Security Considerations


Session [A session is a set of options that are assigned to a connection to a remote machine. These settings and options are saved under a session name and allow the user to have different preferences for different hosts.] security depends on several factors, including whether the connection [A data path or circuit between two computers over a phone line, network cable, or other means. ] you are using to the host is a trusted connection. If it is not, consider whether private or confidential information will be sent and received. A Telnet [Telnet is a protocol that provides an interface for communications between clients and servers.] session will transmit user ID, password, and other sensitive or private information in an easily readable format.

For maximum security, it is recommended that passwords and passphrases NEVER be saved. The ability to save passwords and passphrases is functionality provided as a convenience. If a user chooses (and is allowed) to make use of this convenience, saved passwords are encrypted and written to disk as part of the session configuration.

Command-line options for specifying passwords and passphrases are also provided as a convenience. However, command-line options are not protected against unauthorized visibility. It is recommended these command-line options (/PASSWORD, /PASSPHRASE, etc.) not be used in environments where security is important.

In addition, we recommend individuals NOT include passwords and passphrases within scripts since script code is not encrypted.

System administrators who wish to disable this convenient functionality in favor of increased security can request additional information for achieving this goal through Windows Administrative Template mechanism.

Maximum security and privacy on the Internet and local networks requires the use of the Secure Shell Protocols (SSH1 [The first version of the SSH protocol which provides a way to encrypt network traffic between a client and a server.] or SSH2 [The second version of the SSH protocol which provides a way to encrypt network traffic between a client and a server, with a slightly different set of security features than the SSH1 protocol provides.] ) or the Secure Sockets Layer (SSL ) supported in SecureCRT.

Note that although SecureCRT does support the Telnet protocol, SecureCRT Telnet sessions that are not Telnet/TLS are not encrypted.  Encrypted connections are achieved through the SSH1, SSH2, and Telnet/TLS protocols.

 

Related Topics

  1. Port Forwarding with SSH
  2. Public-Key Authentication for SSH1
  3. Public-Key Authentication for SSH2
  4. Session Options/Connection/SSH1
  5. Session Options/Connection/SSH2