| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Sep | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
ssh is an evil of network security. I’m currently onsite at a customer that allows ssh outbound. Why? I’m not sure. But this is not the first customer that I’ve been to that did. Like many others they have sophisticated anti-spam, DLP, content filtering, proxies, firewalls, and ips in place. And then they screw the whole thing up with ssh.
Never allow this.
I’m currently circumventing their anti-spam, DLP, content filtering, proxies, firewalls, and ips by forwarding my traffic through an ssh tunnel I created to my home network. I’m using portable apps to do it, so there should be nothing left behind after I leave. And although my intent is not malicious it shouldn’t be possible. I’ve even got xwindows running from my ubuntu box. So the tunnel runs bi-directional. I could make it permanent. Earlier I was running metasploit through it. This is ridiculous.
Allowing ssh is too trusting. The should just eliminate the anti-spam, DLP, content filtering, proxies, firewalls, and ips and save their money.
You must be logged in to post a comment.