[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Re: Firewall security and SSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 13 Oct 2001 7:09 pm, you wrote:
> Chris
>
> > Hope this helps some people understand ssh a bit better, plus it
> > adds another twist to security :)
>
> Yes .. I'd heard about something like this but hadn't really goten
> hold of all the juicy details. As a precaution I disable SSH on any
> firewall box just to make sure that any smart arse trying it out
> doesn't do too well at it.
>
It is possible for a savvy user inside a firewall to render the firewall
insecure using *any* protocol that is passed by the firewall. I have, on
occation, forwarded ports across multiple firewalls on top of telnet, http
and ssh. I currently use ssh across several firewalls in the NHSnet to copy
images between hospitals, ssh port forwarding to allow query and retrieve by
DICOM servers between hospitals and ssh on top of ppp on top of telnet to
access some images remotely from one localtion that only allows telnet (!!)
access. The point is that if you have ANY legal connection from inside to an
outside machine, it is possble to breech the firewall in reverse. The only
secure ways is to denay all users inside as well as outside a firewall shell
access to any machine inside a firewall. Port forwarding is not a preserve
unique to ssh - its just a lot easier to do with ssh and this facility is not
a reason, per se, not to use ssh.
Best Wishes,
Pieter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7yLQ/KcW+Qf+XsA4RAklcAKC/L4TH0gdxttGMFfeZkdg0clJEZgCeKdvL
3eughl780Le4N4W/OhaYv+Q=
=Ntu7
-----END PGP SIGNATURE-----
___________________________________________________________________
Sheffield Linux User's Group - http://www.sheflug.co.uk .
To unsubscribe from this list send mail to
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.