Re: is ssh tunneling a security risk?
For every response I've seen, analysts address the protection of the
network in-bound, like web avoidance and tunnel hijacking. What if your
security team is stringent due to the inability to see the data you
might be releasing out-bound. If you are using tunnels, it is beyond
their control to prevent you from sending intellectual property, trade
secrets, or otherwise from within the company -> out. In other words,
egress control. It could be that HIPAA, SOX, GBLA, PCI or some other
legal compliance requirement (whatever laws are in force in France) is
forcing IT to shut down what they cannot monitor with regards to
protected data exchange.
David M. Kaplan wrote:[color=blue]
> My IT department is really heavy on security. From outside the
> building, they have a rather complex system setup so that you can get
> around the firewall and ssh into a single machine. From there, you have
> to ssh into the machine you want to use.
> To simplify things, I have been using a tunnel to hop from my machine
> directly (through the tunnel) to the machine I want to use in the
> building. This has worked fine until a couple of days ago when IT
> decided to prohibit tunneling for "security reasons" (attempting to use
> the tunnel now responds with "channel 3: open failed: administratively
> prohibited: open failed"). This has made it almost impossible to work
> with the system.
> What I am wondering is exactly what "security risk" does an ssh tunnel
> pose? I thought you used an ssh tunnel to enhance security, not the
> other way around. Can someone give me a reason why it is a risk to
> leave this open or give me good arguments that I can forward to IT for
> why they should not prohibit tunneling?