Firewall Wizards mailing list archives
RE: blocking/monitoring ssh
From: "Harris, Tim" <tharris () ocair com>
Date: Tue, 26 Sep 2000 07:55:04 -0700
By definition, if your policy has any restrictions at all then someone will disagree with it. If no one had a problem then why are you setting a restrictive policy? This is just like the 65dB noise limit around airports. Statistically about 14 percent of the population will be dissatisfied but that is a number that you can live with. So, how many of your users do you want unhappy and are they going to be unhappy enough to try to circumvent you?
With ssh, the data stream is encrypted at the users workstation and tunnels 'through' the firewall so we never get a chance tomonitor it.And neither does a hacker, which is kind of the point.Recently, one of our users decided our VPN was cumbersome and decided to do the ssh/tunnel trick between a machine behind our firewall and his home linux system.
An unfortunate consequence of any security policy is that if a user finds it too restrictive they will try to find some way to circumvent it. Often, it seems like a preferable solution to offer internal users more than you would like just to insure that they won't find their own solution to do the same thing. At least if you provide the service you can include some means of monitoring or filtering it. Sean _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- blocking/monitoring ssh J. Eric Townsend (Sep 22)
- Re: blocking/monitoring ssh Magosányi Árpád (Sep 25)
- Re: blocking/monitoring ssh Sean Michael Whipkey (Sep 25)
- <Possible follow-ups>
- RE: blocking/monitoring ssh sean . kelly (Sep 25)
- RE: blocking/monitoring ssh Harris, Tim (Sep 26)