VShell Puts a Friendly Face on Secure Transfers

There are fewer reasons than ever not to encrypt data communications these days. As encryption increasingly becomes a basic layer of security, products like VanDyke Software's VShell make strong protection a point-and-click affair.

VShell is a two-in-one server that provides secure communications for both remote command access and file transfer. It used to be that organizations relied on unsecure telnet to provide remote command-line access to servers, and FTP to unsecurely transfer files. Although many still do, there's no better time than now to switch to secure replacements. VShell provides SSH2 security to replace telnet and SFTP to replace FTP.

VShell is resource friendly, a mere 8MB download that occupies only 13MB of disk space. Its Windows version uses the standard InstallShield wizard and is ready to go in minutes. The VShell administration interface is an easy-to-navigate tree of options with included online help.

For remote server administration, VShell supports connections from an SSH2-compatible terminal client with VT220 emulation. It supports a wide range of encryption ciphers, including AES 128/192/256, Blowfish, Twofish, 3DES and RC4. It also supports MAC, or Message Authentication Code, and types MD5/MD5-96 and SHA1/SHA1-96. Whereas the cipher encrypts data, the MAC enforces integrity, ensuring the data hasn't been corrupted or tampered with.

New to VShell 2.6 is support for FIPS 140-2, the data security and integrity specification defined by the U.S. National Institute of Standards and Technology. Many public and private organizations now require secure software be compliant with FIPS 140-2. When installed in FIPS mode, VShell disables the choice of algorithms not approved by the FIPS standard.

The VShell administrator can add users to SSH2 and SFTP service from accounts resident in the local or Windows domain. Also new to VShell 2.6 is support for RADIUS servers. VShell sports high granular control over user privileges. Users can be limited, or "jailed," to their home directories, or allowed to enter individually specified directories. Users can also be individually required to connect via specified authentication methods. Using the GSSAPI connector, VShell authenticates users through Kerberos or Windows Active Directory.

Security, of course, is a top priority with VShell. The new "Deny Host File" in version 2.6 will, after a specific number of failed connections from a client, automatically add its IP address to a blacklist. All future connect attempts are instantly denied, minimizing the effects of brute force dictionary-style attacks on the server. VShell's port forwarding ability can multiplex unsecure services like POP and IMAP through the secure connection, allowing clients to securely access potentially unsecure traffic.

VShell triggers enable an administrator to call external scripts or programs following SFTP uploads and downloads. A simple template language lets parameters characterizing the file transfer to be passed to these external scripts. For convenience, VShell supports printing pass-thru. Remote host applications can print to the local client. VShell can also pass-thru mouse movements from the local client to the remote host, for text-based applications that support mouse input.

VanDyke offers VShell in three editions: Administrator, Workgroup, and Enterprise. All share identical feature sets and differ on how many concurrent client connections they support and, of course, on price.

Pros: Simple setup; Secure communications; SFTP triggers; Remote printing.
Cons: Some features, including FIPS, RADIUS support, and mouse support are limited to the Windows version.

Article courtesy of Datamation

Add to del.icio.us | DiggThis