Re: ssh defeats the firewall

aaron Thu, 20 Apr 2000 15:59:28 -0700
With http_tunnel, mail_tunnel, icmp_tunnel and other programs, it makes no
sense to get that paranoid about 1 protocol.  ..add in programs like
"rpimp" that open reverse telnet (or other) connections form the inside
network going back out and you get into complete paranoia trying to stop
it.

Firewalls can only do so much - the next step is making the machines on
your internal network as secure as you can without making your users
unproductive.

- Aaron Schultz
- [EMAIL PROTECTED]
------
  /"\  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
  \ /   ASCII Ribbon Campaign
   X   - NO HTML/RTF in e-mail
  / \  - NO Word docs in e-mail


On Thu, 20 Apr 2000, David Lang wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> This is exactly the reason why I do not allow SSH through the firewalls I
> manage.
> 
> David Lang
> 
> On Thu, 20 Apr 2000, Mark E. Drummond wrote:
> 
> > Date: Thu, 20 Apr 2000 15:14:08 -0400
> > From: Mark E. Drummond <[EMAIL PROTECTED]>
> > To: Firewalls <[EMAIL PROTECTED]>
> > Subject: ssh defeats the firewall
> > 
> > I love ssh. Use it all the time. I work for an educ institution so I get
> > to use it for everything. It also defeats the security of the firewall.
> > A "legit" user can pass _any_ traffic they want through ssh, even if
> > that traffic is normally denied by the firewall. This can be in handly
> > actually. Most types of traffic are controlled here, but I just tunnel
> > my connections through ssh and i can get whatever I want.
> > 
> > -- 
> > Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
> > UNIX System Administrator|Royal Military College of Canada
> > The Kingston Linux Users Group|http://signals.rmc.ca/klug/
> > Saving the World ... One CPU at a Time
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> > 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.2
> 
> iQEVAwUBOP9KJT7msCGEppcbAQHR6wf9FUplyUN3rnXS+h1D8er6xf1UiE5CsiAI
> 06pKlZxh7SrY1rANy63y0MfO5K+QAkMpRZmTcXhLZ3IFNAf8kSM9+FBz2h3ICjI7
> +L/NpLXwVsF8139QYyimPQfoQKV140R9ZLhTpoMkEG51dlZDjwcmSODhVbqm5/gU
> uHHEQ8yT4i6kqCyH8Wf1nHgd6fSKmJx7i5m+OVvFkuuXihWkCvx4dMgvegUdIO4W
> Ox+qqb2WZvUFyZpZuQ6F0+ydeo6UdmFd+D9LHQWC8o3LsV7Z8gJ5fdIPT2yWsQAL
> D3iyzTnMb5Xu1LfQgb3rZBHqwe9+V9oqJaSur08+z2DRKTRjNO9kCw==
> =boXL
> -----END PGP SIGNATURE-----
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: ssh defeats the firewall

Reply via email to
