Results 1 to 6 of 6

Thread: ssh tunnel security questions?

  1. #1
    Join Date
    Jan 2008
    Beans
    8

    ssh tunnel security questions?

    I created 2 ssh tunnels [ssh -R 2000:localhost:22 user@box] :
    tunnel 1 = corpbox to homebox , tunnel 2 = homebox to corpbox

    I open my firewall port 22 temporarily to set up.

    My tunnels go through the closed ports on corp and home firewalls.

    I check from a friends pc and did a free web port scan. All ports closed.

    My ssh connections look secure, but if someone assumed traffic was going through on port 22 could they piggyback in somehow?

    How hard is my tunnel traffic to identify for the corp IT guys if they notice it?

    Any help is appreciated.

  2. #2
    Join Date
    Feb 2010
    Location
    In My Food Forest
    Beans
    9,318

    Re: ssh tunnel security questions?

    Network security professionals in a corporate environment will have no problems spotting the ssh protocol. It they have their NIDS set to detect it, then I am sure they already know you are using it or they will when you do use it.

    All they have to do is blacklist your IP and your ssh tunnel will be broken.

    If you are breaking their rules, then ask yourself if it is worth getting fired for.
    Cheers & Beers, uRock
    [SIGPIC][/SIGPIC]

  3. #3
    Join Date
    Mar 2007
    Location
    Outer Milky Way
    Beans
    Hidden!
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: ssh tunnel security questions?

    Quote Originally Posted by uRock View Post
    Network security professionals in a corporate environment will have no problems spotting the ssh protocol. It they have their NIDS set to detect it, then I am sure they already know you are using it or they will when you do use it.

    All they have to do is blacklist your IP and your ssh tunnel will be broken.

    If you are breaking their rules, then ask yourself if it is worth getting fired for.
    I was an independent contractor with my own computer running an SSH tunnel behind a corporate firewall. They shut down my SSH tunnel so that I could no longer work. I quit on the spot.

    When corporate security is that tight, it's time to find another job. It means the corporation does not know the difference between security and closure. It's one thing if they have "rules" against it (which I highly doubt); it's another when they just don't have a sensible security paradigm (which happens more often than discussed).

    Too much security in computing means an inability to function.
    Last edited by perspectoff; February 14th, 2011 at 01:14 AM.

    UbuntuGuide/KubuntuGuide

    Right now the killer is being surrounded by a web of deduction, forensic science,
    and the latest in technology such as two-way radios and e-mail.

  4. #4
    Join Date
    Feb 2010
    Location
    In My Food Forest
    Beans
    9,318

    Re: ssh tunnel security questions?

    Quote Originally Posted by perspectoff View Post
    I was an independent contractor with my own computer running an SSH tunnel behind a corporate firewall. They shut down my SSH tunnel so that I could no longer work. I quit on the spot.

    When corporate security is that tight, it's time to find another job. It means the corporation does not know the difference between security and closure. It's one thing if they have "rules" against it (which I highly doubt); it's another when they just don't have a sensible security paradigm (which happens more often than discussed).

    Too much security in computing means an inability to function.
    Depends on the situation. If you work at an office that handles highly classified information, then you want to make sure people aren't sneaking info out. As world news has recently proven, people with security clearances are willing to break the law for a few bucks.

    I see no reason for someone to use ssh for personal means at an office complex.

    The "rules" against it may be along the lines of not allowing employees to check personal email or play apps on Facebook, which we know there are people out there who'd be willing to go through the trouble to do this via a ssh tunnel.

    Back on topic, creating an NIDS that detects ssh is easy and blocking it is easy.
    Cheers & Beers, uRock
    [SIGPIC][/SIGPIC]

  5. #5
    Join Date
    Jan 2008
    Beans
    8

    Re: ssh tunnel security questions?

    Thank you for the info. I will turn off my tunnel for now.


    Can I reroute ssh through port 80 to avoid detection?

  6. #6
    Join Date
    Feb 2010
    Location
    In My Food Forest
    Beans
    9,318

    Re: ssh tunnel security questions?

    Quote Originally Posted by riksaga View Post
    Can I reroute ssh through port 80 to avoid detection?
    That's not within the scope of the forums.

    Sorry,
    uRock

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •