[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSh Tunnel Over Squid

On Fri, May 13, 2005 at 07:38:31PM +0200, Anders Breindahl wrote:
> Not an answer and non-technical:
> What is your motivation for actually stopping this tunneling? What harm does 
> it do to your network, both from a juristidical and a technical 
> point-of-view?
> I am asking out of interest, as I could easily be that fellow behind your 
> gateway, merely wanting to do some secure communication -- something which 
> your setup to a large extent prevents me from.

Most entities that have a firewall are trying to protect their networked
resources from 'outsiders'. An ssh tunnel can be configured to bypass that
same firewall, allowing unrestricted access into the firewalled areas.
Also, most sites that have firewalls and proxies have an acceptable use
policy that forbids/restricts access to certain type of sites from
business-owned machines, or during normal work hours. It could be a simple
matter of security policy enforcement.

For us, all the above applies, and also we try to keep the exfiltration of
proprietary research data from happening until the results are offically


Tim Sailer <sailer@bnl.gov> 
Information and Special Technologies Program
Office of CounterIntelligence 
Brookhaven National Laboratory  (631) 344-3001

Reply to: