Re: is ssh tunneling a security risk?
For every response I've seen, analysts address the protection of the network in-bound, like web avoidance and tunnel hijacking. What if your security team is stringent due to the inability to see the data you might be releasing out-bound. If you are using tunnels, it is beyond their control to prevent you from sending intellectual property, trade secrets, or otherwise from within the company -> out. In other words, egress control. It could be that HIPAA, SOX, GBLA, PCI or some other legal compliance requirement (whatever laws are in force in France) is forcing IT to shut down what they cannot monitor with regards to protected data exchange. David M. Kaplan wrote: > Hi, > > My IT department is really heavy on security. From outside the > building, they have a rather complex system setup so that you can get > around the firewall and ssh into a single machine. From there, you have > to ssh into the machine you want to use. > > To simplify things, I have been using a tunnel to hop from my machine > directly (through the tunnel) to the machine I want to use in the > building. This has worked fine until a couple of days ago when IT > decided to prohibit tunneling for "security reasons" (attempting to use > the tunnel now responds with "channel 3: open failed: administratively > prohibited: open failed"). This has made it almost impossible to work > with the system. > > What I am wondering is exactly what "security risk" does an ssh tunnel > pose? I thought you used an ssh tunnel to enhance security, not the > other way around. Can someone give me a reason why it is a risk to > leave this open or give me good arguments that I can forward to IT for > why they should not prohibit tunneling? > > Thanks, > David > >
Re: is ssh tunneling a security risk?
--- On Fri, 10/17/08, David M. Kaplan <[EMAIL PROTECTED]> wrote: > > What I am wondering is exactly what "security > risk" does an ssh tunnel > pose? I thought you used an ssh tunnel to enhance > security, not the > other way around. Can someone give me a reason why it is a > risk to > leave this open or give me good arguments that I can > forward to IT for > why they should not prohibit tunneling? > > Thanks, > David > The security of tunneling can be tightened a bit by doing a couple things: + force key authentication + have rules in the public keys limiting what can be forwarded: ie: permitopen="10.5.5.1:5000" Then make sure the user has no ability to modify the authorized_key (make the whole homedir owned by root). __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: is ssh tunneling a security risk?
Hi, Thanks for the comments. I guess I have two questions then: (1) is the current setup without tunnel much more secure? and (2) is there another approach that lets me get work done without the tunnel? Regarding the first, I can see two scenarios without a tunnel where you would have the same security problems/advantages. One is where someone gains access to my machine and then to the intermediary machine. That person then sets up some program that waits for me to make the second hop and then uses that somehow (I am just being hypothetical, I don't know how hard this would be, which is really the question, but I thought keyboard grabbing programs were a pretty standard part of the hackers toolbox). The other is that I can imagine it would be possible for me to somehow home brew a tunnel - once you can connect from A to B to C somehow, is it that difficult to run a program on A and B that makes connecting A to C transparent? For the second, the real problem is moving files around (though a graphical interface is occasionally a problem - you can double ssh -X/-Y I think, but I believe they have blocked this as well). I have limited disk space on machine B, but need to move large files around. Even if I had the disk space, moving them twice is a pain that tends to add a lot of extra time. Does anyone have a suggestion for solving this problem, even if it is a hack? And just to be more specific about my security setup, I don't just ssh to the intermediate machine. First you connect to a website with one username/password. At that site, you start a java application that makes a localhost:port ssh connection available that is really to a machine behind the firewall. Then you authenticate to that machine with a different username/password. Then you double ssh to the machine you want Thanks, David On Fri, 2008-10-17 at 11:02 -0700, AMuse wrote: > David: Among other tricks which can be played with SSH tunnels (for > good or ill, just the facts) are that if you set up your external host > to do "GatewayPorts yes" and open its firewall, you could accidentally > (or intentionally, from your ITSec groups' point of view) allow anyone > in the world to connect to your external host and traverse your SSH > tunnel, in reverse, to the inside of your corporate LAN. > > "Security risk" is always a subjective decision made by your IT Security > group based on your organizations' priorities, assets, data, etc -- but > my guess would be that if they feel it's a risk, it's probably due to > your potential to bypass corporate firewalls for incoming traffic. > > David M. Kaplan wrote: > > Hi, > > > > My IT department is really heavy on security. From outside the > > building, they have a rather complex system setup so that you can get > > around the firewall and ssh into a single machine. From there, you have > > to ssh into the machine you want to use. > > > > To simplify things, I have been using a tunnel to hop from my machine > > directly (through the tunnel) to the machine I want to use in the > > building. This has worked fine until a couple of days ago when IT > > decided to prohibit tunneling for "security reasons" (attempting to use > > the tunnel now responds with "channel 3: open failed: administratively > > prohibited: open failed"). This has made it almost impossible to work > > with the system. > > > > What I am wondering is exactly what "security risk" does an ssh tunnel > > pose? I thought you used an ssh tunnel to enhance security, not the > > other way around. Can someone give me a reason why it is a risk to > > leave this open or give me good arguments that I can forward to IT for > > why they should not prohibit tunneling? > > > > Thanks, > > David > > > > > > > -- ** David M. Kaplan Charge de Recherche 1 Institut de Recherche pour le Developpement Centre de Recherche Halieutique Mediterraneenne et Tropicale av. Jean Monnet B.P. 171 34203 Sete cedex France Phone: +33 (0)4 99 57 32 27 Fax: +33 (0)4 99 57 32 95 http://www.ur097.ird.fr/team/dkaplan/index.html **
Re: is ssh tunneling a security risk?
On Friday 17 October 2008, David M. Kaplan wrote: ... > you can get > around the firewall and ssh into a single machine. From there, you have > to ssh into the machine you want to use. ... > What I am wondering is exactly what "security risk" does an ssh tunnel > pose? I thought you used an ssh tunnel to enhance security First, yes, ssh-ing through the tunnel to an internal host is more secure than ssh-ing to the gate host and then ssh-ing to the internal host (the latter has a man-in-the-middle vuln. on the gateway). But... Allowing ssh-tunnels (from the admin-of-the-gate perspective) opens up for a lot more than the above (good) way of use. Take for instance a forgotten ssh-tunnel with no local-only restriction (-g) pointing somewhere sensitive (say an internal non-authenticated and/or unpatched wiki web or so...). /Peter signature.asc Description: This is a digitally signed message part.
Re: is ssh tunneling a security risk?
David: Among other tricks which can be played with SSH tunnels (for good or ill, just the facts) are that if you set up your external host to do "GatewayPorts yes" and open its firewall, you could accidentally (or intentionally, from your ITSec groups' point of view) allow anyone in the world to connect to your external host and traverse your SSH tunnel, in reverse, to the inside of your corporate LAN. "Security risk" is always a subjective decision made by your IT Security group based on your organizations' priorities, assets, data, etc -- but my guess would be that if they feel it's a risk, it's probably due to your potential to bypass corporate firewalls for incoming traffic. David M. Kaplan wrote: Hi, My IT department is really heavy on security. From outside the building, they have a rather complex system setup so that you can get around the firewall and ssh into a single machine. From there, you have to ssh into the machine you want to use. To simplify things, I have been using a tunnel to hop from my machine directly (through the tunnel) to the machine I want to use in the building. This has worked fine until a couple of days ago when IT decided to prohibit tunneling for "security reasons" (attempting to use the tunnel now responds with "channel 3: open failed: administratively prohibited: open failed"). This has made it almost impossible to work with the system. What I am wondering is exactly what "security risk" does an ssh tunnel pose? I thought you used an ssh tunnel to enhance security, not the other way around. Can someone give me a reason why it is a risk to leave this open or give me good arguments that I can forward to IT for why they should not prohibit tunneling? Thanks, David
Re: is ssh tunneling a security risk?
My experience... The ssh tunnel will allow you to bypass the web filters and download all the viruses and trojans without being noticed, until your machine sends out a million spam emails, and the IT guys notice it. Unfortunately I'm the IT guy, so I have to spend half a day fixing the machine. On Fri, Oct 17, 2008 at 05:23:19PM +0200, David M. Kaplan wrote: > Hi, > > My IT department is really heavy on security. From outside the > building, they have a rather complex system setup so that you can get > around the firewall and ssh into a single machine. From there, you have > to ssh into the machine you want to use. > > To simplify things, I have been using a tunnel to hop from my machine > directly (through the tunnel) to the machine I want to use in the > building. This has worked fine until a couple of days ago when IT > decided to prohibit tunneling for "security reasons" (attempting to use > the tunnel now responds with "channel 3: open failed: administratively > prohibited: open failed"). This has made it almost impossible to work > with the system. > > What I am wondering is exactly what "security risk" does an ssh tunnel > pose? I thought you used an ssh tunnel to enhance security, not the > other way around. Can someone give me a reason why it is a risk to > leave this open or give me good arguments that I can forward to IT for > why they should not prohibit tunneling? > > Thanks, > David > > > -- > ** > David M. Kaplan > Charge de Recherche 1 > Institut de Recherche pour le Developpement > Centre de Recherche Halieutique Mediterraneenne et Tropicale > av. Jean Monnet > B.P. 171 > 34203 Sete cedex > France > > Phone: +33 (0)4 99 57 32 27 > Fax: +33 (0)4 99 57 32 95 > http://www.ur097.ird.fr/team/dkaplan/index.html > ** > >
Re: is ssh tunneling a security risk?
Hi David, You say "This has made it almost impossible to work with the system"; If the new policy is prohibiting you from being completely productive then I think you have a case and you should escalate to decision makers in your company. If it adds a task to your procedure (ssh once, then ssh again) then most managers will say it's ok to do this to respect certain security requirements. I think that no matter how many reasons the list here gives you regarding ssh tunneling, I suggest that you have a 'friendly' chat with your IT security folks to get the reason behind their new policy. The one thing I can think of that your security department may use as argument is that people can use different internet services inside ssh tunnels through port forwarding and this can cause viruses and other malware to enter your network infrastructure. Cheers, -- Edmond Baroud IT Infrastructure Architect - Original Message > From: David M. Kaplan <[EMAIL PROTECTED]> > To: secureshell@securityfocus.com > Sent: Friday, October 17, 2008 11:23:19 AM > Subject: is ssh tunneling a security risk? > > Hi, > > My IT department is really heavy on security. From outside the > building, they have a rather complex system setup so that you can get > around the firewall and ssh into a single machine. From there, you have > to ssh into the machine you want to use. > > To simplify things, I have been using a tunnel to hop from my machine > directly (through the tunnel) to the machine I want to use in the > building. This has worked fine until a couple of days ago when IT > decided to prohibit tunneling for "security reasons" (attempting to use > the tunnel now responds with "channel 3: open failed: administratively > prohibited: open failed"). This has made it almost impossible to work > with the system. > > What I am wondering is exactly what "security risk" does an ssh tunnel > pose? I thought you used an ssh tunnel to enhance security, not the > other way around. Can someone give me a reason why it is a risk to > leave this open or give me good arguments that I can forward to IT for > why they should not prohibit tunneling? > > Thanks, > David > > > -- > ** > David M. Kaplan > Charge de Recherche 1 > Institut de Recherche pour le Developpement > Centre de Recherche Halieutique Mediterraneenne et Tropicale > av. Jean Monnet > B.P. 171 > 34203 Sete cedex > France > > Phone: +33 (0)4 99 57 32 27 > Fax: +33 (0)4 99 57 32 95 > http://www.ur097.ird.fr/team/dkaplan/index.html > ** __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: is ssh tunneling a security risk?
Hi, theres is nothing bad about the tunnel itself but the tunnel has an end that is outside the control of your IT. In other words you leave a door open. If someone gets into your outside machine he gains acces to the "secured zone". C 2008/10/17 David M. Kaplan <[EMAIL PROTECTED]>: > Hi, > > My IT department is really heavy on security. From outside the > building, they have a rather complex system setup so that you can get > around the firewall and ssh into a single machine. From there, you have > to ssh into the machine you want to use. > > To simplify things, I have been using a tunnel to hop from my machine > directly (through the tunnel) to the machine I want to use in the > building. This has worked fine until a couple of days ago when IT > decided to prohibit tunneling for "security reasons" (attempting to use > the tunnel now responds with "channel 3: open failed: administratively > prohibited: open failed"). This has made it almost impossible to work > with the system. > > What I am wondering is exactly what "security risk" does an ssh tunnel > pose? I thought you used an ssh tunnel to enhance security, not the > other way around. Can someone give me a reason why it is a risk to > leave this open or give me good arguments that I can forward to IT for > why they should not prohibit tunneling? > > Thanks, > David > > > -- > ** > David M. Kaplan > Charge de Recherche 1 > Institut de Recherche pour le Developpement > Centre de Recherche Halieutique Mediterraneenne et Tropicale > av. Jean Monnet > B.P. 171 > 34203 Sete cedex > France > > Phone: +33 (0)4 99 57 32 27 > Fax: +33 (0)4 99 57 32 95 > http://www.ur097.ird.fr/team/dkaplan/index.html > ** > > >
is ssh tunneling a security risk?
Hi, My IT department is really heavy on security. From outside the building, they have a rather complex system setup so that you can get around the firewall and ssh into a single machine. From there, you have to ssh into the machine you want to use. To simplify things, I have been using a tunnel to hop from my machine directly (through the tunnel) to the machine I want to use in the building. This has worked fine until a couple of days ago when IT decided to prohibit tunneling for "security reasons" (attempting to use the tunnel now responds with "channel 3: open failed: administratively prohibited: open failed"). This has made it almost impossible to work with the system. What I am wondering is exactly what "security risk" does an ssh tunnel pose? I thought you used an ssh tunnel to enhance security, not the other way around. Can someone give me a reason why it is a risk to leave this open or give me good arguments that I can forward to IT for why they should not prohibit tunneling? Thanks, David -- ** David M. Kaplan Charge de Recherche 1 Institut de Recherche pour le Developpement Centre de Recherche Halieutique Mediterraneenne et Tropicale av. Jean Monnet B.P. 171 34203 Sete cedex France Phone: +33 (0)4 99 57 32 27 Fax: +33 (0)4 99 57 32 95 http://www.ur097.ird.fr/team/dkaplan/index.html **