[TriLUG] blocking outbound port 22
matt@noway2.thruhere.net via TriLUG
trilug at trilug.org
Fri Oct 9 10:09:54 EDT 2015
One of the funny things about patents and educational sites is that if its in a text book, its considered public domain and the patent is busted.
------ Original message------From: tj via TriLUGDate: Fri, Oct 9, 2015 9:59 AMTo: Tim Jowers;Triangle Linux Users Group General Discussion;Subject:Re: [TriLUG] blocking outbound port 22
speaking on patents systemthe system is already broken for a long time :Dmy coworker scores many patents that easy to get via company funding.make any non-sense patents and you will get through it :DI can not discuss those patents, but the patents are easy pie and someare non-sense at reality(in innovation).interested?sorry for my side talk.On Fri, Oct 9, 2015 at 9:00 AM, Tim Jowers via TriLUG wrote:> Funny. When I was at Wells the programmers had two computers. One they> routed through their phones to look stuff up. Wells was locked down pretty> tightly. When I was at Bank of America the systems were locked down but> select people were allowed to transfer files out. For instance, the iOS> programmers both had unlocked USB and also a public share where they could> transfer files with the vendor. So, the rules which exist were enforced on> some staff but overlooked and ignored for the outsourced staff (who> actually sat onsite :-). The irony is once off the bank's network the> laptop could still connect to a network and perform unscanned http/https.> The bigger irony is Android and Windows mobile development opens a hole to> write to devices. The security team was more of a bureaucracy than> engineers. Personally, I never messed with it but seems someone could just> encrypt a document and do an https upload and that would be untrackable.> Amazingly, they could even print it out and walk out of the door. Oh my!>> Good point about the patents. hadn't realized that. I've worked with> several patent hobbyists. One hoodwinking manager I had at BofA couldn't> program his way out of a hello world but claimed many patents. Probably> each was worthless or he patented something someone else had done.>> Cheers,> Tim>> On Fri, Oct 9, 2015 at 12:20 AM, Keith Woodie via TriLUG <> trilug at trilug.org>> wrote:>> > I have worked in places that allow SSH out and places that only allow web> > proxy traffic outbound. In the grand scheme of it all it is probably best> > from a security perspective to block it. All of us know how easy it is to> > bypass arbitrary rules with non-default ports and SSH. In the age of> > security breaches I can honestly say that if I were the security admin I> > would block it too and only allow web proxy traffic.> >> >> >> >> > On Thu, Oct 8, 2015 at 3:45 PM bak via TriLUG wrote:> >> > > Yes indeed. Certainly it’s an issue where I find it easy to see both> > sides.> > >> > > —bak> > >> > > > On Oct 8, 2015, at 15:39, William Sutton wrote:> > > >> > > > some places take data seepage very seriously. where I work, they've> > > pushed out (via Windows GPO) software that automatically encrypts any> USB> > > keys that get plugged into a workstation. Which kills transferring> > > firmware from your PC to an appliance, but also keeps you from handing> > off> > > sensitive information to someone less than trustworthy.> > > >> > > > William Sutton> > > >> > > > On Thu, 8 Oct 2015, bak via TriLUG wrote:> > > >> > > >> Long ago in a far away land when I was but a nerdling, I was let go> > > from a (rather terrible temporary) job for doing this.> > > >>> > > >> These days I would have just used the data connection I carry around> > in> > > my pocket all the time.> > > >>> > > >> —bak> > > >>> > > >>> On Oct 8, 2015, at 10:44, Matt Flyer via TriLUG >> > > wrote:> > > >>> This sounds like a perfect place to test the application Corkscrew:> > > >>>> > >> >> http://www.techrepublic.com/blog/linux-and-open-source/using-corkscrew-to-tunnel-ssh-over-http/> > > >>> " If you are in an environment that disallows the use of SSH and> > forces> > > >>> the use of an HTTP proxy, it is possible to use that HTTP proxy as> a> > > >>> transport for SSH."> > > >>> I worked at a place that was absurdly totalitarian with regards to> > > their> > > >>> web proxy. As a design engineer I would frequently research> > technical> > > >>> information and they would even block categorically university> sites,> > > >>> where you can get a lot of technical papers, as "educational sites> > > >>> prohibited".> > > >>> Using SSH to tunnel out of there was the quick and obvious answer.> > > >>> Blocking port 22 simply makes the case for moving SSH to a non> > standard> > > >>> port, the old security through obscurity line.> > > >>>> port ssh , can be easily used for tunneling> > > >>>> I think, web proxy is in the blacklist for security reason.> > > >>>> On Wed, Oct 7, 2015 at 5:22 PM, Ken Mink via TriLUG <> > > trilug at trilug.org>> > > >>>> wrote:> > > >>>>> Sent from my iPhone> > > >>>>>> On Oct 7, 2015, at 16:52, Wes Garrison via TriLUG <> > > trilug at trilug.org>> > > >>>>> wrote:> > > >>>>>> I ran into a situation today I've never seen before.> > > >>>>>> I was working at an engineering firm and their IT guy had all> > > outbound> > > >>>>>> traffic on port 22 blocked.> > > >>>>>> Is there any sane reason to do this?> > > >>>>>> I can't think of any reason to block SSH, but maybe I'm missing> > > >>>>> something.> > > >>>>>> -Wes> > > >>>>> Sure, internal security policies. One place I worked had ALL> > outbound> > > >>>>> traffic blocked. The only way out was web proxy, which also had> > quite> > > >>>>> the> > > >>>>> blacklist.> > > >>>>> Ken> > > >>> --> > > >>> This message was sent to: bak at picklefactory.org <> > bak at picklefactory.org> > > >> > > >>> To unsubscribe, send a blank message to trilug-leave at trilug.org> from> > > that address.> > > >>> TriLUG mailing list :> http://www.trilug.org/mailman/listinfo/trilug> > > >>> Unsubscribe or edit options on the web :> > > http://www.trilug.org/mailman/options/trilug/bak%40picklefactory.org> > > >>> Welcome to TriLUG: http://trilug.org/welcome> > > >>> > > >> --> > > >> This message was sent to: William > > > >> To unsubscribe, send a blank message to trilug-leave at trilug.org> from> > > that address.> > > >> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug> > > >> Unsubscribe or edit options on the web :> > > http://www.trilug.org/mailman/options/trilug/william%40trilug.org> > > >> Welcome to TriLUG: http://trilug.org/welcome> > >> > > --> > > This message was sent to: Keith Woodie > > > To unsubscribe, send a blank message to trilug-leave at trilug.org from> > that> > > address.> > > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug> > > Unsubscribe or edit options on the web :> > > http://www.trilug.org/mailman/options/trilug/kwoodie%40gmail.com> > > Welcome to TriLUG: http://trilug.org/welcome> > --> > This message was sent to: timjowers > > To unsubscribe, send a blank message to trilug-leave at trilug.org from> that> > address.> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug> > Unsubscribe or edit options on the web :> > http://www.trilug.org/mailman/options/trilug/timjowers%40gmail.com> > Welcome to TriLUG: http://trilug.org/welcome> >> --> This message was sent to: fendy > To unsubscribe, send a blank message to trilug-leave at trilug.org from that> address.> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug> Unsubscribe or edit options on the web :> http://www.trilug.org/mailman/options/trilug/bimasakti%40gmail.com> Welcome to TriLUG: http://trilug.org/welcome>-- This message was sent to: Matt Flyer To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilugUnsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/matt%40noway2.thruhere.netWelcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list