[jira] [Commented] (GUACAMOLE-880) Obfuscation of guacamole client protocol

Sun, 15 Sep 2019 12:20:49 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930062#comment-16930062
 ] 

Bolke de Bruin commented on GUACAMOLE-880:
------------------------------------------

[~nick.couch...@yahoo.com] you probably assume an external attacker. Now assume 
we have an attacker that has valid credentials. Insider threats are the biggest 
worry (think Capital One for example). The analysis on that page is exactly 
that. This was a red/blue team exercise for us.

So, you are right that it is equivalent to the other protocols. However, for 
these to implement capturing the data is just more difficult as the protocol is 
less known or harder to implement (e.g. RDP). We don't expose SSH for the same 
reasons: it's way to easy to download data over such a connection.

I might be stretching the use case for Guacamole. However, imho it's a valid 
one: Use guacamole as gateway to limit the attack surface to your servers and 
limit possible data leakage (good sell in the enterprise world I assure you). 
Otherwise we could just expose SSH directly and forward ports over it?

> Obfuscation of guacamole client protocol
> ----------------------------------------
>
>                 Key: GUACAMOLE-880
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-880
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole-client, guacamole-server
>            Reporter: Bolke de Bruin
>            Priority: Major
>              Labels: security
>
> One of the reasons we deploy guacamole is to limit data leakage 
> possibilities. We recently had a audit on our infrastructure and it was shown 
> that it was quite easy to leak out data through the guacamole protocol by 
> creating special images inside the desktop and then using mitmproxy (python) 
> and the guacamole python modules to capture the data inside those images.
> In order to limit the attack surface we would like to have obfuscation of the 
> protocol if configured to do so. Of course this could be done by implementing 
> a custom protocol, but it would be nice if Guacamole would have the 
> facilities (hooks) to do this. One could think of allowing a custom function 
> to encrypt/obfuscate the outgoing stream and attach into the javascript that 
> decrypts the stream.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to