Re: Blocking Yahoo Messenger With Firewall??

On 4 Dec 2005 18:08:46 GMT, "Jim Seavey" <spam@xxxxxxxxxxxxxxxxx>

>I am very disappointed in your replies.
>You have yet to tell me how you would know what someone was doing if
>they had an SSH connection running.
>If it is NOT against company policy to use SSH then I do not see how
>you could possibly say that someone had violated company policy while
>using SSH - UNLESS you know for a FACT what they are doing with the SSH
>stream it seems to me that there is no way for you do declare that a
>person has violated company policy.
>I thought perhaps that you knew something about SSH that I or others on
>the list did not - specifically how to monitor what was going on in the
>data stream. This is the only way you could possibly know what they are
>If you choose to reply, please leave out all the extraneous comments
>about other applications and what they do or do not do. This whole
>thread was based on violation of company policies and the ability to
>have an employee dismissed for the use of SSH in a way that violated
>company policy.
>I am not trying to give you a hard time, but I am interested in knowing
>how you could know what someone is doing within the SSH data stream, as
>I stated above.
>I am not aware of anyone who has been able to "see" what is going on
>inside an SSH data stream. Having someone dismissed from their job is
>not a trivial issue and in so doing the "data" that you would provide
>would have to be beyond reproach. To date you have not been able to
>demonstrate that you can provide data of this nature in relation to SSH
>data streams.
>Curiously yours,
>Moe Trin wrote:
>> On 2 Dec 2005, in the Usenet newsgroup, in
>> article <dmomf00213p@xxxxxxxxxxxxxxxxxx>, Jim Seavey wrote:
>> > So, what you are saying is that it is against your company policy to
>> > use ssh.
>> No
>> > And, you never did respond about how you would know what someone was
>> > doing? In my example, I did not even suggest the use of a tunnel but
>> > that is what you chose to reply.
>> Great - give an example. Include a brief description of the persons's
>> job, what their normal contacts are, and why this new use of SSH (or
>> any other encrypted traffic) is needed.
>> > So, please tell me how you would know what I was doing with ssh? How
>> > would you know if I was doing company business or something else?
>> Please tell me how you know that the driver of that parked car ahead
>> is going to open the door without seeing you in the mirror.
>> > I did not see much of a response to this. I have never worked
>> > anywhere that prevented people from working on company business at
>> > home.
>> Actually that is a very common requirement of government contracts.
>> This is NOT relating to security, but paid hours and specifics
>> relating to place of performance. There are also insurance and
>> possibly tax issues.
>> Working from home is one thing - and it may or may not be allowed by
>> your company. Other SSH traffic may be controlled depending on why it
>> might be needed. Talking to a vendor (or prospective vendor) site?
>> That's one end of the spectrum - the other might be connecting to a
>> proxy in a third country (How would that be know? Guess). It depends
>> on what is "normal".
>> > Yes, we can go into proprietary issue but for the sake of this
>> > discussion lets just say that it is not an issue.
>> At this facility - remember, we're R&D - that killed it right there. I
>> know there are similar restrictions at several of the other facilities
>> within the company that I've worked at/with.
>> > As for my attorney, this case has already been won.
>> Glad to hear it.
>> > Until you can tell me that you can determine what I was doing with
>> > ssh you have no way of knowing if I was violating one of the company
>> > policies or not, unless the use of the application itself is a
>> > violation - but if this were the case why would the company have it
>> > on the computer in the first place?
>> There used to be a MS-DOS game that had a hot-key arrangement that
>> suspended the game, and popped up a shot of a Lotus 123 spread sheet
>> - and damned if Lotus hadn't wedged - none of the "normal" keys
>> worked, and you had to reboot to get the computer running. If the
>> "intruder" went away, there was a hot-key combination that restored
>> the game. I imagine it fooled a few bosses, until the boss ragged on
>> the IT guy to fix this constant crashing. (We'll ignore the idiot
>> who was using it at a place that didn't have 123 installed on that
>> computer.)
>> I won't say what would be going on here, but perhaps you shouldn't be
>> waving that red flag trying to attract attention to the traffic from
>> your computer. Remember, it belongs to the company, and is provided
>> for company use, with company provided software. If that's different
>> from where you work, well, good for you.
>> Old guy
It is not the use of SSH, per se, that will get you fired (unless you
company has a policy statement along the lines of "unauthorised
establishment of an encrypted tunnel is prohibited"). It is the
implication that you are probably in breach of other corporate
policies, the investigation of which will lead to your dismissal. For
example, most companies have policies against unauthorised
installation of software. If the corporate image does not have the
software in it to establish a SSH tunnel, you would be in breach of
that policy because you would have had to load your own software to
establish the tunnel.
Since most users would not have SSH tunnels (or the knowledge of how
to set them up) the presence of one is a readily monitored flag
condition. The follow up is to start closely monitoring your computer
according to corporate guidelines, which almost certainly includes
mnonitoring your keyboard, downloading your log files (& making sure
everything gets logged), etc. Pretty soon, the security people will
know why you are using an SSH tunnel. If it appears to be legitimate
usage, your manager would be approached to authorise its use. If you
are p browsing, or doing other activities not permitted under
corporate policy, then that evidence will be used to dismiss you, not
the SSH usage.
Incidently, if it is legitimate for you to work from home, most
companies will supply laptops with standard corporate images on them.
These usually contain modified tunnelling software allowing encrypted
links only between your computer & a standard list of other IP
addresses; your home computer is unlikely to be on it.