Last month, F-Secure SSH was our top-grossing product, so we take a look at the reasons for the success of this quiet-but-effective utility. SSH is a published protocol for secure remote login and other secure network services over an insecure network. It is widely used and recommended, for example, in RFC2010, Operational Criteria for Root Name Servers, it is recommended for remote login to root name servers. An increasing number of network devices are shipping with SSH, such as Cisco Routers and Nokia Security Appliances.
In it's simplest use, SSH is a "drop-in" replacement for insecure protocols including telnet, rlogin, rsh and rcp. That is pretty useful for the hard-working Unix administrator who wants protection without inconvenience, but F-Secure SSH also provides tunnelling (X11 connections are provided by default), servers for all major Unix platforms (including Linux) and Windows 2000/NT4, and clients for those plus Windows 95/98/Me and MacOS. F-Secure SSH provides a secure variant of FTP for file transfer; called SFTP, this can be used through a standard GUI. A choice of algorithms is provided, including Triple-DES, DSA, RSA, IDEA, Blowfish, AES and others, so conformance with existing security policies is easy. F-Secure SSH also supports public key infrastructure, and smartcards.
Although the obvious applications for F-Secure SSH are remote systems administration, web-site update and maintenance, it is very flexible. It may be used in some circumstances instead of a full IPSec VPN: any simple TCP-based protocol can be tunnelled over it, and, as it is application layer, it does not require special configuration for NAT, unlike transport layer-based IPSec.
An example of this is secure, remote email pick-up. POP and SMTP are insecure protocols, and we accept that external email is vulnerable. However, our internal email may be more sensitive, and the password that users use to access their mailbox is probably the same as they use to login to the network. How do you provide your home / mobile workers with the ability to pick up their email without exposing company internal email and, more importantly, their password on the internet? One method would be a host-to-gateway IPSec VPN for each home / mobile worker. Simpler and cheaper is F-Secure SSH - the client would be configured to tunnel POP and SMTP to an SSH server inside the company (either on the mail server, or as convenient). The user can be provided with an icon that starts F-Secure SSH, establishes the connections and then starts their favourite email client configured to use the tunnels.
F-Secure SSH contains components certified by NIST (National Institute of Standards and Technology) to FIPS 140-1. SC Magazine gave F-Secure SSH Client and Server five stars as an overall rating in its January 2002 review. The review praises the ease-of-installation with no noticeable overheads and the secure tunnelling of F-Secure SSH therefore giving peace of mind to any e-business company relying on its web sites. For more information, please contact our Sales Dept at Tel. 25550209, Fax. 28736164 or E-mail: email@example.com