Firewall Wizards mailing list archives
Re: Issues opeing firewall for SSH/SecureFTP?
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 12 Aug 2004 15:16:26 -0500
On Mon, 2004-08-09 at 14:34, Chris Conacher wrote:
3. I understand that SSH is a great opportunity for tunneling attacks if an exploit is discovered, but I feel that there is it possible to manage this exposure through the existence of a DMZ based bastion host, rather than providing external people with access to the VPN.
If you configure the host-based firewall of the SSH server so that no outbound connections are allowed, and further shield outbound (and inbound of course) access with a network-base firewall, then I don't see much ability for your users/contractors to misuse SSH for tunneling purposes. Keep your host security tight and perhaps only run a secure SFTP server, and not the normal SSH server, so that folks can not log in and get a shell (in other words, only provide SFTP service, not secure SHELL access). Hope this helps, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Issues opeing firewall for SSH/SecureFTP? Chris Conacher (Aug 12)
- Re: Issues opeing firewall for SSH/SecureFTP? Frank Knobbe (Aug 12)
- Re: Issues opeing firewall for SSH/SecureFTP? Victor Williams (Aug 12)
- RE: Issues opeing firewall for SSH/SecureFTP? Bill Royds (Aug 12)
- <Possible follow-ups>
- RE: Issues opeing firewall for SSH/SecureFTP? David West (Aug 20)
- RE: Issues opeing firewall for SSH/SecureFTP? R. DuFresne (Aug 20)