Re: ssh tunnel through firewall
From: Jeff (firstname.lastname@example.org)
From: "Jeff" <email@example.com> Date: Mon, 07 Apr 2003 07:30:32 GMT
you can complie or disable ssh tunneling on your ssh server.
company uses av filter/content filter and so on...and client use ssh
tunneling to get around it or even manage their home PC to do other work..
setup egress filtering if possible.
"Oscar Knight" <firstname.lastname@example.org> wrote in message
> Hello ALL,
> Our policy does not directly (well, it does in so many words) deal with
> ssh tunnels through our firewall, from the inside to the outside. Users
> on the inside have almost unlimited access outbound, and no inbound
> Ssh tunnels can be used to over come the "no inbound" access for users
> on the inside. In the strictest sense this is a policy violation.
> I'm interested in hearing comments/experiences/suggestions/soap box...
> on the following:
> 1) What about vendor supported servers that obviously should be on the
> inside and yet vendor needs access to support. An ssh tunnel or vpn
> could solve this issue. Do you have a special "security"
> agreement/contract with the vendor? Comments?
> 2) What about ssh X-forwarding. Does anyone limit this and/or view it
> as a hazard? Comments?
> 3) How risky is ssh port-forwarding from the inside? I'm interested in
> risk wrt compromise of machine on the outside. What about multi-user
> box on outside? I think any user on that box has access to your box via
> the forwarded port. Comments?
> Thanks in advance!