[TriLUG] blocking outbound port 22

Tim Jowers via TriLUG trilug at trilug.org
Fri Oct 9 09:00:24 EDT 2015 

Funny. When I was at Wells the programmers had two computers. One they
routed through their phones to look stuff up. Wells was locked down pretty
tightly. When I was at Bank of America the systems were locked down but
select people were allowed to transfer files out. For instance, the iOS
programmers both had unlocked USB and also a public share where they could
transfer files with the vendor. So, the rules which exist were enforced on
some staff but overlooked and ignored for the outsourced staff (who
actually sat onsite :-). The irony is once off the bank's network the
laptop could still connect to a network and perform unscanned http/https.
The bigger irony is Android and Windows mobile development opens a hole to
write to devices. The security team was more of a bureaucracy than
engineers. Personally, I never messed with it but seems someone could just
encrypt a document and do an https upload and that would be untrackable.
Amazingly, they could even print it out and walk out of the door. Oh my!

Good point about the patents. hadn't realized that. I've worked with
several patent hobbyists. One hoodwinking manager I had at BofA couldn't
program his way out of a hello world but claimed many patents. Probably
each was worthless or he patented something someone else had done.

Cheers,
Tim

On Fri, Oct 9, 2015 at 12:20 AM, Keith Woodie via TriLUG <trilug at trilug.org>
wrote:

> I have worked in places that allow SSH out and places that only allow web
> proxy traffic outbound. In the grand scheme of it all it is probably best
> from a security perspective to block it. All of us know how easy it is to
> bypass arbitrary rules with non-default ports and SSH. In the age of
> security breaches I can honestly say that if I were the security admin I
> would block it too and only allow web proxy traffic.
>
>
>
>
> On Thu, Oct 8, 2015 at 3:45 PM bak via TriLUG <trilug at trilug.org> wrote:
>
> > Yes indeed. Certainly it’s an issue where I find it easy to see both
> sides.
> >
> > —bak
> >
> > > On Oct 8, 2015, at 15:39, William Sutton <william at trilug.org> wrote:
> > >
> > > some places take data seepage very seriously.  where I work, they've
> > pushed out (via Windows GPO) software that automatically encrypts any USB
> > keys that get plugged into a workstation.  Which kills transferring
> > firmware from your PC to an appliance, but also keeps you from handing
> off
> > sensitive information to someone less than trustworthy.
> > >
> > > William Sutton
> > >
> > > On Thu, 8 Oct 2015, bak via TriLUG wrote:
> > >
> > >> Long ago in a far away land when I was but a nerdling, I was let go
> > from a (rather terrible temporary) job for doing this.
> > >>
> > >> These days I would have just used the data connection I carry around
> in
> > my pocket all the time.
> > >>
> > >> —bak
> > >>
> > >>> On Oct 8, 2015, at 10:44, Matt Flyer via TriLUG <trilug at trilug.org>
> > wrote:
> > >>> This sounds like a perfect place to test the application Corkscrew:
> > >>>
> >
> http://www.techrepublic.com/blog/linux-and-open-source/using-corkscrew-to-tunnel-ssh-over-http/
> > >>> " If you are in an environment that disallows the use of SSH and
> forces
> > >>> the use of an HTTP proxy, it is possible to use that HTTP proxy as a
> > >>> transport for SSH."
> > >>> I worked at a place that was absurdly totalitarian with regards to
> > their
> > >>> web proxy.  As a design engineer I would frequently research
> technical
> > >>> information and they would even block categorically university sites,
> > >>> where you can get a lot of technical papers, as "educational sites
> > >>> prohibited".
> > >>> Using SSH to tunnel out of there was the quick and obvious answer.
> > >>> Blocking port 22 simply makes the case for moving SSH to a non
> standard
> > >>> port, the old security through obscurity line.
> > >>>> port ssh , can be easily used for tunneling
> > >>>> I think, web proxy is in the blacklist for security reason.
> > >>>> On Wed, Oct 7, 2015 at 5:22 PM, Ken Mink via TriLUG <
> > trilug at trilug.org>
> > >>>> wrote:
> > >>>>> Sent from my iPhone
> > >>>>>> On Oct 7, 2015, at 16:52, Wes Garrison via TriLUG <
> > trilug at trilug.org>
> > >>>>> wrote:
> > >>>>>> I ran into a situation today I've never seen before.
> > >>>>>> I was working at an engineering firm and their IT guy had all
> > outbound
> > >>>>>> traffic on port 22 blocked.
> > >>>>>> Is there any sane reason to do this?
> > >>>>>> I can't think of any reason to block SSH, but maybe I'm missing
> > >>>>> something.
> > >>>>>> -Wes
> > >>>>> Sure, internal security policies. One place I worked had ALL
> outbound
> > >>>>> traffic blocked. The only way out was web proxy, which also had
> quite
> > >>>>> the
> > >>>>> blacklist.
> > >>>>> Ken
> > >>> --
> > >>> This message was sent to: bak at picklefactory.org <
> bak at picklefactory.org
> > >
> > >>> To unsubscribe, send a blank message to trilug-leave at trilug.org from
> > that address.
> > >>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > >>> Unsubscribe or edit options on the web      :
> > http://www.trilug.org/mailman/options/trilug/bak%40picklefactory.org
> > >>> Welcome to TriLUG: http://trilug.org/welcome
> > >>
> > >> --
> > >> This message was sent to: William <william at trilug.org>
> > >> To unsubscribe, send a blank message to trilug-leave at trilug.org from
> > that address.
> > >> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > >> Unsubscribe or edit options on the web       :
> > http://www.trilug.org/mailman/options/trilug/william%40trilug.org
> > >> Welcome to TriLUG: http://trilug.org/welcome
> >
> > --
> > This message was sent to: Keith Woodie <kwoodie at gmail.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that
> > address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web  :
> > http://www.trilug.org/mailman/options/trilug/kwoodie%40gmail.com
> > Welcome to TriLUG: http://trilug.org/welcome
> --
> This message was sent to: timjowers <timjowers at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/timjowers%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list