Re: blocking/monitoring ssh

[Magosányi Árpád <mag () bunuel tii matav hu>]

A levelezőm azt hiszi, hogy J. Eric Townsend a következőeket írta:
> sean.kelly () lanston com writes:
> > > From: Gregory Hicks [mailto:ghicks () cadence com]
> > > With ssh, the data stream is encrypted at the users workstation and
> > > tunnels 'through' the firewall so we never get a chance to monitor it.
> > And neither does a hacker, which is kind of the point.
>
> Recently, one of our users decided our VPN was cumbersome and decided
> to do the ssh/tunnel trick between a machine behind our firewall and
> his home linux system.
>
> The only reason I discovered this is that virtually nobody here uses
> SSH *and* I was the only person in the building late one night while
> making some network changes.  "Hm.  SSH traffic when nobody's in the
> building?  That can't be good."
>
> I can't turn SSH off, however, since we rely on it for many projects.
>
> Do I have an answer?  No.  But I don't think either extreme is a good
> solution.

-You can restrict the usage of ssh either by filtering it based on IP
addresses or by out-band authentication.
-You can do a bastion setup described earlier, and disable port forwarding
on it. [Or write the ssh proxy or wait while someone writes it.]

-- 
GNU GPL: csak tiszta forrásból

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards