Re: [fw-wiz] Firewal with SSH inspection? (was Re: Firewall bake-off?)



2007/3/20, K K <kkadow@xxxxxxxxx>:


> My favorite example
> is ssh: port forwarding allows a lot of sins to be hidden from
> centralized access control, but "it's encrypted, so it must be
> secure." (Yes, there are ssh proxies that can address this, but
> they're not a common feature in firewalls.)

Are there ssh proxies that can address this?


Zorp professional. They even market an appliance called "shell control box",
which is essentially a zorp with functionality stripped down to ssh
gatewaying, including control of various forwardings.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: SSH question
    ... control area. ... in /usr/local/etc/authorized_keys file and that enabled that user to ssh ... That way when bill ssh from host to hosta as jim, ...
    (SSH)
  • Re: [fw-wiz] cisco ssh rate limit
    ... Have you thought about using an access control list instead for the ssh ... I am not deeply familiar with the PIX yet but I know on Cisco ... I'm thinking functionality like this ...
    (Firewall-Wizards)
  • Re: IPTABLES + SECURITY
    ... IMHO connect to a remote server directly for administration purposes is ... a risk because we cannot control software failures, ... SSH as other things is brakeable. ...
    (comp.os.linux.security)
  • Re: SSH Tunneling and TCP_NODELAY
    ... :I am using SSH port forwarding on a linux sshd from the Cygwin ssh. ... :sides have version OpenSSH 3.4p1. ... :If port forwarding is NOT used, the control stream is working well. ...
    (comp.security.ssh)
  • [fw-wiz] Firewal with SSH inspection? (was Re: Firewall bake-off?)
    ... is ssh: port forwarding allows a lot of sins to be hidden from ... Are there ssh proxies that can address this? ... SSH from a production "appliance" over TCP/443 to an Internet host in ...
    (Firewall-Wizards)