advertisement

Article:
  Inside SSH, Part 4
Subject:   I return often . . .
Date:   2006-05-29 03:48:41
From:   F.J.
Response to: I return often . . .

Rbannon,


Thank you for your kind words, they are much appreciated! I am glad the article is of interest to you.


The article you link to is indeed most interesting. It is true that the advice I endeavored to outline here, while good for a start, certainly should not be considered as the ultimate in security for state secrets and it would be dangerous to enable SSH on all secure servers, even by using a strong key-based authentication mechanism.


The article you mention however mostly mention misuse of SSH tunnels by users who forget that, even though SSH encrypts the connection between two machines, it does create a connection. In this regard, linking a secure server to an insecure server, no matter how strong the channel is still opens up ways for an attacker already "owning" the insecure server to crawl its way up into the secure zone of your network (if I am permitted to use such an image).


The advice outlined there certainly is not to be downplayed. It remains however (at least in this part of the series) focused on one problem that has much to do with carefree port forwarding.


FJ


1 to 2 of 2
  1. I return often . . .
    2009-02-12 04:41:59  rbannon@mac.com [View]

  2. I return often . . .
    2007-01-21 20:23:15  rbannon@mac.com [View]

1 to 2 of 2