White Hat Protection Tools

This section looks at how to protect a system from exploitation. The two most popular tools used for this purpose are SSH and PGP. Both are free and very helpful in securing known vulnerabilities (which are unfixable based on the way that the underlying protocols work) and network transmissions.

SSH

What type of White Hat would you be if you did not use SSH? SSH is the security analyst's tool of choice for establishing safe connections to systems instead of using Telnet. Telnet is the most unsecure and most widely used protocol for remote connectivity to devices such as routers, switches, firewalls, servers, and more. What is worse is that even though it is a known vulnerability, it is still highly ignored.

The alternative is SSH. It is free, simple to use, and secure. Most people fail to use SSH because it works on a different port than Telnet (port 23) and you must know how to configure the device you want to connect to remotely (router, UNIX server) to use the SSH port (port 22). Read the documentation of the device you want to configure or call their technical support to figure out how to set the device you want to make SSH capable. Once that is done, the rest is easy.

SSH can be seen in Figure A.7. The Windows-based application can be opened up on the desktop and, instead of using Telnet (which is unsecured), SSH can be used so that the transmission is encrypted and safe.

Figure A.7: Using Secure Shell to Work with Remote Systems

To install and use SSH, do the following:

1. Go to the Web site and download SSH.

2. Download and install the SSH FTP package. Follow the defaults and select where you want the files to be installed on your system.

3. Make sure you reboot your system before using the software.

4. Once rebooted, open SSH and start connecting to the remote devices on your network (seen in Figure A.7).

5. Read the downloadable documentation to learn the ins and outs of using the tool

PGP

PGP is the White Hat's answer to personal e-mail security. PGP is a popular program used to encrypt and decrypt e-mail over the Internet. It is by installed snapped into your favorite (and compatible) e-mail program such as Outlook or Outlook Express. Once you learn how to use this tool comfortably, you can encrypt e-mails sent from one place to another without worry of interception and exploitation.

Created by Philip R. Zimmermann in 1991, PGP is widely known, accepted, and used for e-mail-based encryption and security. As a White Hat security analyst or MCP, it is imperative that your e-mail is secureKeep in mind that if you are using PGP inside a corporate network, PGP-encrypted mail may be dropped by administrators trying to stop the egress of confidential information via SMTP.

PGP is used to send an encrypted digital signature that lets the person receiving the message verify the sender's identity and know that the message was not changed while in transit. Like the other tools listed in this appendix, it is also free for personal use, but a small fee is attached for production use.

The PGP tool uses a variation of the PKI system discussed in this book. Figure A.8 shows the Key Ring being used with PGP.

Figure A.8: Using the PGP Key Ring

To install and use PGP, do the following:

1. Go to the Web site and download PGP.

2. Download and install PGP and the two recommended hot fixes for your system.

3. Follow the defaults and select where you want the files to be installed on your system.

4. Make sure you reboot your system before using the software.

5. Once rebooted, you can open Outlook and view the Snap-ins for the PGP you can use. It is recommended that you download any documentation you can to learn how to install and use this product, as it is a bit difficult to understand without some reading and practice.