2 DNS poisoning occurs when an intruder cracks a DNS server, pointing client systems to a maliciously duplicated host.3 IP spoofing occurs when an intruder sends network packets which falsely appear to be from a trusted host on thenetwork.these threats can be categorized as follows:• Interception of communication between two systems — In this scenario, the attacker can besomewhere on the network between the communicating entities, copying any informationpassed between them. The attacker may intercept and keep the information, or alter theinformation and send it on to the intended recipient.This attack can be mounted through the use of a packet sniffer — a common network utility.• Impersonation of a particular host — Using this strategy, an attacker's system is configured topose as the intended recipient of a transmission. If this strategy works, the user's systemremains unaware that it is communicating with the wrong host.This attack can be mounted through techniques known as DNS poisoning2 or IP spoofing3.Both techniques intercept potentially sensitive information and, if the interception is made forhostile reasons, the results can be disastrous.If SSH is used for remote shell login and file copying, these security threats can be greatlydiminished. This is because the SSH client and server use digital signatures to verify theiridentity. Additionally, all communication between the client and server systems is encrypted.Attempts to spoof the identity of either side of a communication does not work, since eachpacket is encrypted using a key known only by the local and remote systems.2. SSH Protocol VersionsThe SSH protocol allows any client and server programs built to the protocol's specifications tocommunicate securely and to be used interchangeably.Two varieties of SSH (version 1 and version 2) currently exist. SSH version 1 makes use ofseveral patented encryption algorithms (however, some of these patents have expired) and isvulnerable to a well known security exploit that allows an attacker to insert data into thecommunication stream. The OpenSSH suite under Red Hat Enterprise Linux uses SSH version2 which has an enhanced key exchange algorithm not vulnerable to the exploit in version 1.However, the OpenSSH suite does support version 1 connections.ImportantIt is recommended that only SSH version 2-compatible servers and clients areused whenever possible.Chapter 20. SSH Protocol356
