and checking its integrity. Popular hash functions include the Message Digest algorithm
number 5 (MD5), a 128-bit algorithm and the Secure Hash Algorithm (SHA-1), a 160-bit
algorithm. Hash functions can be used to detect whether data has changed during transit, whether
from corruption on the network or maliciously.
¾ Encryption – This ensures that data in transit cannot be read by an attacker, even if access to the
data itself is obtained. You should note that encryption only applies to data whilst it is in transit.
¾ Authentication – The action of reliably determining the sender’s or receiver’s identity.
Solaris Secure Shell
The Secure Shell (SSH) is delivered as part of the standard Solaris 9 implementation and provides secure
network connectivity between hosts, replacing insecure alternatives like ftp, telnet and rcp.
SSH comes with a number of tools:
¾ sftp – Secure ftp
¾ sftp-server – Secure ftp server