|
Firewall Wizards
mailing list archives
Re: SSH question
From: Adam Shostack <adam () homeport org>
Date: Tue, 7 Apr 1998 09:06:27 -0400 (EDT)
Well, with a small amount of compitency and ssh, you've lost the
ability to control any outbound data at the firewall. It can all be
tunnelled over ssh. And SSH can be tunneled via most companies' SSL
'proxies.'
Mind you, I don't see this as a problem, because thinking your
firewall controlled outbound data flow was always silly. Its just
becoming sillier and sillier.
Note that if you allow inbound ssh, to a workstation, they can use
that to proxy just about anything, but if you allow inbound access to
any machine where someone who you don't trust has root, they can be a
proxy.
Adam
Roy Stevens wrote:
| I have started research into running ssh across the INTERNET.
| My preliminary research has shown much promise.
|
| I would appreciate any feedback on this.
|
| I am particularly interested in firewall issues, i.e. proxy or IP
| forwarding problems.
|
| Thanks for any correspondence.
|
| TOBOR
|
--
Just be thankful that Microsoft does not manufacture pharmaceuticals.
 By Date 
By Thread
Current thread:
- SSH question Roy Stevens (Apr 06)
- Re: SSH question Adam Shostack (Apr 08)
|
Intro
