[TriLUG] blocking outbound port 22

Keith Woodie via TriLUG trilug at trilug.org
Fri Oct 9 00:20:00 EDT 2015


I have worked in places that allow SSH out and places that only allow web
proxy traffic outbound. In the grand scheme of it all it is probably best
from a security perspective to block it. All of us know how easy it is to
bypass arbitrary rules with non-default ports and SSH. In the age of
security breaches I can honestly say that if I were the security admin I
would block it too and only allow web proxy traffic.




On Thu, Oct 8, 2015 at 3:45 PM bak via TriLUG <trilug at trilug.org> wrote:

> Yes indeed. Certainly it’s an issue where I find it easy to see both sides.
>
> —bak
>
> > On Oct 8, 2015, at 15:39, William Sutton <william at trilug.org> wrote:
> >
> > some places take data seepage very seriously.  where I work, they've
> pushed out (via Windows GPO) software that automatically encrypts any USB
> keys that get plugged into a workstation.  Which kills transferring
> firmware from your PC to an appliance, but also keeps you from handing off
> sensitive information to someone less than trustworthy.
> >
> > William Sutton
> >
> > On Thu, 8 Oct 2015, bak via TriLUG wrote:
> >
> >> Long ago in a far away land when I was but a nerdling, I was let go
> from a (rather terrible temporary) job for doing this.
> >>
> >> These days I would have just used the data connection I carry around in
> my pocket all the time.
> >>
> >> —bak
> >>
> >>> On Oct 8, 2015, at 10:44, Matt Flyer via TriLUG <trilug at trilug.org>
> wrote:
> >>> This sounds like a perfect place to test the application Corkscrew:
> >>>
> http://www.techrepublic.com/blog/linux-and-open-source/using-corkscrew-to-tunnel-ssh-over-http/
> >>> " If you are in an environment that disallows the use of SSH and forces
> >>> the use of an HTTP proxy, it is possible to use that HTTP proxy as a
> >>> transport for SSH."
> >>> I worked at a place that was absurdly totalitarian with regards to
> their
> >>> web proxy.  As a design engineer I would frequently research technical
> >>> information and they would even block categorically university sites,
> >>> where you can get a lot of technical papers, as "educational sites
> >>> prohibited".
> >>> Using SSH to tunnel out of there was the quick and obvious answer.
> >>> Blocking port 22 simply makes the case for moving SSH to a non standard
> >>> port, the old security through obscurity line.
> >>>> port ssh , can be easily used for tunneling
> >>>> I think, web proxy is in the blacklist for security reason.
> >>>> On Wed, Oct 7, 2015 at 5:22 PM, Ken Mink via TriLUG <
> trilug at trilug.org>
> >>>> wrote:
> >>>>> Sent from my iPhone
> >>>>>> On Oct 7, 2015, at 16:52, Wes Garrison via TriLUG <
> trilug at trilug.org>
> >>>>> wrote:
> >>>>>> I ran into a situation today I've never seen before.
> >>>>>> I was working at an engineering firm and their IT guy had all
> outbound
> >>>>>> traffic on port 22 blocked.
> >>>>>> Is there any sane reason to do this?
> >>>>>> I can't think of any reason to block SSH, but maybe I'm missing
> >>>>> something.
> >>>>>> -Wes
> >>>>> Sure, internal security policies. One place I worked had ALL outbound
> >>>>> traffic blocked. The only way out was web proxy, which also had quite
> >>>>> the
> >>>>> blacklist.
> >>>>> Ken
> >>> --
> >>> This message was sent to: bak at picklefactory.org <bak at picklefactory.org
> >
> >>> To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that address.
> >>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> >>> Unsubscribe or edit options on the web      :
> http://www.trilug.org/mailman/options/trilug/bak%40picklefactory.org
> >>> Welcome to TriLUG: http://trilug.org/welcome
> >>
> >> --
> >> This message was sent to: William <william at trilug.org>
> >> To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that address.
> >> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> >> Unsubscribe or edit options on the web       :
> http://www.trilug.org/mailman/options/trilug/william%40trilug.org
> >> Welcome to TriLUG: http://trilug.org/welcome
>
> --
> This message was sent to: Keith Woodie <kwoodie at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/kwoodie%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome


More information about the TriLUG mailing list