Firewall Wizards mailing list archives

blocking/monitoring ssh

From: "J. Eric Townsend" <jet () icras com>
Date: Fri, 22 Sep 2000 17:22:03 -0700 (PDT)



sean.kelly () lanston com writes:

From: Gregory Hicks [mailto:ghicks () cadence com]
With ssh, the data stream is encrypted at the users workstation and
tunnels 'through' the firewall so we never get a chance to monitor it.

And neither does a hacker, which is kind of the point.


Recently, one of our users decided our VPN was cumbersome and decided
to do the ssh/tunnel trick between a machine behind our firewall and
his home linux system.

The only reason I discovered this is that virtually nobody here uses
SSH *and* I was the only person in the building late one night while
making some network changes.  "Hm.  SSH traffic when nobody's in the
building?  That can't be good."

I can't turn SSH off, however, since we rely on it for many projects.

Do I have an answer?  No.  But I don't think either extreme is a good
solution.

-- 
j. eric townsend
IT/Facilities Manager
Icras, Inc.  (formerly DataRover Mobile Systems, Inc.)
408.530.2916 / <http://www.icras.com>

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

blocking/monitoring ssh J. Eric Townsend (Sep 22)
- Re: blocking/monitoring ssh Magosányi Árpád (Sep 25)
- Re: blocking/monitoring ssh Sean Michael Whipkey (Sep 25)
- <Possible follow-ups>
- RE: blocking/monitoring ssh sean . kelly (Sep 25)
- RE: blocking/monitoring ssh Harris, Tim (Sep 26)