[ https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930124#comment-16930124 ]
Nick Couchman commented on GUACAMOLE-880: ----------------------------------------- The other thing that I would add to what Mike said is that I don't think you need this feature in order to implement "defense in depth." I would say that in a standard Guacamole deployment you would (should) implement the following layers of security: * Ability to authenticate to Guacamole in the first place. (= Walking into the building with a valid pass.) * TLS encryption of the data streams ( = Cloak of invisibility while you walk :-) * Ability to authenticate to the remote desktop system (RDP/SSH/etc.; = Walking into the 10th floor office with a valid pass.). * Authorization to access the correct data (access control lists; = The key to the file cabinet). * Accountability for the data they access (auditing; = A camera watching them do all of these things, and someone looking at the document they pull from the file cabinet and making a record of it.). I would be shocked if a company were held liable for GDPR violations simply on the fact that they used Guacamole and Guacamole did not offer this layer of protection against steganographic attacks - my guess is that you would have to ignore/violate several of the other layers in order to be held liable for something done by a determined insider. > Obfuscation of guacamole client protocol > ---------------------------------------- > > Key: GUACAMOLE-880 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-880 > Project: Guacamole > Issue Type: Wish > Components: guacamole-client, guacamole-server > Reporter: Bolke de Bruin > Priority: Major > Labels: security > > One of the reasons we deploy guacamole is to limit data leakage > possibilities. We recently had a audit on our infrastructure and it was shown > that it was quite easy to leak out data through the guacamole protocol by > creating special images inside the desktop and then using mitmproxy (python) > and the guacamole python modules to capture the data inside those images. > In order to limit the attack surface we would like to have obfuscation of the > protocol if configured to do so. Of course this could be done by implementing > a custom protocol, but it would be nice if Guacamole would have the > facilities (hooks) to do this. One could think of allowing a custom function > to encrypt/obfuscate the outgoing stream and attach into the javascript that > decrypts the stream. -- This message was sent by Atlassian Jira (v8.3.2#803003)