Configure the GSW Telnet Server and SSH Server Accessiblity Filters

The GSW Universal Terminal Server (Telnet Server and SSH Server for Windows) provides the flexibility to control who is allowed access to your server.

Only if a connection attempt meets your configured access criteria is it allowed. Georgia SoftWorks connection restriction configuration has thorough filtering capabilities straining out connection attempts that do not meet your specifications.

Configurable Filters and Restriction Options:

SSH2 Administrators can restrict users to SSH Clients (both 3rd party clients and GSW clients), or only allow connections from GSW SSH clients (both FIPS 140-2 compliant and non-FIPS 140-2 compliant).

FIPS 140-2 – This feature allows connections only from the Georgia SoftWorks FIPS 140-2 SSH Clients. This is a high level of security that the system administrator can configure. Many times the system administrator will insist that End-to-End FIPS 140-2 compliance is the only allowable option.

IP Address – Remote access may be limited only to specific IP addresses. The system administrator may optionally restrict connections via telnet based on the Host IP address.

User Name – Restriction based on the user ID is useful when there are a defined set of users that are allowed access to the Windows Server via SSH/Telnet.

3rd Party Client – This feature allows connections only from the Georgia SoftWorks SSH/Telnet Client. This is another level of security that the system administrator can configure. Many times the system administrator will not want users using any generic client to connect to his or her system.

Encryption – This feature allows connections only from the encrypted Georgia SoftWorks Telnet Client. This is another level of security that the the system administrator can configure. Many times the system administrator wants to ensure that ALL connections to the Georgia SoftWorks UTS are encrypted.

Time of the Day – This option can restrict access based on the time of the day.

Connection count – This feature specifies the number of connections allowed. Many times administrators want to limit the total number of connections to be a smaller value than thenumber of connections purchased.

Connection Count by : USERNAME – System administrators may want to limit the number of simultaneous logons for specific User Ids. This is especially useful for ASP environments where an entire company, department or group is assigned a single User Id that everyone shares. Reasons for limiting the number range from server resource allocation to purchased access.

Connection Count by : IP ADDRESS – The system administrator may want to limit the number of simultaneous logons from specific IP Addresses. This is especially useful for ASP environments where many users access the GSW UTS from locations that can be identified by a specific IP Address. The system administrator may want to limit the number of simultaneous connections for a variety of reasons that range from server resource allocation to purchased access.

 

 

 

How to Browse the Internet Securely by Tunneling through an SSH Server on the Cloud

The GSW Business Tunnel is a versatile and secure connectivity tool that allows you and your coworkers secure access to required network services that are often risky due to non-secure Tunnel_boxlocations or impossible due to firewall configurations.

With the GSW Business Tunnel, secure tunnels are built over a network between the Business Tunnel Software and an SSH Server. Each tunnel may contain one or more channels where encrypted traffic is encapsulated and is sent through an encrypted channel providing the security you need to confidently connect over a wifi network.

Scenario: Matt is on vacation, but his company needs him to run payroll today. He does not want to risk accessing payroll via non-secure internet access.

Solution: Matt can create a secure tunnel for his laptop to access his companies payroll website.Case: Matt is on vacation. But his company needs him to run payroll today. He does not want to risk accessing payroll via non-secure internet access. Matt can create a secure tunnel for his laptop to access his companies payroll website. He can securely browse the internet using the GSW Business Tunnel by using a generic SSH Server on the Amazon Cloud. By setting up the Tunnel, the Channel within the Tunnel and the browser configuration on your computer, Matt can be set up to browse securely within minutes.

Setting up the Tunnel –tunnelsettings

  1. Set the address of the SSH Server Host. This is provided when you set up your Amazon Cloud.
  2. Set the Authentication Requirements. This is the logon ID and the private key provided when you set up the Amazon Cloud.

Setting up the Channel –

  1. Select Dynamic Port Forwardingchannelsettings
  2. Use the loopback address
  3. Choose an available port for the local port.

Setting up your Browser Configuration –

  1. Enable the Proxy Server
  2. Click on Advanced (this opens the proxy settings)
  3. Configure the Proxy Address and Port Number. The channel configuration for the local address and local ort is used in the browser configuration. These must match.
  4. Click OK, OK, and Apply!proxysettings

Matt can now use the GSW Business Tunnel to securely browse the internet connecting an SSH Sever to the Amazon Cloud.

Questions about the GSW UTS (Telnet and SSH) Security

Security is serious business! Don’t be afraid to ask questions about Telnet and SSH. You want to clearly understand what you are purchasing.

SSH Server Security Q&A:

Question: A vendor claims to use SSH but when I look closely, it does not look like it is being used END to END.

Answer: Some companies claim to have SSH but when you examine their claim, SSH may only be used within the server but things change to proprietary from the server to the devices, which is where the data is most vulnerable.  In this case the weakest link is the transmission of data from the server to the device, making the entire solution unsecure. When evaluating security software keep an eye out for the words end-to-end and proprietary mixed.fips140

Question: When should I use Proprietary Encryption Protocols?

Answer: Almost never. Your application should be designed in such a way that a standard cryptographic protocol can be used. Don’t be fooled by companies intermixing words like proprietary or customer encryption with terms such as AES, 3DES, Blowfish, etc. What this means is that the vendor is using standard cryptographic algorithms mixed up with their own proprietary cryptographic algorithm. Encryption algorithms are just a small part of a cryptographic protocol. You can bet the weak link is the  proprietary component. MAJOR RED FLAG

Question: A vendor claims to have FIPS 140-2 but they don’t have a FIPS 140-2 compliant client.

Answer: Again as unfortunate as it is, some companies claim to have features when they simply just do not. They may be compliant on parts of the server, but if its not FIP 140-2 complaint on the client then its not compliant END to END.

Question: Why is proprietary Encryption a Red Flag?

Answer: Existing Cryptography for our industry is quite good dues to dedicated, highly skilled mathematicians and the best cryptographers at security agencies such as the NSA (National Security Agency) and first class universities. Good cryptography algorithms require complicated mathematics in addition to expensive technologies for development. Algorithm acceptance requires testing and scrutiny of many brilliant people as well as industry peer review and time in the field.

Commercial software vendors typically venture in to the proprietary cryptographic arena to save time or money. A few “sharp” engineers creating a proprietary cryptographic algorithm is not remotely comparable to established cryptographic algorithms standardized by dedicated agencies, often looking 20+ years into the future. At best it is arrogant when software vendors believe they can do a better job than the professional cryptographers; at worst customer systems are breached.

Question: Our vendor says they developed their own cryptographic protocol?

Answer: Run, Run, Run as fast as you can! Encryption protocols are extremely difficult to design and are not for the faint of heart.  This is a very dangerous situation because there is a false sense of security. Developers often believe they have correctly implement a cryptographic protocol or encryption algorithm only to late find out that many significant potential exploits and other security risks exist after many months of deployment. There is no replacement for many years of public scrutiny and testing. .

Question: Our vendor refuses to give details of their cryptographic protocol design on the grounds that it jeopardizes the security of the solution?

Answer: All standard cryptographic protocols are described in detail on the level of design. Your vendor is trying to achieve security by obscurity. This simply does not work because of all the hardware and software tracing tools available to determined hackers. Security by obscurity can never work.

 

For more information on the Georgia SoftWorks UTS (Telnet Server and SSH Server), please visit our website or give us a call!

 

 

SSH Server Setup for Digital Certificate Authentication (4 Step Process)

SSH Server Setup for Digital Certificate Authentication (4 Step Process)

The Georgia SoftWorks’ SSH Server Certificate Based Authentication is a better and more secure solution for commercial environments. Passwords are risky and weak. While plain public keys are superior to passwords, for client authentication plain public keys lack a convenient method of matching them to user accounts on which the SSH sessions are expected to run.  The difficulty and complexity required for configuration of public key solutions is daunting for most and impossible for others.  With plain public keys, human mistakes can compromise the security of the solution.

 

A Digital Certificate (also known as public key certificate or identity certificate) binds an identity to a public key value. It is an excellent method of verifying the identity while the configuration and setup is much simpler to understand and easier to manage.

 

Georgia SoftWorks researched and developed an innovative, easy to use, and secure implementation a ‘validation and mapping’ method. All of the configuration is done through a GUI with wizard style dialogs reminiscent of IIS certificate-to-user account mapping. The solution preserves all of the cryptographic strength of the public key solution, adds convenient, well scaling, certificate-to-user account mapping options while eliminating the time consuming, error-prone, and potentially insecure setup.

 

4 Easy Steps for your Quick Start Server Setup!

 

Steps for One-to-One Mapping (Maps individual certificates to individual user accounts):

 

1.      Logon as Administrator to the computer running the SSH Server

 

2.      Install the root CA(s) and intermediate CA(s) for all certificates that will be used by the client software.

 

3.      Copy all certificates that you want to allow to be used for logon to a location accessible to the server (a local or network drive). Make sure you use .cer files for the server and PFX files for the client (you may have to perform separate export procedures for the .cer and PFX file).

 

4.      Run the GSW Certificate Mapping Tool and configure the ‘One-to-One’ digital certificate to user account mapping rules.

 

 

Steps for Many-to-One Mapping (Creates an association between multiple certificates and a user account):

 

1.      Logon as Administrator to the computer running the SSH Server.

 

2.      Install the root CA(s) and intermediate CA(s) for all certificates which will be used by the client software.

 

3.      Run the GSW Certificate Mapping Tool and configure the ‘Many-to-One’ digital certificate to user account mapping rules.

 

4.      Optional (but STRONGLY recommended): Use the GSW Certificate Mapping Tool to configure a Certificate Trust List.

 

 

GSW Reseller Le Consult Reaches 15 Years Selling Telnet Server for Windows

Georgia SoftWorks (GSW) thanks Germany’s Le Consult for 15 years of partnership as an authorized reseller of the GSW Telnet Server for Windows and SSH Server for Windows.

Since 2002, Le Consult has been an authorized reseller of the GSW Telnet Server for Windows and SSH Server for Windows. Located in Kamp-Lintfort, Germany, Le Consult provides businesses with reliable and flexible security options.

“Georgia SoftWorks is a perfect partner for doing professional business even across the Atlantic. Stable solutions with forward-looking development that fill the needs of small, medium and large enterprises in Europe. Thanks to the whole team of Georgia SoftWorks for the cooperation in the last fifteen years,” said Stephan Lemkens of LE Consult.

LE Consult customers primarily utilize the GSW telnet server in order to connect their handhelds to SAP. SAP users enjoy the GSW Universal Terminal Server (UTS) ease of operation as well as specialized features that include mobile printing and Session Monitoring to maximize the return on investment. The Georgia SoftWorks UTS is the industrial quality software foundation supporting the suite of GSW server products including the GSW Telnet Server, the GSW SSH Server for Windows, the Session Administrator and numerous remote access utilities. The UTS offers many features that will benefit SAP users. For example, in most instances the user will want SAPConsole to automatically launch when the SSH/Telnet session is connected. This is easily done via the GSW Logon Scripts.

f7ead-atlas_logo“We are proud to celebrate this 15 year milestone with Le Consult,” said Matt Kittrell of GSW. “Our reseller relationships are very important to us at GSW, and these long-term partnerships are a huge testament to both companies and the solutions that are being provided.”

Georgia SoftWorks is a software development company located in Dawsonville, GA, who has gained worldwide recognition for their development of the GSW Telnet Server for Windows and SSH Server for Windows. They have end users and resellers on every continent, except Antarctica.

“The Georgia SoftWorks Telnet Server for Windows has been designed and developed to meet the needs of commercial and industrial applications,” Le Consult states on their website. “For many years, the GSW Telnet Server has been the most stable and fastest solution for Windows and is therefore recommended by and for SAP.”

About Georgia SoftWorks:
Established in 1991, Georgia SoftWorks is a privately held software development company recognized for creating high performance data communications, system and telecommunications applications. Georgia SoftWorks has obtained a worldwide presence with its industrial SSH/Telnet Server for Microsoft Windows. GSW’s long-term commitment to SSH/Telnet has led to the pioneering of major features such as Session Shadowing, Session Monitoring, Graceful Termination, Automatic Logon, Logon Scripting and more recently Team Services technology which allows mobile device users to transfer, swap, share and recover mobile device sessions. GSW has also provided the very first SSH Server to provide Digital Certificate Authentication with Internet Information Server (IIS) like certificate to user account mapping. This includes ‘One-to-one’ and ‘Many-to-one’ mapping methods and also support certificate trust lists (CTL).

In Depth: Georgia SoftWorks’ 25th Anniversary

anniv_logo_dateGeorgiaSoftWorks, developer of the GSW Telnet Server and SSH Server for Windows, is celebrating their 25th anniversary of operations this year. Since opening in 1991, GSW has transformed from a small software development business into a globally recognized company with resellers and end users in every continent except Antarctica.

Today, Georgia SoftWorks is a globally recognized company, known for their development of the Georgia SoftWorks Telnet Server and SSHServer for Windows. They have resellers and end users in every continent except Antarctica, and their products are used in almost every industry, including Airlines, the US Navy, automobile manufacturers, bottling plants, school systems, and more.

Let’s take a look at how it all began:

Georgia SoftWorks started off as a company specializing in data communications and telecommunications applications. In the early 90’s, the GSW team had an in-house need for reliable telnet connectivity on Windows. There was nothing on the market that fit their needs. They knew developing a Telnet Server that fit all of their criteria would require significant effort, and they got to work. Their engineer team developed a telnet server that proved to be reliable, robust, consistent, fast and extensible.

43606-telnetAfter successful in-house use, the GSW UTS (Telnet Sever and SSH Server) was turned into a commercial product. Excellent with mobile devices in RFID, RF Terminal, Bar code scanners and other data collection and wireless environments, the GSW UTS proved to be applicable in a variety of industries. Soon, the GSW Telnet and SSH was being installed all around the world. Currently they have over 400 resellers across 37 countries, with end-users and installs growing exponentially each year. With unmatched reliability and features, their UTS includes the Telnet Server, Session Administrator and a full suite of mobile clients.

GSW’s long-term commitment to SSH/Telnet has led to the pioneering of major features such as Session Shadowing, Session Monitoring, Graceful Termination, Automatic Logon, Logon Scripting and more recently Team Services technology which allows mobile device users to transfer, swap, share and recover mobile device sessions. GSW has also provided the very first SSH Server to provide Digital Certificate Authentication with an Internet Information Server (IIS) like certificate-to-user.

Georgia SoftWorks has since developed other products, most recently the GSW Business Tunnel, which is a versatile and secure connectivity tool that allows people secure access to required network services that are often risky due to non-secure locations or impossible due to firewall configurations. It offers the best security with elliptic curve cryptography, persistent connections that can be set and forgotten, and SSH v 2, the highly recognized security standard that provides secure authentication, secure access, data integrity and some of the best encryptions available.

“We have come a long way since the company started in 1991. We are thankful to all of our customers and resellers who make this anniversary possible, and are very excited about our future as the company continues to grow and evolve. We strive to continually improve our products and make it a priority to stay on the cutting edge, always offering the strongest authentication features available,” said Diane Sexton of Georgia SoftWorks.

What others have to say:

“The GSW products have always been rock solid in terms of both performance as well as support. We deliver systems to customers all over the world. In order to do that effectively, we need to partner with global leaders in their respective spaces. For our connectivity requirements, there is only one choice and that is Georgia SoftWorks’ Universal Terminal Server (UTS). The main reason we have stayed with GSW Universal Terminal server (UTS) is the suite of tools that allows remote monitoring and control of users sessions. This allows trouble shooting and training without the need to be on site which is important when our users are worldwide.The ability to run either SSH or Telnet over a wireless network gives us tremendous deployment flexibility. In the past year, we have also deployed our products over a cellular WWAN tunneling into our GSW server via SSH. That ability has proven to be a great extension to our product offering. Customers can now run familiar software in remote locations. We have surrounded ourselves with excellent products and organizations that offer outstanding levels of service. When an end customer has an issue they rely on us for a quick, efficient and accurate response. We in turn also look for similar replies from our vendors. Over the past 10 years, IMS and GSW have stood together in true partnership keeping customers happy and systems running smoothly. I wish all of our vendor relationships ran this well.”

– Bob Brennan, President of Integrated Manufacturing Systems, Inc, Reseller since 2003, New Hampshire

 

“We picked to use the GSW software because in the beginning, it was highly recommended by one of our customers. Then, after an exhaustive comparison versus others, it was the ‘must have’ option.” “We chose the GSW software because of its stability and robustness. Also, the people at GSW. What you say is what you deliver. The prices, discounts; its 100% transparent. It is great to do business with a company like yours.”

-Israel Esquivel, Mayoristas de Tecnologia (Mexico City, Reseller since 2005)

Telnet Server for Windows and other GSW Software Validated on Handheld’s Nautiz X4

Georgia SoftWorks tested and certified their Telnet Server for Windows and Mobile Clients on Handheld Group’s Nautiz X4 rugged mobile computer with scanner.

nautizx4Georgia SoftWorks (GSW) successfully tested their Telnet Server for Windows and SSH Server for Windows on Handheld’s Nautiz X4; a rugged mobile computer with scanner that offers reliable solutions for harsh worksites.

“Our certification testing consisted of installing the GSW client software, setting up a telnet collection to the UTS server and running a test application over a period of time to establish confidence that connections remained stable. We then set up an SSH2 connection to the UTS, stress testing that as well. We disconnected and reconnected multiple times to ensure consistency, then tested the GSW Client features,” explained Steve Lindsey of Georgia SoftWorks. “The Nautiz X4 performed reliably throughout all of our testing, without as much as a hiccup. It is a fully capable device that runs well in a Georgia SoftWorks environment.”

Handheld’s Nautiz X4 is a rugged barcode scanner and rugged handheld combination with an integrated scanner, designed to thrive in tough conditions. Weighing only 11.6 ounces, the Nautiz X4 has a 1GHz processor, 512 MB of RAM and 1GB of Flash memory. The Nautiz X4 is IP-65-rated and meets stringent MIL-STD-810G test standards. The Nautiz X4 is unfazed by environmental factors such as extreme temperatures, dust, water and proved by stringent industry and military-standard durability tests.

43606-telnetHandheld is a privately-held manufacturer of rugged computers including rugged tablets, notebooks and handhelds. Headquartered in Sweden, they have offices in Finland, the Netherlands, United States, Italy, Australia, United Kingdom, Germany and Switzerland. They are one of the fastest growing companies in their sector. They form partnerships around the globe that offer products and solutions that are able to withstand the toughest conditions to get the job done.

Georgia SoftWorks is a software development company based in Georgia, USA that has received global recognition for the GSW UTS, their Telnet Server for Windows and SSH Server for Windows. The GSW UTS is the most robust and reliable UTS on the market, used in the most rigorous and demanding industrial environments. The GSW Telnet Server for Windows is excellent with mobile devices in RFID, RF Terminal, barcode scanners and other data collection and wireless environments, making it a great software to be used on Handheld’s devices and the industries they serve.

About Georgia SoftWorks:
Established in 1991, Georgia SoftWorks is a privately held software development company recognized for creating high performance data communications, system and telecommunications applications. Georgia SoftWorks has obtained a worldwide presence with its industrial SSH/Telnet Server for Microsoft Windows. GSW’s long-term commitment to SSH/Telnet has led to the pioneering of major features such as Session Shadowing, Session Monitoring, Graceful Termination, Automatic Logon, Logon Scripting and more recently Team Services technology which allows mobile device users to transfer, swap, share and recover mobile device sessions. GSW has also provided the very first SSH Server to provide Digital Certificate Authentication with an Internet Information Server (IIS) like certificate-to-user.