Firewall Wizards mailing list archives
RE: blocking/monitoring ssh
From: sean.kelly () lanston com
Date: Mon, 25 Sep 2000 13:29:04 -0400
From: J. Eric Townsend [mailto:jet () icras com] sean.kelly () lanston com writes:From: Gregory Hicks [mailto:ghicks () cadence com] With ssh, the data stream is encrypted at the users workstation and tunnels 'through' the firewall so we never get a chance tomonitor it.And neither does a hacker, which is kind of the point.Recently, one of our users decided our VPN was cumbersome and decided to do the ssh/tunnel trick between a machine behind our firewall and his home linux system.
An unfortunate consequence of any security policy is that if a user finds it too restrictive they will try to find some way to circumvent it. Often, it seems like a preferable solution to offer internal users more than you would like just to insure that they won't find their own solution to do the same thing. At least if you provide the service you can include some means of monitoring or filtering it. Sean _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- blocking/monitoring ssh J. Eric Townsend (Sep 22)
- Re: blocking/monitoring ssh Magosányi Árpád (Sep 25)
- Re: blocking/monitoring ssh Sean Michael Whipkey (Sep 25)
- <Possible follow-ups>
- RE: blocking/monitoring ssh sean . kelly (Sep 25)
- RE: blocking/monitoring ssh Harris, Tim (Sep 26)