Re: is ssh tunneling a security risk?



My experience...

The ssh tunnel will allow you to bypass the web filters and
download all the viruses and trojans without being noticed,
until your machine sends out a million spam emails, and the
IT guys notice it.

Unfortunately I'm the IT guy, so I have to spend half a day
fixing the machine.

On Fri, Oct 17, 2008 at 05:23:19PM +0200, David M. Kaplan wrote:
Hi,

My IT department is really heavy on security. From outside the
building, they have a rather complex system setup so that you can get
around the firewall and ssh into a single machine. From there, you have
to ssh into the machine you want to use.

To simplify things, I have been using a tunnel to hop from my machine
directly (through the tunnel) to the machine I want to use in the
building. This has worked fine until a couple of days ago when IT
decided to prohibit tunneling for "security reasons" (attempting to use
the tunnel now responds with "channel 3: open failed: administratively
prohibited: open failed"). This has made it almost impossible to work
with the system.

What I am wondering is exactly what "security risk" does an ssh tunnel
pose? I thought you used an ssh tunnel to enhance security, not the
other way around. Can someone give me a reason why it is a risk to
leave this open or give me good arguments that I can forward to IT for
why they should not prohibit tunneling?

Thanks,
David


--
**********************************
David M. Kaplan
Charge de Recherche 1
Institut de Recherche pour le Developpement
Centre de Recherche Halieutique Mediterraneenne et Tropicale
av. Jean Monnet
B.P. 171
34203 Sete cedex
France

Phone: +33 (0)4 99 57 32 27
Fax: +33 (0)4 99 57 32 95
http://www.ur097.ird.fr/team/dkaplan/index.html
**********************************





Relevant Pages

  • Re: Timbuktu, etc.
    ... > try running any of your remote programs over an SSH tunnel - but we have ... Zebedee to tunnel VNC and pop3 connections. ... One question remains is the security of such a solution. ... > My company's sysadmins use Timbuktu to access their Windows servers. ...
    (Focus-Microsoft)
  • is ssh tunneling a security risk?
    ... My IT department is really heavy on security. ... they have a rather complex system setup so that you can get ... I have been using a tunnel to hop from my machine ... What I am wondering is exactly what "security risk" does an ssh tunnel ...
    (SSH)
  • Re: mysql connection through ssl tunnel
    ... can make mysql connections through the tunnel with no problems. ... If autossh watches over my ssh tunnel, who or what watches over autossh? ... There are databases running on both machines, so I need to use a different port for the tunnel. ...
    (freebsd-questions)
  • Need help installing SSH tunnel
    ... let me say that a SSH connection to the remote machine is ... I can do a telnet from the remote machine to the mail daemon on the ... Third, when I try to build a SSH tunnel, everything looks fine until I try ...
    (comp.security.ssh)
  • Re: is ssh tunneling a security risk?
    ... "Security risk" is always a subjective decision made by your IT Security group based on your organizations' priorities, assets, data, etc -- but my guess would be that if they feel it's a risk, it's probably due to your potential to bypass corporate firewalls for incoming traffic. ... I have been using a tunnel to hop from my machine ... What I am wondering is exactly what "security risk" does an ssh tunnel ...
    (SSH)