OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: dogintop.net
Date: Thu Aug 23 2001 - 13:57:19 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    there should not be any security risks in allowing outgoing ssh
    connections. generally, you want your firewall to stop incoming
    connections, and usually not worry about outgoing connections, unless you
    are just overly paranoid and/or restrictive and dont want users on your
    network to be able to access services outside your network for whatever
    reason. i would bet that outgoing ssh connects are not even blocked on
    your firewall but if all outgoing requests have to first go through a
    proxy then to the internet, that might be blocking it. is the proxy also
    the gateway, or is the gateway a seperate machine on a different subnet or
    network? if its a seperate machine on the same network and you know the
    ip address, try changing your default route to that ip and see if ssh is
    blocked for outgoing connections. ignore any of this information if your
    network admin is particularly hostile and would go crazy if you bypassed
    the proxy.

    On Thu, 23 Aug 2001, Frank Rabe wrote:

    >Hi All
    >
    >I would like to install a ssh client software on a win2000 system,
    >which is connected through Unix firewall with the internet. The
    >services available are email (read - pop3, send - smtp). Other then
    >that only a proxy for http and ftp through a browser is available.
    >The admin refuse to open the ssh port for security reasons, so I need
    >some information from experts. ;-)
    >What would be the decrease in security, if the admin would open
    >the ssh port on the firewall for an outgoing ssh service?
    >Would it be possible to just allow outgoing ssh, but to block incoming
    >ssh requests by the firewall, so that ssh won't introduce any new
    >attacing risks?
    >Any other ideas to be able to use ssh outgoing?
    >
    >TIA
    >Frank
    >
    >--
    >--------------- Power Over Information --------------
    >Frank.Rabeempress.de Empress Software GmbH
    >Phone: +49 (0)40 521 129-0 Web: www.empress.de
    >
    >--
    >To unsubscribe, e-mail: suse-security-unsubscribesuse.com
    >For additional commands, e-mail: suse-security-helpsuse.com
    >

    Chad Whitten
    Network/Systems Administrator
    Nexband Communications
    chadwicknexband.com 

    -- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com