|Home||What's New||Products||Download||Purchase||Support||About Us||Contact|
Tunneling over the Internet
Conference attendees at public PCs. Travelers using a hotel or airport wireless LAN. Day extenders logging back into work at night. Teleworkers conducting business from home. All of these workers can increase business efficiency by leveraging the public Internet to stay connected. But what are the risks?
Consider a teleworker using the Internet to access email (Figure
1). When the worker's client sends mail, messages are relayed to
an SMTP server. When the client reads mail, message headers and
bodies are downloaded from a POP or IMAP server. Anyone anywhere
in this path through the Internet can use a sniffer to capture not
only cleartext message bodies, but also email addresses, usernames,
Figure 1: Typical Remote Access Security Risks
Armed with this stolen data, a passive attacker can replay original or modified messages, even send them to other destinations. By actively masquerading as a legitimate email client or server, a "man in the middle" (MitM) attacker can intercept and drop messages, or insert new forged messages.
Mail-specific security measures like PGP and S/MIME encrypt and digitally sign message bodies, but leave cleartext message headers. Furthermore, they do nothing to protect the mail server from attack. Mail servers listening to well-known SMTP, POP, and IMAP ports are easily discovered by port scans. Hackers can use an open server to relay spam or tie up the server with Denial-of-Service (DoS) attacks. By "fingerprinting" the server, they can exploit known vulnerabilities in the server's operating system or email software.
Leaving this mission-critical resource wide open to Internet access is clearly unwise. Tunneling with Secure Shell can help by eliminating open ports, blocking unauthorized users, and ensuring the privacy and integrity of all SMTP, POP, and IMAP traffic exchanged between mail clients and servers.
|VShell Server||VShell Server||Buy Direct||Evaluation||Contact|
|SecureCRT||SecureCRT||License Pricing||Updates Policy||Press Releases|
|SecureFX||SecureFX||About Encryption Export||FAQs||What's New|
|VanDyke ClientPack||VanDyke ClientPack||Orders FAQ||Tips & How-Tos||Customer Stories|
|Beta Software||Beta Software||Resellers||Forums||Secure Solutions|
VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.
Copyright © 1995 - VanDyke Software, Inc. All rights reserved.