Similar to PC cardbased solutions and digital IDs, encrypted logins are critical in guaranteeing confidentiality, integrity, and authentication of data for remote connectivity across the Internet. Encrypted login sessions play a significant role in assuring that all three of these requirements are met.
Secure Shell (SSH) login sessions can be used for securing remote Telnet sessions and remote logins. The SSH protocol is used to secure connections by encrypting data such as passwords, command-line entries, debug output, or even binary files. This section focuses solely on SSH as a protocol that provides a secure, remote connection to a Cisco IOS router.
Imagine an administrator logging in to the remote router with IP address 10.10.10.1. Figure 3-5 illustrates this remote login.
This is a client-server setup in which the Cisco IOS router is a SSH Server and the administrator's laptop is the SSH client. The SSH server in Cisco IOS works with publicly and commercially available SSH clients. A shareware application, PuTTY, is used just for this example. The connection between the SSH client (laptop) and the SSH server (Cisco IOS router) is similar to that of an inbound Telnet session, except that the connection is encrypted. Using authentication and encryption, the SSH client allows for secure communication over an insecure medium.
There are two versions of SSH available, SSH Version 1 and SSH Version 2. More information can be found on the following web page:
http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:SSH
A Kerberos Encrypted login session provides an alternative approach to SSH-encrypted login, whereby a trusted third-party authentication mechanism verifies the identity of the users. Kerberos is designed to ensure strong authentication in client-server scenarios by using secret key cryptography. SSH provides encrypted authentication as well as encrypted data transmission (sessions) end-to-end. Kerberos provides encrypted authentication only. More information can be found at the following web page:
http://www.cisco.com/en/US/tech/tk583/tk385/tech_protocol_family_hom175
HTTP is nonsecure, and HTTPS is Secure Socket Layer (SSL) secured. As discussed in the first section of this chapter, digital IDs use HTTPS, whereby the data sent is encrypted and cannot be decrypted without the private key. In HTTP, the information is sent in plain text and is insecure. The main difference is this: HTTP has no encryption, and HTTPS uses the public/private key system for authentication.Chapter 7, "Web Security," presents more information on SSL. You can also check out the following web page:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns50/ns140/networking_solutions_packag175
![[View full size image]](/image/library/english/13756_03fig05_alt.jpg;380136){kind=link}