[ https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930062#comment-16930062 ]
Bolke de Bruin commented on GUACAMOLE-880: ------------------------------------------ [~nick.couch...@yahoo.com] you probably assume an external attacker. Now assume we have an attacker that has valid credentials. Insider threats are the biggest worry (think Capital One for example). The analysis on that page is exactly that. This was a red/blue team exercise for us. So, you are right that it is equivalent to the other protocols. However, for these to implement capturing the data is just more difficult as the protocol is less known or harder to implement (e.g. RDP). We don't expose SSH for the same reasons: it's way to easy to download data over such a connection. I might be stretching the use case for Guacamole. However, imho it's a valid one: Use guacamole as gateway to limit the attack surface to your servers and limit possible data leakage (good sell in the enterprise world I assure you). Otherwise we could just expose SSH directly and forward ports over it? > Obfuscation of guacamole client protocol > ---------------------------------------- > > Key: GUACAMOLE-880 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-880 > Project: Guacamole > Issue Type: Wish > Components: guacamole-client, guacamole-server > Reporter: Bolke de Bruin > Priority: Major > Labels: security > > One of the reasons we deploy guacamole is to limit data leakage > possibilities. We recently had a audit on our infrastructure and it was shown > that it was quite easy to leak out data through the guacamole protocol by > creating special images inside the desktop and then using mitmproxy (python) > and the guacamole python modules to capture the data inside those images. > In order to limit the attack surface we would like to have obfuscation of the > protocol if configured to do so. Of course this could be done by implementing > a custom protocol, but it would be nice if Guacamole would have the > facilities (hooks) to do this. One could think of allowing a custom function > to encrypt/obfuscate the outgoing stream and attach into the javascript that > decrypts the stream. -- This message was sent by Atlassian Jira (v8.3.2#803003)