Hosting Provided By

Re: Securing ssh tunnels.

From: Greg A. Woods <woods(at)weird.com>
Date: Sun Jun 29 2003 - 03:04:28 EDT

[ On Friday, June 27, 2003 at 15:55:52 (-0700), Roy S. Rapoport wrote: ]
> Subject: Re: Securing ssh tunnels.
>
> The goal in any sort of security mechanism is to make the
> cost of penetration high enough that the benefit is not worth it.

I think you're confusing the issues of covert channels with the issues of authentication and accountability.

> So yes, people may be able to use covert channels to communicate even if
> you block SSH, but it's an added cost

No, not at any added cost. None whatsoever. Covert channels are just to prevalent and too easy to use -- anyone relying on SSH to implement them doesn't understand what they're trying to do and is bound to get caught (assuming anyone's looking for them) because of other mistakes anyway.

Blocking SSH (and/or SSL and/or IPsec) is just plain stupid, especially for a financial institution where information privacy should be a major concern. Poorly trained security officers are just as likely to make it easier for spies to gather information (without having to resort to inside assistane and covert channels), rather than more difficult.

-- 
								Greg A. Woods

+1 416 218-0098;            ;           
Planix, Inc. ; VE3TCP; Secrets of the Weird

Received on Sun Jun 29 10:59:16 2003

This message: [ Message body ]
Next message: Brian Hatch: "Re: SSH Mac to PC"
Previous message: Chris Dos: "End of my rope"
In reply to: Roy S. Rapoport: "Re: Securing ssh tunnels."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:00 EDT