Re: is ssh tunneling a security risk?



Hi,

theres is nothing bad about the tunnel itself but the tunnel has an
end that is outside the control of your IT. In other words you leave a
door open. If someone gets into your outside machine he gains acces to
the "secured zone".

C

2008/10/17 David M. Kaplan <David.Kaplan@xxxxxx>:
Hi,

My IT department is really heavy on security. From outside the
building, they have a rather complex system setup so that you can get
around the firewall and ssh into a single machine. From there, you have
to ssh into the machine you want to use.

To simplify things, I have been using a tunnel to hop from my machine
directly (through the tunnel) to the machine I want to use in the
building. This has worked fine until a couple of days ago when IT
decided to prohibit tunneling for "security reasons" (attempting to use
the tunnel now responds with "channel 3: open failed: administratively
prohibited: open failed"). This has made it almost impossible to work
with the system.

What I am wondering is exactly what "security risk" does an ssh tunnel
pose? I thought you used an ssh tunnel to enhance security, not the
other way around. Can someone give me a reason why it is a risk to
leave this open or give me good arguments that I can forward to IT for
why they should not prohibit tunneling?

Thanks,
David


--
**********************************
David M. Kaplan
Charge de Recherche 1
Institut de Recherche pour le Developpement
Centre de Recherche Halieutique Mediterraneenne et Tropicale
av. Jean Monnet
B.P. 171
34203 Sete cedex
France

Phone: +33 (0)4 99 57 32 27
Fax: +33 (0)4 99 57 32 95
http://www.ur097.ird.fr/team/dkaplan/index.html
**********************************






Relevant Pages

  • Re: is ssh tunneling a security risk?
    ... "Security risk" is always a subjective decision made by your IT Security group based on your organizations' priorities, assets, data, etc -- but my guess would be that if they feel it's a risk, it's probably due to your potential to bypass corporate firewalls for incoming traffic. ... I have been using a tunnel to hop from my machine ... What I am wondering is exactly what "security risk" does an ssh tunnel ...
    (SSH)
  • Re: Timbuktu, etc.
    ... > try running any of your remote programs over an SSH tunnel - but we have ... Zebedee to tunnel VNC and pop3 connections. ... One question remains is the security of such a solution. ... > My company's sysadmins use Timbuktu to access their Windows servers. ...
    (Focus-Microsoft)
  • Re: is ssh tunneling a security risk?
    ... My IT department is really heavy on security. ... I have been using a tunnel to hop from my machine ... What I am wondering is exactly what "security risk" does an ssh tunnel ... Institut de Recherche pour le Developpement ...
    (SSH)
  • is ssh tunneling a security risk?
    ... My IT department is really heavy on security. ... they have a rather complex system setup so that you can get ... I have been using a tunnel to hop from my machine ... What I am wondering is exactly what "security risk" does an ssh tunnel ...
    (SSH)
  • Re: is ssh tunneling a security risk?
    ... get work done without the tunnel? ... And just to be more specific about my security setup, I don't just ssh ...
    (SSH)