On Fri, 15 Mar 2002, David Talkington wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rick Warner wrote:
>
> >There is one other major security issue with SSH - it allows users the
> >ability to circumvent other security. The fact that if you open up
> >SSH into your network then any user can tunnel any traffic he wants into
> >your network is a major flaw. SSH would be a much more acceptable tool if
> >the tunneling feature was disconnected from the rest.
>
> Um ... Rick, you can turn that off. See the sshd man page for
> AllowTcpForwarding.
Ummm, David, I can turn it off on sshd, not ssh esp. if users can bring
accumulate their own copies and circumvent my ssh config files.
Scenario: dangerous user A, who knows enough to do harm but not enough to
know he is dangerous, decides that Company Z does not allow all the
protocols he wants to/from his home network. Company Z policy is that NO
in-bound traffic is allowed, but that outbound traffic for HTTP/S, SSH,
FTP is permitted. User A then sets up an outbound tunnel to his home
network using SSH, ssh on our end, sshd on his end. He uses this as a two
way tunnel and starts tunnelling traffic in and out of the corporate
network, and in fact has his home machine configured as a router so his
friends can hit his machine and come in to Company Z's network.
Encrypted nature of the tunnel prevents security admin Y from seeing what
is being passed through the corporate gateway. Admin Y get curious as to
why there is a long-term SSH connection from internal machine to home
network, sniffs on the user's machine, finds what is going on. Blocks
access, gives data to corporate management. Dangerous, easy to
accomplish, has been done, outbound SSH now only allowed to specific IP's.
This is why the tunnelling features need to be completely separated, IMHO.
- rick
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
