|
Authentication & Encryption
| Hardware Acceleration | Port Forwarding
| Management Framework
SSHield is a robust, open-standards based, small-footprint
Secure Shell implementation. Derived from OpenSSH,
SSHield integrates the core server and client components needed to implement a
secure communication channel over insecure networks. Its unique, advanced features
include a suite of secure applications such as secure copy (scp), secure FTP (sftp
and sftpd), a built-in version of crypto modules and APIs for hardware acceleration
of cryptography modules. It features enhanced memory management and CLI utility
functions to get your secure application up & running in little time. Given
its ability to scale out optional features, SSHield is ideal for use in low-resource
embedded environments.
The SSHield implementation of the SSHv1 protocol uses RSA based authentication
and encryption using public-key cryptography. SSHield’s SSHv2 protocol uses
DSA based authentication, and provides additional methods for
encryption:
- AES
- 3DES
- Blowfish
- CAST128
- Arcfour
SSHv2 also provides hmac-sha1 and hmac-md5 hashing methods.
SSHield has hooks for customizing the authentication to plug
in to various standards such as RADIUS, Kerberos or other proprietary authentication
schemes.
 Top
SSHield’s included crypto library contains APIs to support hardware accelerators.
Some of the accelerators supported include:
- Rainbow CryptoSwift
- Compaq Atalla
- nCipher CHIL
Top
SSHield’s port forwarding is a powerful feature that allows transparent
and secure forwarding of TCP connections from one network node to another. Using
this powerful mechanism, legacy insecure applications can be secured by redirecting
traffic through the encrypted tunnel provided by SSHield. Security of the forwarded
ports at the remote end can be further augmented by complementing the network
security features of SSHield with a packet filtering firewall, such as TeamF1’s
FireFly, which gives fine-grained control over the accessibility of application
ports from the public network, while at the same time allowing full access from
within the tunneling capabilities of SSHield. Where exposure of these ports is
not as big a concern, SSHield contains rudimentary IP-level blocking facilities
to restrict outside connections that originate from specific IP addresses.
Top
SSHield provides API routines to administer a database of permitted RSA and DSA
keys, and toconfigure SSHield server options. Password authentication is managed
by a table-driven mechanism, which can be manipulated programmatically as well.
External authentication mechanisms such as those using smart cards, RADIUS, Kerberos
and other custom methods are easily incorporated into the Secure Shell framework
using configurable call-outs. Similar flexible hooks are provided for user-configurable
data sources used by SFTP services instead of direct accesses to the file-system.
Top
|
