Firewall Wizards mailing list archives
Re: Summary: SSH through firewall
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Tue, 27 Jul 1999 11:20:08 -0400
On Mon, Jul 26, 1999 at 10:23:40AM +0200, Ginsberg Rainer (QI/INF4) * wrote:
2) The -R option allows insiders to forward all kind of traffic from the untrusted network to the trusted network.
Even if ssh would not support this feature it would be easy to run a tunnel through the terminal session. Tunneling PPP though an outbound telnet session is no big deal, and at least one (commercial) PPP implementation I know of can actually do this out of the box. The firewall most likely won't have a clue. I'm sure the same can be done with about any login-session protocol. It's just easier to do with 'ssh'. One way to kind-of solve this problem is to only allow ssh out from a host on a service network (DMZ), and configure sshd on this host not to allow tunnels. You will also need to firewall this machine off from the rest of the network. Threats from insiders are very hard to deal with, especially if you don't want to chase 90% of your workforce away with oppressive security measures. It's hard to put a firewall on sneakernet. Ge' -- - Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400, Columbus OH 43220
Current thread:
- Summary: SSH through firewall Ginsberg Rainer (QI/INF4) * (Jul 26)
- Re: Summary: SSH through firewall Ge' Weijers (Jul 27)
- Re: Summary: SSH through firewall Jan B. Koum (Jul 29)