Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: blocking/monitoring ssh

From: sean.kelly () lanston com
Date: Mon, 25 Sep 2000 13:29:04 -0400
From: J. Eric Townsend [mailto:jet () icras com]

sean.kelly () lanston com writes:

From: Gregory Hicks [mailto:ghicks () cadence com]
With ssh, the data stream is encrypted at the users workstation and
tunnels 'through' the firewall so we never get a chance to 

monitor it.

And neither does a hacker, which is kind of the point.


Recently, one of our users decided our VPN was cumbersome and decided
to do the ssh/tunnel trick between a machine behind our firewall and
his home linux system.


An unfortunate consequence of any security policy is that if a user finds it
too restrictive they will try to find some way to circumvent it.  Often, it
seems like a preferable solution to offer internal users more than you would
like just to insure that they won't find their own solution to do the same
thing.  At least if you provide the service you can include some means of
monitoring or filtering it.


Sean

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: