Abstract
In academic institutions, part of the less critical computer administration is done by part time employees and students. While it is wise to restrict some administration to the physically protected space, some administration can be done remotely. In this paper, we outline some security problems in computer administration and show how the SSH program can be used in securing remote computer administration.
Introduction
One of the main tasks of the computer administration is to ensure that the computing environment is secure. Computers need to be protected against intruders, that possibly hinder the normal operations of the computer. Also the information stored in the computer system has to be protected against attackers that possibly want to steal, destroy, or alter the information. It is obvious that with administrator privileges, intruders can make maximal damage and possibly also hide their tracks. In order to avoid this, it is customary to limit administrative access to the certain terminals that are in the physically protected space. However there are lots of less critical computer administration that is often taken care by part time employees and students. These administrators can't always enter the protected space to make the administration. In some cases it's also either impossible or too expensive to assign part time employee with an office and dedicated hardware for computer administration. In these cases remote administration may be an option.
Security Problems
There are obvious security problems in computer administration. Administrators create new user accounts, set privileges for other users and handle awkward situations, user account has expired or password has been lost. Potential intruder would be very interested in doing all this. In addition, he wants to cover his tracks as well as possible.
In fact most of the intrusions are done "from inside". What this means, is that the intruder doesn't usually really penetrate firewalls and crack into the system from outside, but instead he already has an user account somewhere within the network. In the attack, the intruder simply attempts to take over some other user's credentials. System administrator's credentials are very tempting target for this kind of an attack.
The attacker that already is the part of the organization itself can prepare his attacks in various ways. He can eavesdrop the network. He can "accidentally" try to log in as another user. And he can systematically gather data, that outsider would simply have to guess. All this is even many times easier, if the attacker has a physical access to the network - and usually he has.
If computers are administered via remote connection, some of the opportunities that only user's within the organization have are available also for people in the outside. Actually this doesn't necessarily require administrative access from the outside. In most of the cases any access is enough. We have to remember that computer cracking can be done and is usually done step by step. First, the intruder tries to get into the system as a normal user, only after then he tries to grab administrative privileges by one way or another.
Almost all computer systems in big organizations provide some kind of access from outside network. In business world this access may be strictly limited or even totally forbidden but in the academic institutions, there almost always is more slack in the rules.
Students that are using the computer systems don't usually have an office in the school premises, but instead they often use common terminals in classrooms or remote internet access from home to log into the system. Same systems are administered through network. It is questionable whether the administrative access to such systems can be absolutely limited to the terminals that are in the physically protected space. In fact this kind of protection, if poorly implemented, can only give false sense of security and make overall environment even more vulnerable.
With physical protection of the administrative systems, there are two main benefits to achieve. The first one is quite obvious. By isolating the administrative systems, only authorized personnel can even get to the terminal where administrative access is possible. The other, maybe even more important, aspect is trackability. When something inappropriate happens in the computer systems and the one responsible for this has erased his tracks from computer logs, some information can still be found from passage control systems and security personnel reports.
SSH - Secure Shell
Secure Shell (SSH) is primarily a secure remote login program. It encrypts all the traffic during the connection. Most importantly, it encrypts passwords and other authentication data sent through the network. If all network logins, both internet and intranet, are done with SSH, the amount of data that is useful for eavesdroppers is reduced dramatically.
SSH also provides authentication methods that make attacks by trojan horses more difficult. If authentication is done using public key cryptography instead of secret password, potential trojan horse can't gain access to the system by simply forging itself to be the target system and simply asking the password from the user. It is also possible to set access policy so, that several different authentication methods are required before the access to the system is granted.
Also numerous other benefits can be achieved by using the SSH in network logins. With SSH not only terminal connections but also other TCP connections can be tunnelled through secure channel. For example X-Windows programs that usually are impossible to use through the firewall, can be forwarded in a secure manner.
SSH Authentication Agent
SSH authentication agent is a program that serves user as a repository of secret authentication keys. When user logs into the system, an authentication agent starts and all other programs run as children of the agent process. Whenever some process (like SSH) needs to make public key authentication, it first checks the agent whether the agent is able to make the authentication. Only after this, program tries to authenticate the user autonomously.
The Authentication agent may also handle different external key methods.Keys and certificates used by the authentication agent may be stored on the disk file, smart card, or some other external encryption device. Client program using the agent don't see the difference and no changes are required on client programs when new external key methods are added to the agent.
Connections to the authentication agent can also be forwarded through SSH. When logged into the remote system, depending on the policy set by user, agent connection may be forwarded. This effectively forwards the authentication capability to the remote system without actually revealing the secret keys to the remote system.
Conclusions
With suitable cryptographic applications part of the computer administration can be done securely even over the network. There is however certain administrative tasks that should be left to be performed only via terminals in the physically protected space. Such critical administration is for example configuration of the firewalls, network audit system, and system logging. In this way potential intruders can't track their tracks and even most of the internal misuse of the system can be tracked down.
In any case, it is vital for an organization with a computer network to have a security policy. Academic organizations may have even tens of tousands of active users. In such system some level of network intrusion is almost inevitable, but sensible security policy helps limit the damages.
Using of cryptographic tools can never make poor security policy better. The break-in is always done through the weakest spot. There is no point of spending billion dollars in cracking of the cryptosystem, if you can simply pick up a phone and ask for passwowd from some clerk, who haven't quite understood, why everyone has to have the account of their own.
Further Information
Further information about SSH is available in WWW:
Timo J. Rinne
SSH Communications Security Ltd
Tekniikantie 12
FIN-02150, Espoo, Finland.
Email: tri@ssh.fi