SSH Communications Security
Price: Tectia Client, $149; Tectia Server, $2,390; Tectia Manager, $7,375
Since 1995, when Tatu YlÖnen replaced Telnet and the "R" series of commands (rlogin, rsh, rcp) from the *nix world, SSH (Secure Shell) has been a workhorse for secure communications. The company he founded, SSH Communications Security, has built SSH into a powerful enterprise tool, SSH Tectia.
Tectia delivers strong security and robust management, though enterprise-scale installation is somewhat problematic and the client interface could be improved.
Tectia Client presents a simple GUI for secure remote administration of a host and secure file transfer via secure FTP; a separate agent, Tectia Connector, enables transparent secure connection to pre-existing enterprise applications.
Tectia Client and Server run on a wide range of *nix and Windows platforms; Tectia Connector runs on Windows systems. We used a Windows 2003 Server running SQL and IIS for Tectia Server, with a mix of Windows 2000 SP4, Windows XP SP2 and Fedora Core 3 (Linux) clients.
Tectia's strength is its rock-solid security. Nothing -- Nessus, Ethereal or a general SSH hacking tool -- penetrates the encrypted stream. No tracks from client login are left on the local hard drive.
Tectia is fast and accurate. Entering commands and transferring files was seamless, and the clients were stable under a variety of stress tests. Additionally, you have decent control of multiple clients via the Tectia Manager.
Nonetheless, while installation was easy with one client and a single server, it got more difficult as we scaled to multiple clients on multiple operating systems. The deployment became tedious; the standard SSH system and File Transfer system were different installations.
Add in the client for agent-based SSH connections and installation becomes very complex. We found little help in the minimal installation information available online. And, we had to plow through a glut of inconsistent documentation that offered conflicting direction on things like which file to open, where the files are located and, simply, how to begin the installation.
Tectia begs for a quick start guide or best practices document, plus overall architecture diagrams to cut down the guesswork.
The client interface has a cluttered feel. It has many buttons with little guidance as to what they do or when to use them.
This is a good product built by world-class engineers. The central management and range of platforms advances is well beyond open-source tools such as OpenSSH. If SSH Communications Security makes it easier to deploy and use, SSH Tectia will step up as a robust enterprise product.
This product review originally appeared in the January 2006 issue of Information Security magazine.