[
https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930080#comment-16930080
]
Bolke de Bruin edited comment on GUACAMOLE-880 at 9/15/19 8:48 PM:
-------------------------------------------------------------------
[~nick.couch...@yahoo.com] Why do you think it is a corner case? We deploy
guacamole desktops to 500+ users around the globe with many more in the
pipeline. I don't know all of them personally and statistically there are going
to be malevolent users. It only takes _one_ user to get me a fine of up to
10Mio or 2% annual revenue (GDPR) as someone could argue the risk was raised
but we did not take enough action. Besides, given the fact that a pentester
tried it and succeeded quite easily it is bound to be known in less repectful
communities.
One employs security in a layered fashion. I see this as the equivalent of
someone entering the building with a valid pass, but then to let him out
carrying equipment because the gate is so wide that anything passes trough.
Let's make it possible to limit the size of the gate: it won't solve the issue
but someone might not even try or will get caught quicker.
Edit: or are you arguing that Guacamole should not serve this case? That would
be a petty, cause it would mean it won't be too interesting in an enterprise
context. However, why do you then have the possibility to disable the clipboard?
was (Author: bolke):
[~nick.couch...@yahoo.com] Why do you think it is a corner case? We deploy
guacamole desktops to 500+ users around the globe with many more in the
pipeline. I don't know all of them personally and statistically there are going
to be malevolent users. It only takes _one_ user to get me a fine of up to
10Mio or 2% annual revenue (GDPR) as someone could argue the risk was raised
but we did not take enough action. Besides, given the fact that a pentester
tried it and succeeded quite easily it is bound to be known in less repectful
communities.
One employs security in a layered fashion. I see this as the equivalent of
someone entering the building with a valid pass, but then to let him out
carrying equipment because the gate is so wide that anything passes trough.
Let's make it possible to limit the size of the gate: it won't solve the issue
but someone might not even try or will get caught quicker.
> Obfuscation of guacamole client protocol
> ----------------------------------------
>
> Key: GUACAMOLE-880
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-880
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client, guacamole-server
> Reporter: Bolke de Bruin
> Priority: Major
> Labels: security
>
> One of the reasons we deploy guacamole is to limit data leakage
> possibilities. We recently had a audit on our infrastructure and it was shown
> that it was quite easy to leak out data through the guacamole protocol by
> creating special images inside the desktop and then using mitmproxy (python)
> and the guacamole python modules to capture the data inside those images.
> In order to limit the attack surface we would like to have obfuscation of the
> protocol if configured to do so. Of course this could be done by implementing
> a custom protocol, but it would be nice if Guacamole would have the
> facilities (hooks) to do this. One could think of allowing a custom function
> to encrypt/obfuscate the outgoing stream and attach into the javascript that
> decrypts the stream.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
