Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] preventing SSH tunnels

from Ray [Permanent Link]
Subject: Re: [FW-1] preventing SSH tunnels
From: Ray <sixsigma44 AT HOTMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Mon, 16 Jan 2006 10:21:53 -0500
A. Bring it to management's attention and fire them fo violating a company policy, if you have one that prohibits unauthorized remote access conections. Examples go a long way to stopping future problems.
B. Find out why the company-provided remote access system us not working for them. Just telling them you noticed may stop it, but only for them.
C. Implement "default deny" on all outbound connections as you noted. I monitored everything for two months and set up my "allowed" rules and then hammered everything else.
D. Implement a proxy server and only allow 80 & 443 outbound from the proxy server IP address. 

E. B, C, & D.

Ray


From: Tom Brown <tom.brown AT GOODTECHNOLOGY DOT COM>
Reply-To: Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM> 
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] preventing SSH tunnels
Date: Mon, 16 Jan 2006 14:40:19 +0000

Hi

AI R55 on SPLAT and we have smart defence
We have a situation where it has become apparent that a user has setup ssh tunneling from their desktop OUT to their home machine so that they can reverse tunnel and gain access to our internal LAN without using secure remote as their desktops at either end is Linux.
I could stop them doing this by dropping outbound ssh connections apart from to destinations i trust however i believe they would just try to tunnel ssh over port 80 or someother such port we could not lock down. Anyone know how we can stop this apart from shooting the user? 

thanks

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Gurus in this list. Please help, cisco4ng
Next by Date:  [FW-1] Secure Client question, Marius Banica
Previous by Thread:  [FW-1] preventing SSH tunnels, Tom Brown
Next by Thread:  Re: [FW-1] preventing SSH tunnels, cisco4ng
Indexes:  [Date] [Thread] [Top] [All Lists]