hasn't it been argued in other threads, somewhat differently that
firewalls are not ment to control insude users so much as to prevent
outside abuse, and that inside use is best constraigned by HR?
Thanks,
Ron DuFresne
On Thu, 20 Apr 2000, aaron wrote:
> With http_tunnel, mail_tunnel, icmp_tunnel and other programs, it makes no
> sense to get that paranoid about 1 protocol. ..add in programs like
> "rpimp" that open reverse telnet (or other) connections form the inside
> network going back out and you get into complete paranoia trying to stop
> it.
>
> Firewalls can only do so much - the next step is making the machines on
> your internal network as secure as you can without making your users
> unproductive.
>
> - Aaron Schultz
> - [EMAIL PROTECTED]
> ------
> /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> \ / ASCII Ribbon Campaign
> X - NO HTML/RTF in e-mail
> / \ - NO Word docs in e-mail
>
>
> On Thu, 20 Apr 2000, David Lang wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > This is exactly the reason why I do not allow SSH through the firewalls I
> > manage.
> >
> > David Lang
> >
> > On Thu, 20 Apr 2000, Mark E. Drummond wrote:
> >
> > > Date: Thu, 20 Apr 2000 15:14:08 -0400
> > > From: Mark E. Drummond <[EMAIL PROTECTED]>
> > > To: Firewalls <[EMAIL PROTECTED]>
> > > Subject: ssh defeats the firewall
> > >
> > > I love ssh. Use it all the time. I work for an educ institution so I get
> > > to use it for everything. It also defeats the security of the firewall.
> > > A "legit" user can pass _any_ traffic they want through ssh, even if
> > > that traffic is normally denied by the firewall. This can be in handly
> > > actually. Most types of traffic are controlled here, but I just tunnel
> > > my connections through ssh and i can get whatever I want.
> > >
> > > --
> > > Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
> > > UNIX System Administrator|Royal Military College of Canada
> > > The Kingston Linux Users Group|http://signals.rmc.ca/klug/
> > > Saving the World ... One CPU at a Time
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 6.5.2
> >
> > iQEVAwUBOP9KJT7msCGEppcbAQHR6wf9FUplyUN3rnXS+h1D8er6xf1UiE5CsiAI
> > 06pKlZxh7SrY1rANy63y0MfO5K+QAkMpRZmTcXhLZ3IFNAf8kSM9+FBz2h3ICjI7
> > +L/NpLXwVsF8139QYyimPQfoQKV140R9ZLhTpoMkEG51dlZDjwcmSODhVbqm5/gU
> > uHHEQ8yT4i6kqCyH8Wf1nHgd6fSKmJx7i5m+OVvFkuuXihWkCvx4dMgvegUdIO4W
> > Ox+qqb2WZvUFyZpZuQ6F0+ydeo6UdmFd+D9LHQWC8o3LsV7Z8gJ5fdIPT2yWsQAL
> > D3iyzTnMb5Xu1LfQgb3rZBHqwe9+V9oqJaSur08+z2DRKTRjNO9kCw==
> > =boXL
> > -----END PGP SIGNATURE-----
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
