Firewall Wizards mailing list archives
blocking/monitoring ssh
From: "J. Eric Townsend" <jet () icras com>
Date: Fri, 22 Sep 2000 17:22:03 -0700 (PDT)
sean.kelly () lanston com writes:
From: Gregory Hicks [mailto:ghicks () cadence com] With ssh, the data stream is encrypted at the users workstation and tunnels 'through' the firewall so we never get a chance to monitor it.And neither does a hacker, which is kind of the point.
Recently, one of our users decided our VPN was cumbersome and decided to do the ssh/tunnel trick between a machine behind our firewall and his home linux system. The only reason I discovered this is that virtually nobody here uses SSH *and* I was the only person in the building late one night while making some network changes. "Hm. SSH traffic when nobody's in the building? That can't be good." I can't turn SSH off, however, since we rely on it for many projects. Do I have an answer? No. But I don't think either extreme is a good solution. -- j. eric townsend IT/Facilities Manager Icras, Inc. (formerly DataRover Mobile Systems, Inc.) 408.530.2916 / <http://www.icras.com> _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- blocking/monitoring ssh J. Eric Townsend (Sep 22)
- Re: blocking/monitoring ssh Magosányi Árpád (Sep 25)
- Re: blocking/monitoring ssh Sean Michael Whipkey (Sep 25)
- <Possible follow-ups>
- RE: blocking/monitoring ssh sean . kelly (Sep 25)
- RE: blocking/monitoring ssh Harris, Tim (Sep 26)