Index

Internet Protocol (IP) Page

Internet Protocol (IP) is the technology that allows data to cross networks, using a destination address (IP address) to make sure it reaches the right place. IP protocol provides no guarantees that the datagram successfully reaches the receiver, so the datagram either goes to right place or does not get there. If the loss of the packet is considered a problem it is up to the upper level protocols and/or application run on top of IP to detect the loss of the packets and retransmit those lost packets if necessary. Transmission Control Protocol (TCP) ensures the correct delivery of that data or its re-transmission if it gets lost. TCP automatically retransmits packets, which have not reached the receiver within defined time bounds. Together they form a powerful networking system that is called TCP/IP. TCP/IP is the protocol that runs Internet.

TCP/IP is a layered set of protocols that forms the basis of all communications in the Internet. The most important protocols of the suite are Internet Protocol (IP), Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Most of the other protocols in the TCP/IP suite are built on top of those three protocols. The current IP protocol version in wide use is IP protocol version 4, known as IPv4. The newest version of IP protocol is IP version 6, which is not yet in wide use outside research laboratories and test networks. The rest of the document refers in technical details to currently used IPv4 protocol (some details like addressing are different in IPv6, nut most basics are the same).

IP datagrams can have variable size from 20 bytes up to 64 kilobytes. The first 20 bytes of IP datagram contain the IP packet header information. That header part of IP packet is protected by header checksum included in the header. After the header it is possible to have optional IP header options, which are quite rarely used. Next comes the actual data included in the IP packet. Because of the limitations of the maximum packet sizes in different networks, the IP datagrams are seldom bigger than few kilobytes. A typical IP packet travelling in the network has size from 40 bytes to 1500 bytes. The maximum packet size of 1500 byte comes from the maximum packet size available on Ethernet networks where most of Internet traffic is originating. IP protocol is designed in such way that it can be adapted to be transported to almost any imaginable networking technology. IP is oten transported over Ethernet, serial data lines like traditional modem lines (PPP), ATM network and many other networking technologies. Different networking technologies have different limitations, for example different maximum packet size they can properly handle. If the packet sent to network is larger than underlying network can handle, there are provisions to split datagrams up into pieces. This process is referred to as fragmentation. The IP header contains fields indicating that datagram has been split, and enough information to let the receiver to put the pieces together. This is transparent to the users and normal applications. To optimize the network use some upper protocols like TCP have an option to negotiate the optimum packet size so that the packet can pass through the network without fragmentation. In practice, in well operating networks fragmented IP packets are very rare.

The development of TCP/IP protocol suite began in the late sixties as a research project funded by the US government and military. Nowadays the Internet Society (ISOC), the Internet Architecture Board (IAB), the Internet Engineering Task Force (IETF) and the Internet Research Task Force (IRTF) control its development.

All the official standards related to TCP/IP protocol suite are published as RFCs. The Requests for Comments (RFCs) form a series of published notes, started in 1969, about the Internet (originally the ARPANET). The notes discuss many aspects of computer communication, focusing on networking protocols, procedures, programs, and concepts but also including meeting notes, opinion, and sometimes even jokes. The RFCs are identified by unique numbers, with higher numbers for newer RFCs. RFC publications do not have a status of official standard, but the protocols published in them can be considered to be kind of Internet de-facto standards.

The Internet is a gigantic collection of millions of computers, all linked. Internet is a collection of very many individual networks that are interconnected and run TCP/IP protocol. Internet consits of 250 000-plus networks, all using the same technical standards (TCP/IP).

The network allows all of the computers to communicate with each nother and allows over a billion people to get online. Internet is an internetwork, which means that it is a collection of individual networks, connected by intermediate networking devices, which function as a single large network. The network contains lots of different types of computer and network devices, but they can all communicate together, because they use the same TCP/IP protocol suite and the network is sensibly structured to sub-networks.

Internet is based on TCP/IP protocol suite and the "catenet model". This model assumes that there are a large number of independent networks connected together by gateways. The user should be able to access computers or other resources on any of these networks. Datagrams will often pass through a dozen different networks before getting to their final destination.

Different networks consist of routers connected to each other using some suitable data connection. The router works so that it takes packets from the incoming network links and forwards them to the outgoing links to the direction they should go to reach their destination. The task of finding how to get an IP datagram to its destination is referred to as 'routing'. The process of Internet traffic routing consts of determinign suitable packet forwarding tables (routing tables) and then forwarding IP packets between diffent network interfaces within router based on the instructions in the forwaring table. Normal IP packet forwarding is based entirely upon the network number of the destination address. In more complex cases the network routing and forwarding processes might take also consideration on the other fields in the IP header like source IP address (for source routing), protocol contained in the packet, type of service (TOS) field or other information contained in the packet. The most complex packet forwarding devices like firewalls and layer 4 switches might even take a look inside the data contained in the IP packet in the decision process.

When a computer wants to send a datagram, it first checks to see if the destination address is on the system???s own local network. If so, the datagram can be sent directly. Otherwise, the system expects to find a routing table entry for the network that the destination address is on. The datagram is sent to the gateway listed in that entry. In large networks, like Internet, this routing table can become quite big. Various strategies have been developed to reduce the size of the routing table maintained in a computer. Most often used strategy is to depend upon "default routes". Often, there is only one gateway out of a network. In this way the computers inside a network need only know to one gateway address.

The gateways/routers, which connect multiple networks, can???t depend upon this strategy. They have to have fairly complete routing tables. A routing protocol is simply a technique for the gateways to find each other, and keep up to date about the best way to get to every network. There are multiple network routing protocols in use including RIP, EGRP and OSPF.

In general, all of the machines on the Internet can be categorized as two types: servers and clients. Those computers that provide services are servers. Computers that are used to connect to those services are clients. A server computer may provide one or more services on the Internet. Most common services provided by Internet servers are name service (DNS), e-mail services (SMTP), web services (HTTP) and file downloading (FTP) services. A computer running a multitasking operating system like Windows, Linux or any UNIX version can act at the same time as client and server.

Each computer connected to the Internet is assigned an unique address called IP address. IP addresses are 32-bit numbers, normally expressed as 4 "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137

The four numbers in an IP address are called octets, because they can have values between 0 and 255, which means 2^8 possibilities per octet. The Internet is made up of millions of computers and routers, each with an unique IP address. A server has typically a static IP address that does not change very often. A home machine that is dialing up through a modem often has an IP address that is assigned by the ISP. This kind of ISP assigned IP address can be different every time an user dials through the modem line. The modern broadband connections like ADSL, cable modem, etc. can have addressing system that allocated fixed addresses, allocated new address every time or something in between (usually certain addresses are allocated for users for some time to come and can change after that if needed).

Because most people have trouble remembering the strings of numbers that make up IP addresses, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, which consist of computer name and domain name.

The DNS (Domain Name System) is the address book of the internet, matching numeric IP addresses to alphabetic addresses such as www.epanorama.net. People find easier to use and remember those than numeric addresses like 127.0.0.1. Using names has also the benfit that the computers operating different services can change their IP addresses, but people will still easily find them with the same name, when the name to address mapping is updated when IP address changes. There is no single central list of everyone's internet address, because that would be a very huge and too bigh for anyone single source to handle. But instead of one central the DNS system splits addresses into their constituent parts - called domains - and gives each machine in the network enough information to know where to locate the next machine down the line. This is known as a distributed database.

Although the DNS is a distributed database it needs a starting point, a list of where to go for the first part of an internet address and start a search for a particular machine. This list of where to start is called the root zone file. It is a list of 248 country code top-level domains (ccTLDs) - such as .uk and .fr - as well as 14 generic top-level domains (gTLDs), which are subject-based such as .com and .net and .org. The list, held on 13 machines across the world.

The Internet Corporation for Assigned Names and Numbers (ICANN) is a not-for-profit organisation that manages the DNS. It decides who gets to operate the most basic domains, the top-level domains such as .com and .org as well as all the world's country codes. It is responsible for allocating space on the internet. ICANN was set up in California under contract to the department of commerce, thus in practice US government is more or less overseeing the internet's address structure, called the domain name system (DNS).

Most often IP traffic is nowadays transported uing Ethernet network. Ethernet systems (comprising interface controllers, bridges, routers, management systems and other devices) represent the most widely deployed networking technology in history. Many of the current and proposed next-generation residential broadband access technologies advocate the use of Ethernet as the universal service interface technology. It is useful to understand how IP over Ethernet works. Ethernet system has its own addressing which uses 48 bits long addresses. Each Ethernet network interface card comes with a unique address built in from the factory, so users can just plug Ethernet components together with need to worry about the Ethernet addressing. To be able to send packet from one computer to another in Ethernet network, the computers need to know the Ethernet address of other end. For this each computer connected to network has to have a table which maps IP addresses to Ethernet addresses. This table is called ARP table. To figure out what Ethernet address to use for the first time, there is a separate protocol for this, called ARP (address resolution protocol) is used. When a computer needs to know the Ethernet address of a certain other computer, it sends an ARP request to the network as broadcast message. Every computer in the network listens to ARP requests and they will respond with an ARP reply if they get an ARP request meant for them. The computer that sent the ARP request will save the information from ARP reply to its ARP table for future use. Most systems treat the ARP table as a cache, and clear entries if they have not been used for a certain period of time.

Ethernet layer takes the IP packet data as it is and adds it???s own header before the actual IP packet and a packet checksum after the packet. The checksum (CRC) is used for checking on the receiving end that the packet received from the network is received correctly. If the data is not received correctly, the computer receiving the packet will discard it. Because of the data length inside Ethernet must be a multiple of 4 bytes and the length of IP packet can be any number of bytes, there are sometimes need to add 1-3 bytes of padding in the end of IP packet to make the total data length to be multiple of four bytes. This padding is only added in the Ethernet layer is not seen by upper level protocols.

It is often necessary to understand also some details of TCP, UDP and ICMP protocols to understand how Internet networkign works.

The Transmission Control Protocol (TCP) provides a reliable connection-oriented inorder transport service for today???s Internet applications. Given the simple best-effort service provided by typical IP networks, TCP must cope with the different transmission media crossed by Internet traffic. Most Internet traffic originate from TCP sources. Transmission Control Protocol (TCP) is a reliable connection-oriented byte-stream transport level protocol built on top of IP. This means that TCP datagrams are always carried inside IP packets. TCP is responsible for breaking up the message into datagrams, reassembling them at the other end, re-sending anything that gets lost, and putting things back in the right order. To provide the reliable operation, the TCP is designed as a reliable window-based acknowledgement-clocked flow control protocol. Basically this means that TCP connection end points acknowledge received packets to the sender and the sender retransmits if it does not get acknowledgement from the receiver. Connection-oriented protocol means that before the end points are able to communicate using TCP, a connection has to be established. In addition to IP addresses used by IP, TCP uses 16-bit integers called port numbers for identifying the communication end points. TCP port numbers are needed because one computer can have many communication end points used by different application programs and services. Some of the port numbers are standardized to be used by certain services (for example port 80 for HTTP protocol used to run WWW system).

A TCP-connection appears to be a two-way data stream, without datagram structure evident. IP-addresses and TCP-port numbers of the end points identify a TCP connection. IP-address - TCP-port pairs are commonly called sockets. The data that an application sends using TCP may be sent in varying sized datagrams, depending how TCP decides to send it. All good TCP implementations use automatic MTU discovery based on ICMP protocol to decide the optimum size of datagrams to send to network (to avoid packet fragmentation on the way). TCP is designed to automatically adapt its sending rate to available network capacity. To do this TCP has a flow-control mechanism, which dynamically adapts to the available network transport capacity and capacity of the receiving end to consume data. The basic idea of TCP operation is that it first probes the network speed and starts using it. If network is congested, TCP reduces its transmission rate and if network has free available capacity, TCP increases its sending rate to take use of it. TCP flow-control mechanism provides both efficient adaptation of the underlying network capabilities and fair share of the network bandwidth to the TCP connections sharing the network. Because TCP protocol operates like this, the connection is always slow at the start, but starts to quite quickly accelerate to use the available network speed. And when it has reached the available speed, the transmission speed tends to oscillate around the optimum transmission speed. In practice the TCP protocol works amazingly well with variable network speeds and network capabilities. Because it???s good operation it is utilised in most of the application level protocols used to implement Internet services. Common protocols like HTTP, TELNET, FTP, SNMP, NNTP and SSH are all built on top of TCP.

This Chart shows a couple "common" TCP Ports:
TCP Port # Daemon Use
21 FTP File Transfer Protocol
22 SSH Secure Shell
23 Telnet Terminal Emulation
25 SMTP outgoing mail
80 HTTP Web Server
110 POP3 incoming mail
123 NTP Network Time Protocol
143 IMAP4 incoming mail
194 IRC Internet Relay Chat

Other popular protocol used in Internet is UPD (Universal Datagram Protocol). It simply just packs datagrams inside IP packet. UDP protocol does not contain any checking if the transmitted packet reaches its destination. Hence it avoids the overhead of retransmission in the case of error or lost packets. This kind of protocol is suitable for applications like IP telephony and video streaming, where it is necessary to get packets to other end with as little delay as possible, but few lost packets do not cause too much problems. UDP does not include transport-level congestion control, which implies that the amount of traffic transmitted to network is entirely limited by application-level congestion control. By using UDP application which does not have any application-level congestion control it is possible to fill the congested network completely with UDP traffic which does not stop until the application stops transmitting. Bandwidth hungry applications, which use UDP, should be used with caution.

ICMP (Internet control message protocol) is a protocol for control messages. ICMP is used for error and other messages intended for the TCP/IP software itself rather than for any particular user program. For example, if you attempt to connect to a host, your system may get back an ICMP message saying "host unreachable". ICMP packets are used for network routing controlling, testing network operation (MTU discovery) and to indicate failure for other protocols (such as TCP and UDP). Widely used network-analyzing programs "ping" uses ICMP protocol???s mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway to probe the "distance" to the target machine. The program "traceroute" is a network-analyzing program uses ICMP protocol to analyze the route IP packets take in the network. Both ping and traceroute are part of the toolkit (usually included witin modern operating systems) used by network administrators that operate IP networks.

Internet today offers wide variety of services. The applications, which use TCP protocol, use the most of the network capacity. Most of that TCP traffic is generated by HTTP protocol used in World Wide Web and by peer-to-peer networks. Other popular TCP based protocols in use are NNTP for transporting Usenet news discussions and SMTP for delivering Internet mail. Besides those traditional applications new bandwidth hungry applications such as internet telephony (video telephony), audio/video streaming and various peer-to-peer networking technologies are taking increasing amount of network bandwidth.

    System and network administration and security

    Internet security is the practice of protecting and preserving private resources and information on the Internet. The internet has become more dangerous over the last few years. The amount of traffic is increasing and more important transactions are taking place. With this the risk from people trying to damage, intercept or alter your data grows. Network security threats:

    • Faults in servers (OS bugs, installation mistakes): most common holes utilized by hackers
    • Weak authentication
    • Hijacking of connections (especially with unsecure protocols)
    • Interference: jamming and crashing the servers using for example Denial of Service (DoS) attacks
    • Viruses with wire range of effects
    • Active content with trojans
    • Internal threats
    Computer and network security are challenging topics executives and managers of computer corporations. Enterprise management teams are often not aware of the many advances and innovations in Internet and intranet security technology. Without this knowledge, corporations are not able to take full advantage of the benefits and capabilities of the network. Key elements of working datasecurity:
    • Psychological datasecurity
    • Administrative datasecurity
    • Technical datasecurity
    • Physical security
    Together, network security and a well-implemented security policy can provide a highly secure solution. Employees can then confidently use secure data transmission channels and reduce or eliminate less secure methods (unsecure networking practices, photocopying proprietary information, sending sensitive information by fax, placing orders by phone, etc.).

      Internet security protocols

      Security protocols are essential to keep your secret information (like paswords) secret. Examples of unsecure protocols: Telnet passes passwords over the network in clear-text (i.e.unencrypted) form. A packet sniffer then could extract yoursystem's root password. This same applies to to FTP protocolas well. In web in normal HTTP sessions the user names and passwords (both ones written to forms or to user authentication boxes) are transferred practically in plain text format over the network. To get more security to your system the unsecure protocolsneeds to be replaced with more secure ones. Telnet sessions should not be used for system administration anywhereoutside trusted network, instead of Telnet use SSH for this and you aresafe. For file transfers the use of SCP or SFTP is preferred overunsecure FTP. In web applications where information should be secure, secure web protocols should be used (HTTPS, SSL etc.). In applications where you can't avoid the use of unsecure protocols minimize the risk by changing the passwords often (and do thepassword changes preferably over some secure connection).

      • How SSL Works - This document explains how Netscape uses RSA public key cryptography for Internet security. Netscape's implementation of the Secure Sockets Layer (SSL) protocol employs the techniques discussed in this document.    Rate this link
      • HTTP Over TLS - SSL, and its successor TLS [RFC2246] were designed to provide channel-oriented security. This document describes how to use HTTP over TLS.    Rate this link
      • IP Security Protocol (ipsec) - Ipsec is designed to provide cryptographic security services that will flexibly support combinations of authentication, integrity, access control, and confidentiality.    Rate this link
      • Secure Shell (secsh) - The goal of the working group is to update and standardize the popular SSH protocol. SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwardings. It can automatically encrypt, authenticate, and compress transmitted data.    Rate this link
      • The SSH Protocol - SSH provides support for secure remote login, secu e file transfer, and secure TCP/IP and X11 forwardings. It can automatically encrypt, authenticate, and compress transmitted data. This page has lots of information on SSH 1.5 and SSH 2 protocols.    Rate this link
      • The SSL Protocol Version 3.0 - This document specifies Version 3.0 of the Secure Sockets Layer (SSL V3.0) protocol, a security protocol that provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. SSL is widely used for securing web page access.    Rate this link
      • The TLS Protocol Version 1.0 - This document specifies Version 1.0 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. TLS is a protocol that is run on the top of TCP/IP. TLS implements strong cryptographic protection for internet data by running an extra protocol on the top of a TCP/IP stream. Therefore TLS protects single TCP/IP session.    Rate this link

      Virtual Private Networks (VPNs)

      A Virtual Private Network, VPN, is a secure "network" built on top ofa public/unsecure network. It is called virtual because no new physical connection lines are required. A VPN runs over a network transport protocol such as TCP/IP. Devicess ending packets over the VPN do not know it's a virtual network, but they do see it as a different network.

      With the use of cryptography, hosts communicate with each other in a secure manner by exchanging information that is ciphered. All other computers connected to the public network are not able to "interpret" the packets exchanged among VPN servers, although, they may actually receive those ciphered packets.

      Secure VPN (SVPN) use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. Such virtual private network (VPN) is a tool that enables the secure transmission of data over untrusted networks such as the Internet. VPNs commonly are used to connect local area networks (LANs) into wide area networks (WANs) using the InternetA VPN is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

      An Internet-based virtual private network (VPN) uses the open, distributed infrastructure of the Internet to transmit data between corporate sites. There is also technologies (e.g. GRE from Cisco) that are similar toVPN, except that it is 100% transparent (at least in theory). Soi nstead of a new network for the tunnel, the tunnel would be part in an existing network.

      There are three major families of VPN implementations in wide usage today: SSL, IPSec, and PPTP.

      IPsec (IP security) is a standardized framework for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in data stream. There are two modes of IPsec operation: transport mode and tunnel mode. In transport mode only the payload (message) of the IP packet is encrypted. It is fully-routable since the IP header is sent as plain text (however, it can not cross NAT interfaces that change the contents of IP header). In tunnel mode, the entire IP packet is encrypted. It must then be encapsulated into a new IP packet for routing to work. Tunnel mode is used for network-to-network communications (secure tunnels between routers) or host-to-network and host-to-host communications over the Internet. The IPSec protocol is designed to be implemented as a modification to the IP stack in kernel space. Historically, one of IPSec's advantages has been multi-vendor support. IPsec has very many possible configurations, some of which produce insecure architectures (complexity is the enemy of security).

      SSL used either for tunneling the entire network stack, such as in OpenVPN, or for securing what is essentially a web proxy. Although the latter is often called a "SSL VPN" by VPN vendors, many implementations not really a fully-fledged VPN. The main architectural advantage of SSL VPNs is that they shed the complexity of IPsec in exchange for the simple, well tested SSL/TLS structure for their cryptographic layer. SSL VPNs allow users to connect to the central VPN using any machine they happen to find.

      The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. The PPTP protocol works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session. PPTP is difficult to forward past a network firewall because it requires two network sessions. While the PPTP protocol has the advantage of a pre-installed client base on Windows platforms, analysis by cryptography experts has revealed security vulnerabilities.

      There are also other ways to build VPN than encryption. Trusted VPN do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. Multi-protocol label switching (MPLS) is commonly used to build trusted VPN. Other protocols for trusted VPN include L2F (Layer 2 Forwarding) developed by Cisco.

      Some large ISPs now offer "managed" VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. In addition to providing remote workers with secure access to their employer's internal network, sometimes other security and management services are included as part of the package, such as keeping anti-virus and anti-spyware programs updated on each client's computer.

      • Setting up a VPN Gateway - The VPN firewall discussed in this article will run on just about any 486-or-better PC that has 16MB or more main memory and two Linux-compatible Ethernet network cards. This article shows you how to set up, at minimal expense, a working VPN gateway that uses the IETF's (Internet Engineering Task Force) IPSec (internet protocol security) specification.    Rate this link
      • Virtual Private Networks (VPNs) - This tutorial addresses the basic architecture and enabling technologies of a VPN. The benefits and applications of VPNs are also explored. Finally, this tutorial discusses strategies for the deployment and implementation of VPNs.    Rate this link
      • Why TCP Over TCP Is A Bad Idea - A frequently occurring idea for IP tunneling applications is to run a protocol like PPP, which encapsulates IP packets in a format suited for a stream transport (like a modem line), over a TCP-based connection. This would be an easy solution for encrypting tunnels by running PPP over SSH, for which several recommendations already exist (one in the Linux HOWTO base, one on my own website, and surely several others). It would also be an easy way to compress arbitrary IP traffic, while datagram based compression has hard to overcome efficiency limits. Unfortunately, it doesn't work well. Long delays and frequent connection aborts are to be expected. Here is why.    Rate this link
      • Point-to-point tunneling protocol    Rate this link
      • Virtual private network - description from Wikipedia, the free encyclopedia    Rate this link
      • IPsec    Rate this link
      • OpenVPN - OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.    Rate this link

      IPsec

      IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are fromthe right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gatewaymachine and decrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This is a network which is effectively private even though it includes machines at several different sites connected by the insecure Internet.

      VPN Software

      • CIPE - Crypto IP Encapsulation - This is an ongoing project to build encrypting IP routers. It works by tunneling IP packets in encrypted UDP packets. The protocol is designed to be lightweight and simple. CIPE s designed for passing encrypted packets between prearranged routers in the form of UDP packets. This is not as flexible as IPSEC but it is enough for the original intended purpose: securely connecting subnets over an insecure transit network.    Rate this link
      • CIPE-Win32 - Crypto IP Encapsulation for Windows NT/2000 - CIPE-Win32 is a port of Olaf Titz's CIPE package from Linux to Windows NT. It is protocol compatible with versions 1.3.0 and greater of the Linux implementation. It OS compatible with Windows NT4.0 SP3 - SP6 and Windows 2000.    Rate this link
      • Kame - KAME Project is a joint effort of seven companies in Japan to provide a free IPv6 and IPsec (for both IPv4 and IPv6) stack for BSD variants to the world.    Rate this link
      • Linux FreeS/WAN - Linux FreeS/WAN is a free implementation of IPSEC & IKE for Linux. FreeS/WAN project's primary objective is to help make IPSEC widespread by providing source code which is freely available, runs on a range of machines including ubiquitous cheap PCs, and is not subject to US or other nations' export restrictions.    Rate this link
      • OpenVPN - OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls    Rate this link

      Building VPN

      • Encrypted Tunnels using SSH and MindTerm HOWTO - MindTerm is an an implementation of a secure shell client in pure Java supporting both the ssh1 and the ssh2 protocols. SSH and MindTerm will work together to use a technique called port forwarding, which can be used to implement Virtual Private Network (VPN). This port-forwarding can only be done with TCP services.    Rate this link

      Network naming and address allocation

      The Dynamic Host Configuration Protocol (DHCP) is an Internet protocol for automating the configuration of computers that use TCP/IP. DHCP can be used to automatically assign IP addresses, to deliver TCP/IP stack configuration parameters such as the subnet mask and default router, and to provide other configuration information such as the addresses for printer, time and news servers. With DHCP the IP address space is efficiently used because IP addresses are "leased" to clients for a limited time and after that "recycled". DHCP eliminates the need for a system administrator to keep a manual log of all IP addresses. The standards on DHCP are RFCs 1541, 1542, 2131 and 2132. The Domain Name System (DNS) is a distributed Internet directory service. DNS is used mostly to translate between domain names and IP addresses, and to control Internet email delivery. Most Internet services rely on DNS to work, and if DNS fails, web sites cannot be located and email delivery stalls.

      Network management

      The most often used network management protocol in modern computer networks is SNMP. SNMP lets TCP/IP-based network management clients exchange detailed information about their configuration and status.

      The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. The Simple Network Management Protocol (SNMP) is a request/response protocol that communicates management information between two types of SNMP software entities: applications and agents.

      An SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs).

      A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.

      An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

      An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.

      An SNMP community is a group of managed devices and network management systems within the same administrative domain. SNMP community table enables you to control SNMP access to the device. For security reasons, the SNMP agent validates each request from an application before responding to the request. The validation procedure consists of verifying that the application entity belongs to an SNMP community with access privileges to the agent. When a device receives an SNMP request packet, it compares the SNMP community name in the packet with those in its SNMP community table. If the name is not found, the request is denied and an error is returned. If the name is found, the associated access level is checked and, if the access level allows the request, the request is performed. All message exchanges have an SNMP community name and a data field. The data field contains the SNMP operation and its associated operands.

      SNMP uses trap messages to provide automatic event notification. Rather than waiting for the SNMP application to query the agent about the event, the agent automatically sends reports (traps) to the application when certain events occur. The network administrator should be aware that trap messages are not guaranteed to be reliable and are not intended to replace polling, only to supplement it. The trap messages require a certain amount of the SNMP agent's resources. Occasionally, trap messages are not delivered due to a lack of these SNMP agent resources. Traps should only be considered hints to the management application that a significant event has occurred in the device. The network administrator should then run polling to get more information on the event.

      The information that SNMP can attain from a network is defined as a MIB (Management Information Base). A Management Information Base (MIB) is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers. MIBs are structured like trees. At the top of the tree is the most general information available about a network. Each branch provides more details about specific network areas. The leave, or end nodes, provide the most detailed information about the network and/or device. A managed object (sometimes called a MIB object, an object, or a MIB) is one of any number of specific characteristics of a managed device. Managed objects are comprised of one or more object instances, which are essentially variables. Two types of managed objects exist: scalar and tabular. Scalar objects define a single object instance. Tabular objects define multiple related object instances that are grouped in MIB tables. An object identifier (or object ID) uniquely identifies a managed object in the MIB hierarchy. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. The managed object atInput can be uniquely identified either by the object name?iso.identified-organization.dod.internet.private.enterprise.cisco.temporary variables.AppleTalk.atInput?or by the equivalent object descriptor, 1.3.6.1.4.1.9.3.3.1.

      A MIB is often referred to as a database. A MIB is not a database. A MIB is a file, written in a specific language that lists variables. It assigns each variable a name, a number, and a set of permissions. It may also provide a description of what the variable is supposed to represent. Since everything in SNMP is an action on a variable, this is very important.

      Two versions of SNMP exist: SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). Both versions have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations. Standardization of yet another version of SNMP?SNMP Version 3 (SNMPv3)?is pending.

      SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. It is described in Request For Comments (RFC) 1157 and functions within the specifications of the Structure of Management Information (SMI). SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMPv1 is widely used and is the de facto network-management protocol in the Internet community.

      An SNMP operation takes the form of a Protocol Data Unit (PDU), basically a fancy word for packet. Version 1 SNMP supports five possible PDUs:

      • GetRequest / SetRequest supplies a list of objects and, possibly, values they are to be set to (SetRequest). In either case, the agent returns a GetResponse.
      • GetResponse informs the management station of the results of a GetRequest or SetRequest by returning an error indication and a list of variable/value bindings.
      • GetNextRequest is used to perform table transversal, and in other cases where the management station does not know the exact MIB name of the object it desires. GetNextRequest does not require an exact name to be specified; if no object exists of the specified name, the next object in the MIB is returned. Note that to support this, MIBs must be strictly ordered sets (and are).
      • Trap is the only PDU sent by an agent on its own initiative. It is used to notify the management station of an unusual event that may demand further attention (like a link going down). In version 2, traps are named in MIB space. Newer MIBs specify management objects that control how traps are sent.

      SNMP is a simple request/response protocol. The network-management system issues a request, and managed devices return responses. This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap. SNMP must account for and adjust to incompatibilities between managed devices. Different computers use different data representation techniques, which can compromise the capability of SNMP to exchange information between managed devices. SNMP uses a subset of Abstract Syntax Notation One (ASN.1) to accommodate communication between diverse systems.

      The SNMPv1 SMI specifies the use of a number of SMI-specific data types, which are divided into two categories: simple data types and application-wide data types. Three simple data types are defined in the SNMPv1 SMI, all of which are unique values: integers, octet strings, and object IDs. The integer data type is a signed integer in the range of -2,147,483,648 to 2,147,483,647. Octet strings are ordered sequences of 0 to 65,535 octets. Object IDs come from the set of all object identifiers allocated according to the rules specified in ASN.1. Seven application-wide data types exist in the SNMPv1 SMI: network addresses, counters, gauges, time ticks, opaques, integers, and unsigned integers. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses.

      SNMP version 2 (SNMPv2) is an evolution of the initial version, SNMPv1. Originally, SNMPv2 was published as a set of proposed Internet standards in 1993; currently, it is a draft standard. As with SNMPv1, SNMPv2 functions within the specifications of the Structure of Management Information (SMI). In theory, SNMPv2 offers a number of improvements to SNMPv1, including additional protocol operations. The Structure of Management Information (SMI) defines the rules for describing management information, using ASN.1.

      Network management software

      • Active SNMP - network management software with a Web-browser interface implemented in Java    Rate this link
      • CMU SNMP - SNMP agent and applications to Linux, with enhancements to the MIB-2 group    Rate this link
      • HP OpenView - propably the most well known commercial network management software    Rate this link
      • Linux CMU SNMP Project    Rate this link
      • SNMP module for Apache web server - The idea behind this module is that an ISP, webhosting sites, colocation sites, etc, etc can as well monitor apache, but also control in real time some important values via Simple Network Management Protocol (SNMP). SNMP is the well-known management framework for the Internet letting hardware (such as routers, briges and modems) and software (such as operating systems, network layers and applications) provide their status. This SNMP module might enable someone not only to detect when a service is hanging, spinning out ot control, etc., but also to make it possible to make some reconfiguration changes so that the server as such, and any other services it renders for perhaps other customers, are not affected that much. Another much needed use is switching "ON" extensive logging dynamically for a short period of time to investigate a problem.    Rate this link
      • Network Management Using Free Software - Meta-Resources and Individual Software Packages    Rate this link
      • The Simpleweb - Freely available SNMP / Network Management Software    Rate this link
      • The NET-SNMP Home Page - extensible agent, SNMP library, SNMP tools, netstat using SNMP, graphical Perl/Tk/SNMP based mib browser, previously known with name UCD-SNMP    Rate this link
      • WebSNMP - WebSNMP is a perl module for Apache Web Servers that allows web developer to easily insert snmp functionality into web pages with simple html tags.    Rate this link

      Networking security

      Computer security takes on more importance as commerce becomes e-commerce and business embraces the Net. Popular press coverage of computer security orbits around basic technology issues such as what firewalls are, when to use the DES encryption algorithm, which anti-virus product is best, or how the latest email-based attack works. The problem is, many security practitioners don't know what the problem is. What does security mean in the Internet context? Quite simply: ensuring the availability of service, authenticating users and their data, and protecting the confidentiality and integrity of data. Securing a network requires many different pieces of a very large puzzle. Some security is provided at the firewall. Some security is provided by user authentication at the server. Some security is done by Intrusion Detection Systems. Still other security is created on the network hardware itself.One large par of the problem puzze is the software running in computers connected to network. Internet-enabled software applications, especially custom applications, present the most common security risk encountered today, and are the target of choice for hackers.Sniffer is a program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal. On TCP/IP networks, where they sniff packets, they're often called packet sniffers. For safety reasons any system which can be directly accessed fromuntrusted networks (and the Internet is an excellent example of one ofthese "untrusted networks") should be placed on an isolated networksegment. This way you can impliment special filtering rules which willprevent the system from being used to attack your internal hosts in theinvent it is compromised. The preceding is true no matter what operatingsystem you choose to run on your hosts/routers/firewalls/etc.A large percentage of malicious traffic is focused on a small number ofvulnerabilities and their associated ports. The fast spread of network worms and other malware has forcedInternet Service Providers (ISPs) into implementing packet filtering. Blocking some of these ports will isolate infected machines and slow the spread of malicious, autonomous code such as worms. In some cases, this is the only way to keep the network operating, butit has become common to block certain ports permanently even afterthe threat diminishes. However, the vulnerable services used by these worms do have legitimate uses. If secured properly, they can be used without the risk of infection.It is generally a good idea to block ports commonly used for Microsoft Filesharing and related services; specifically, ports 135, 137, 139, and 445. These ports and, in particular, Microsoft File Sharing, draw a lot of attention from malware authors. Microsoft does not recommend use of these services across a public network, and in fact, Microsoft advocates blocking traffic on these ports as a best practice. Filtering port 135, 137, 139, and 445 will reduce malicious traffic. Port filters are not perfect for all security problems. In particular, the limited filters listed above leave plenty of room for other vulnerabilities. However, these ports account for a large percentage of malicious activity. There are three disparate levels of security you need to consider, and it is advisable to take the following approach to the common network problem in most companies:

      • Block the company internal network so that nobody outside can access the computers inside networks directly. The access to company internal network is by default only possible from devices that are inside same physical network (usually inside one building or larger company network).
      • For employees and others who have trusted access to your network, the answer is not to poke holes in your firewall. Rather, the answer is VPN. By setting up a secure, encrypted, authenticating channel, you bring your trusted users into your network. From your point of view and theirs, it is as if their machines were physically located on the other side of your firewall--just like having the machines right in your building. Using a VPN in this case prevents random hackers from entering your network on these levels.
      • For business partners and contractors who need limited access to a subset of services, but whom you do not trust fully, the answer is quite likely also a VPN, but not directly into your company internal network. For services provided to these people, you want everything from your end first going through application-level firewalls, and then through the VPN, over the Internet, to them. Using a VPN in these case prevents random hackers from entering your network. Application-level firewall will prevent those partners to acces only the limited part of your network you want them to have access to and nothing else.
      • Many companies also need some publically available service. For the general public who simply need access to your web site, the ideal situation is to simply host the web site on a network entirely separate from yours (possibly at some service provider premises). Use an application-level firewall to help prevent things like buffer overflows. If your web server needs to retrieve information from other systems on your network, have it communicate over a VPN, just like business partners.
      By following this approach, you expose nothing more than is necessary to the world, and greatly mitigate the risk of intrusion. In the VPN apprach from outside office diretly to office network there is one thing to consider if people have access to company network from their home computers: You cannot trust employees computers at home, even if you can trust employees - if they are running Windows, they are potential virus and worm vectors, and needs to be shielded off, so a simple VPN-solution is no solution. Whatever you do, keep it simple. Do not trust a too complicated system. Closed systems are more secure than one that everybody can access. So keep the system as closed as you can is a good advice. And keep your software patched for the latest bugs - keep an eye on the security-update-service for your distro/OS and bugtraq. Remeber software updates. The boring part, but the most critical. The beauty of the traditional firewall is it's simplicity. It's reliable and secure, and easy to understand/debug. One commonly used traditional firewall software used in Linux systems is built-in iptables functionality. It's a sharp tool, so be careful - but correctly applied, it kicks pants off most application or appliance firewalls. Invest the time to learn the sharp tool, and you'll realize that most of what you pay for on big expensive firewalls is manageability (i.e. Java GUIs, wizards, databases, multiple systems preconfigured - IDS, firewall, proxy, etc). Application layer firewalls are another layer above port filtering. They can increase security and could, in theory, make it worthwhile to share a service hosted on a machine that is inside your network. Application firewalls and filters are complex systems. To user it means more can go wrong, more holes can be found. The problem here is that application-level firewalling is fraught with problems. The lack of intuitive management for this type of firewalling is a problem that quite a few companies are trying to solve -- with limited success, so far. The field of firewalling is getting more complicated every day. Originally, the rules were dead simple. One port == one protocol. Some protocols used multiple ports, but even then it was kept nice and simple. But no, not everybody liked this situation. Nowadays there are the many other protocols people see fit to encapsulate in HTTP (RDP / Terminal Services, instant messaging, etc). Application layer firewalls are are becoming must-have items in this kind of environment. Two or more firewalls approack is becoming common. Traditional packet filtering firewalls are absolutely necessary, but they must become much more widely distributed inside large networks in order to be effective. The same applies to application filtering technologies and all the other stuff people think of as perimeter defenses. Any attempt to set up large networks as controlled domains with known security characteristics is a losing battle. The world seems to be going to endpoint-driven security. A lot of companies are working on making this manageable and cost-effective. As long as you have machines on your network that can hit external web sites or have floppy drives or unauthorized wireless access points, your internal network is insecure and open. Most network designs assume that once you get in to the "internal network" there is no more security and all your deepest company secrets are available to anyone browsing around. If this is true, you've probably made some bad decisions somewhere along the way and you should address those before you open any holes. Anyone can decently secure a network that doesn't interact with anything; the real trick is allowing business to flow as usual and still have an acceptable level of Security. You can mitigate the danger by using a set of consistent criteria for each of your requirements, like a checklist. For example:
      • Is the service mission-critical?
      • Can the service be offered through a less-vulnerable channel?
      • Is there a way to move the service into a perimeter network (or outside entirely)? Even if this means synchronizing a set of data to an outside machine via cron, if the data on the machine is less important than the internal network security, this can help.
      • Once the user is connected, authenticated and accessed, then can go wrong? What could they do maliciously? What could they do accidentally?
      When thinking of security, remember that you won't be able to think of everything. No security model is complete without behind-the-wall systems, be they basic monitoring systems up through more sophisticated custom snort or proprietary IDS. It all depends on your paranoia level.
      • An Analysis of the RADIUS Authentication Protocol - RADIUS is currently the de-facto standard for remote authentication. It is commonly used for embedded network devices such as routers, modem servers, switches, etc. RADIUS facilitates centralized user administration. RADIUS consistently provides some level of protection against a sniffing, active attacker. RADIUS is uniformly supported. RADIUS's primary competition for remote authentication is TACACS+ and LDAP.    Rate this link
      • An Architectural Overview of UNIX Network Security - UNIX network security architecture based on the Internet connectivity model and Firewall approach to implementing security    Rate this link
      • Center for Internet Security - The Center for Internet Security is a not-for-profit cooperative enterprise assisting network users and operators, and their insurers and auditors, to reduce the risk of significant disruptions of electronic commerce and business operations due to technical failures or deliberate attacks.    Rate this link
      • CERT - The CERT? Coordination Center (CERT/CC) is a center of Internet security expertise. It is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.    Rate this link
      • CISSP.COM - web portal for the certified information systems security professionals, intended to to promote the CISSP Certification, share knowledge and communication amongst certified information system security professionals and to help information security professionals who are seeking to become CISSPs    Rate this link
      • Denial of Service Attacks - This document provides a general overview of attacks in which the primary goal of the attack is to deny the victim(s) access to a particular resource. Included is information that may help you respond to such an attack.    Rate this link
      • eSecurityOnline - security information portal    Rate this link
      • Exposing hackers    Rate this link
      • FAQ: Firewall Forensics (What am I seeing?) - document explains what you see in firewall logs, especially what port numbers means, document intended for both security-experts maintaining corporate firewalls as well as home users of personal firewalls    Rate this link
      • FAQ: Network Intrusion Detection Systems    Rate this link
      • Firewalls Complete - full book on-line    Rate this link
      • Firewall Security Case Study    Rate this link
      • Fraud Analysis in IP and Next-Generation Networks - Fraud management systems (FMSs) are designed to detect, manage, and assist in the investigation of fraudulent events. This tutorial discusses the crucial role played by FMSs in the containment of next-generation fraud, the vulnerability of Internet protocol (IP)-based technologies, effective data analysis and algorithms, and solution methodologies. The open and distributed nature of convergent and next-generation network (NGN) architecture enables easy access to services, information, and resources, together with the constant abuse of hackers, curious individuals, fraudsters, and organized crime units.    Rate this link
      • Guard your embedded secrets - As manufacturers eagerly roll out limited-resource network appliances, the embedded world is poised to duplicate desktop-security nightmares but with even greater consequences.    Rate this link
      • How Firewalls Works    Rate this link
      • Internet Security Glossary    Rate this link
      • Internet Security Issues - DSL offers consumers many benefits such as high-speed connections from 10 to 100 times faster than dial-up, simultaneous voice and data over the same phone line and choice of ISP. DSL also provides consumers with an "always-on" connection, which means consumers can maintain their DSL Internet connections 24 hours a day, seven days a week. Anybody who establishes a dial-up or "always-on" Internet connection incurs some security risk stemming from the duration of the network connection rather than the access method. A number of standard measures are available that users can apply to protect themselves.    Rate this link
      • IP-spoofing Demystified - The purpose of this paper is to explain IP-spoofing to the masses. It assumes little more than a working knowledge of Unix and TCP/IP.    Rate this link
      • Payback time! How to catch a hacker    Rate this link
      • RADIUS Authentication - RADIUS stands for Remote Authentication Dial In User Service. . There are two specifications that make up the RADIUS protocol suite: Authentication and Accounting. These specifications aim to centralize authentication, configuration, and accounting for dial-in services to an independent server. You probably used RADIUS to get online to surf the web if you obtain access through a dialup account. Your communications software sent your username and password to a terminal server. The terminal server in turn sent this information to a RADIUS server.    Rate this link
      • RFC2504: Users' Security Handbook - Document intended to provide users with the information they need to help keep their networks and systems secure.    Rate this link
      • Securityfocus - discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public    Rate this link
      • Sniffing (network wiretap, sniffer) FAQ - This document answers questions about eavesdropping on computer networks (a.k.a. "sniffing").    Rate this link
      • Snort: Planning IDS for Your Enterprise - Snort is a free, small, highly configurable and portable network-based IDS or NIDS. Additionally, Snort can be used as a packet sniffer and a packet logger. This article tells how to use it.    Rate this link
      • The CISSP and SCCP SOpen Sudy Guides Web Site - a site dedicated to helping people in achieving their goal of becoming a CISSP or SSCP, vast container of resources that can assist you in mastering the domains of the specific Common Body of Knowledge related to each of the above certifications    Rate this link
      • The Security Writers Guild - contemporary computer-related news items, latest exploits & bugs, voting polls, links, and the general buzz    Rate this link
      • The Secure Shell Frequently Asked Questions - Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. It is intended as a replacement for telnet, rlogin, rsh, and rcp. For SSH2, there is a replacement for FTP: sftp.    Rate this link
      • Using IPSec (IP Security Protocol)    Rate this link

    Software related to information security

      Articles

      • The Wild, Wild, Net - ot unlike the Wild, Wild West of yore, today's Internet is a place rife with opportunities for the wily cyber outlaw. The new sheriffs in town, security protocols such as IPSec, are ready for a high noon showdown with criminals armed not with muskets and rifles, but with viruses and a basic knowledge of computer technology.    Rate this link

      On-line security tests

      Other security tests

      • PatchWork Tool - Program to check if Windows NT system is vulnerable to the attack and whether it has the files that indicate it has already been compromised. PatchWork checks for the vulnerabilities listed by the FBI, and if any are found, points you directly to the Microsoft patches.    Rate this link

      Intrusion detections

      • Snort - Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.    Rate this link

      Secure Shell

      ecure Shell, SSH, is a cryptographic security tool used to make areliable use of public channels such as the Internet when establishinginteractive connections with a server.SSH (Secure Shell) is a secure replacement for remote login and file transfer programs like telnet, rsh, and ftp, which transmit data and passwords in clear, human-readable text. SSH uses a public-key authentication method to establish an encrypted and secure connection from the user's machine to the remote machine. Secure Shell is the replacement for unsafe rsh, rlogin, rcp, telnet, rexec, rcp and ftp. SSH encrypts all traffic, and provides various levels of authentication depending on your needs. Main features of Secure Shell include secure remote logins, file copying, and tunneling TCP and X11 traffic. SSH uses TCP for its transport.

      • Freeware SSH and SCP for Windows 9x, NT, ME and 2000 - If you're trying to access remote servers securely from Windows 9x, NT, NE or 2000 and you don't want to pay money for programs that are freely available under Unix, you may find this document useful.    Rate this link
      • MindTerm - MindTerm is an an implementation of a secure shell client in pure Java supporting both the ssh1 and the ssh2 protocols. MindTerm runs as a standalone application as well as an Applet. As an Applet MindTerm has been tested with Netscape Communicator and Microsoft Internet Explorer browsers. As an application MindTerm requires that a Java runtime environment (JRE) be installed. With that it works at least on Windows 95, 98, 98SE, ME, NT, 2000 Apple MacOS 7 or higher, Linux, Solaris (SPARC and x86) and HP-UX. MindTerm is available free of charge for personal and non-commercial use. MindTerm may be licensed for commercial use for a fee. Mindterm is today probably the most widely spread client that implements the SSH1 and SSH2 protocols written in pure Java.    Rate this link
      • OpenSHH - a FREE version of the SSH/SecSH protocol suite of network connectivity tools    Rate this link