[
https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930124#comment-16930124
]
Nick Couchman commented on GUACAMOLE-880:
-----------------------------------------
The other thing that I would add to what Mike said is that I don't think you
need this feature in order to implement "defense in depth." I would say that
in a standard Guacamole deployment you would (should) implement the following
layers of security:
* Ability to authenticate to Guacamole in the first place. (= Walking into the
building with a valid pass.)
* TLS encryption of the data streams ( = Cloak of invisibility while you walk
:-)
* Ability to authenticate to the remote desktop system (RDP/SSH/etc.; = Walking
into the 10th floor office with a valid pass.).
* Authorization to access the correct data (access control lists; = The key to
the file cabinet).
* Accountability for the data they access (auditing; = A camera watching them
do all of these things, and someone looking at the document they pull from the
file cabinet and making a record of it.).
I would be shocked if a company were held liable for GDPR violations simply on
the fact that they used Guacamole and Guacamole did not offer this layer of
protection against steganographic attacks - my guess is that you would have to
ignore/violate several of the other layers in order to be held liable for
something done by a determined insider.
> Obfuscation of guacamole client protocol
> ----------------------------------------
>
> Key: GUACAMOLE-880
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-880
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client, guacamole-server
> Reporter: Bolke de Bruin
> Priority: Major
> Labels: security
>
> One of the reasons we deploy guacamole is to limit data leakage
> possibilities. We recently had a audit on our infrastructure and it was shown
> that it was quite easy to leak out data through the guacamole protocol by
> creating special images inside the desktop and then using mitmproxy (python)
> and the guacamole python modules to capture the data inside those images.
> In order to limit the attack surface we would like to have obfuscation of the
> protocol if configured to do so. Of course this could be done by implementing
> a custom protocol, but it would be nice if Guacamole would have the
> facilities (hooks) to do this. One could think of allowing a custom function
> to encrypt/obfuscate the outgoing stream and attach into the javascript that
> decrypts the stream.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
