The Vulnerability of Antiquated Protocols

564 Words2 Pages

Protocols are a common focus of attack because of the number of devices that can be targeted. Devices made by different vendors are able to communicate and work with each other because of standard protocols that allow them to understand each other. The wide use of these protocols makes them an appealing target to attackers. If a flaw can be found in a popular protocol, then many devices made by different vendors will be vulnerable to the attack. There are a number of different protocols over the years that have been updated due to vulnerabilities found in their original versions, a prime example being the SSH protocol.

SSH (Secure Shell) is a network protocol that allows users to remotely login to a computer in order to perform tasks such as executing commands and transferring files. It was designed in 1995 as a means to replace less secure protocols like rlogin and telnet. The problem with these protocols is that information, including passwords, is send as plaintext (Rosasco, & Larochelle, 2003). SSH addresses this issue by encrypting traffic sent between the devices. Even with these improvements in security, the original version of SSH, referred to as SSH1 or SSH-1, was not without its own vulnerabilities.

One vulnerability of SSH-1 allowed an attacker to insert malicious commands into an encrypted session. These commands would be accepted by the server and ran with the privileges of the user that established the connection. This attack would become known as the “SSH insertion attack”. In order to perform the attack, a person would first need access to the traffic being send between the client and server. This is possible through traditional network monitoring software, as well as through a TCP hijack attack. Once this is don...

... middle of paper ...

...s the integrity check.

Works Cited

Lanza, J.P. (2003a, May 19). Vulnerability note vu#13877. United States Computer Emergency Readiness Team, Retrieved from http://www.kb.cert.org/vuls/id/13877

Lanza, J.P. (2003b, May 19). Vulnerability note vu#945216. United States Computer Emergency Readiness Team, Retrieved from http://www.kb.cert.org/vuls/id/945216

Rosasco, N., & Larochelle, D. (2003, May 30). How and why more secure technologies succeed in legacy markets: lessons from the success of ssh. Computer Science at the University of Virginia, Retrieved from http://www.cs.virginia.edu/~drl7x/sshVsTelnetWeb3.pdf

sshd. (2002). The University of Texas at Austin, Retrieved from http://www.tacc.utexas.edu/services/userguides/ssh_detailed/

ssh insertion attack. (1998). Core Security Technologies, Retrieved from http://www.coresecurity.com/content/ssh-insertion-attack

More about The Vulnerability of Antiquated Protocols

Open Document