My experience...

The ssh tunnel will allow you to bypass the web filters and
download all the viruses and trojans without being noticed,
until your machine sends out a million spam emails, and the
IT guys notice it.

Unfortunately I'm the IT guy, so I have to spend half a day
fixing the machine.

On Fri, Oct 17, 2008 at 05:23:19PM +0200, David M. Kaplan wrote:
> Hi,
>
> My IT department is really heavy on security. From outside the
> building, they have a rather complex system setup so that you can get
> around the firewall and ssh into a single machine. From there, you have
> to ssh into the machine you want to use.
>
> To simplify things, I have been using a tunnel to hop from my machine
> directly (through the tunnel) to the machine I want to use in the
> building. This has worked fine until a couple of days ago when IT
> decided to prohibit tunneling for "security reasons" (attempting to use
> the tunnel now responds with "channel 3: open failed: administratively
> prohibited: open failed"). This has made it almost impossible to work
> with the system.
>
> What I am wondering is exactly what "security risk" does an ssh tunnel
> pose? I thought you used an ssh tunnel to enhance security, not the
> other way around. Can someone give me a reason why it is a risk to
> leave this open or give me good arguments that I can forward to IT for
> why they should not prohibit tunneling?
>
> Thanks,
> David
>
>
> --
> **********************************
> David M. Kaplan
> Charge de Recherche 1
> Institut de Recherche pour le Developpement
> Centre de Recherche Halieutique Mediterraneenne et Tropicale
> av. Jean Monnet
> B.P. 171
> 34203 Sete cedex
> France
>
> Phone: +33 (0)4 99 57 32 27
> Fax: +33 (0)4 99 57 32 95
> http://www.ur097.ird.fr/team/dkaplan/index.html
> **********************************
>
>