Securing-Optimizing-RH-Linux-1_2_280
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
280
Linux OPENSSL Server
Overview
Most server software like IMAP & POP, Samba, OpenLDAP, FTP, Apache, and others that ask
for users authentication before allowing services, by default transmits users identification and
password in plaintext. Encryption mechanisms like SSL ensure safe and secure transactions.
With this technology, data going over the network is point-to-point encrypted. Once OpenSSL has
been installed in your Linux server, you can use it as a third party to enable other applications
with SSL functionality.
As explained in the OpenSSL web site:
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully
featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is
managed by a worldwide community of volunteers that use the Internet to communicate, plan,
and develop the OpenSSL toolkit and its related documentation.
Cryptography Advantages
The main advantages gained by using technology encryption follow:
Data Confidentiality
When a message is encrypted, the input plaintext is transformed by an algorithm into enciphered
text that hides the meaning of the message and can be sent via any public mechanism. This
process involves a secret key that is used to encrypt and later decrypt the data. Without the
secret key, the encrypted data is meaningless.
Data Integrity
A cryptographic checksum, called a message authentication code (MAC), can be calculated on
arbitrary user supplied text to protect the integrity of data. The result (text and MAC) are then sent
to the receiver which can verify the trial MAC appended to a message by recalculating the MAC
for the message, using the appropriate secret key and verifying that it exactly equals the trial
MAC.