Protocols are a common target of attacks due to the number of devices that can be targeted. Devices made by different vendors are able to communicate and function with each other thanks to standard protocols that allow them to understand each other. The widespread use of these protocols makes them an attractive target for attackers. If a flaw is found in a popular protocol, many devices made by different vendors will be vulnerable to the attack. Over the years, many different protocols have been updated due to vulnerabilities found in the original versions, a great example being the SSH protocol. SSH (Secure Shell) is a network protocol that allows users to remotely access a computer to perform tasks such as executing commands and transferring files. It was designed in 1995 as a means to replace less secure protocols such as rlogin and telnet. The problem with these protocols is that information, including passwords, is sent in plaintext (Rosasco and Larochelle, 2003). SSH solves this problem by encrypting the traffic sent between devices. Even with these security improvements, the original version of SSH, called SSH1 or SSH-1, was not without vulnerabilities. A vulnerability in SSH-1 allowed an attacker to inject malicious commands into an encrypted session. These commands would be accepted by the server and executed with the privileges of the user who established the connection. This attack would become known as the “SSH insertion attack.” To carry out the attack, a person would first have to access the traffic sent between the client and the server. This is possible via traditional network monitoring software, as well as via a TCP hijack attack. Once this is finished…halfway through the paper…integrity occurs. Works Cited Lanza, JP (2003a, May 19). Note on vulnerability vu#13877. United States Computer Emergency Readiness Team, Retrieved from http://www.kb.cert.org/vuls/id/13877Lanza, J.P. (2003b, May 19). Note on vulnerability vu#945216. United States Computer Emergency Readiness Team, Retrieved from http://www.kb.cert.org/vuls/id/945216Rosasco, N., & Larochelle, D. (2003, May 30). How and why more secure technologies succeed in legacy markets: Lessons from the success of ssh. Computer Science at the University of Virginia, retrieved from http://www.cs.virginia.edu/~drl7x/sshVsTelnetWeb3.pdfsshd. (2002). The University of Texas at Austin, Retrieved from http://www.tacc.utexas.edu/services/userguides/ssh_detailed/ssh Insertion Attack. (1998). Core security technologies, retrieved from http://www.coresecurity.com/content/ssh-insertion-attack