And for having a policy: it is more secure to have a white list on what is allowed than to have a black list on what is not allowed.Īsking how to secure ssh opens a can of worms, here are those worms. ![]() Thus focusing on a single vector do prevent data leakage or to prevent the attacker entering the network is IMHO the wrong way. Such data transports can also be done using normal HTTP/HTTPS, can be done with USB sticks etc. These tunnels are nothing but a tool to transport data between inside and outside. But such analysis might be easily confused with today's common WebSockets traffic.Īt the end it is a race and you should ask yourself why you focus on SSH tunnels anyway. This is much harder to detect although some statistical analysis might help because SSH shows a different behavior than normal HTTP traffic. This leaves the possibility to tunnel SSH inside some other protocol, like simply creating a tunnel through the proxy using a CONNECT request or even hiding the SSH connection within a full TLS connection, using plain HTTP, using WebSockets, with DNS or similar. But you could also simply enforce the use of a HTTP proxy inside the network which makes the use of plain SSH impossible. ![]() ssh -p80.) can be detected by looking at the first response packet already which contains the SSH version and not the HTTP version or the TLS ServerHello. SSH traffic simply tunneled through port 80 or 443 (i.e. SSH traffic looks different from HTTP and HTTPS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |